Signature Assignment: Improving Risk Across an Organization
For this assignment, you will write a paper for your selected organization and its industry
For this assignment, you will write a paper for your selected organization and its industry, which includes at least one significant academic theory, while devising a holistic approach to risk reduction.
Be sure your paper includes the following:
A holistic approach to cybersecurity risk to improve outcomes for the organization.
A focus on an integrated proposal that considers:
technology and people,
internal and external sources,
compliance and privacy,
supply chain risks,
threats and vulnerabilities, and
appropriate risk reduction activities.
Inclusive theoretical approaches while also leveraging frameworks and standards.
At least one diagram and table created by you to support information.
Length: 5 to 7-page paper, including diagram and table. You can use solutions within Microsoft, LucidChart, or another equivalent tool that you have to create your diagram.
References: Include a minimum of 5 scholarly resources in addition to those provided within the course.
Improving Risk Across an Organization
IT protection is a difficult sell. Upper management is used to thinking in terms of Return on Investments, and it can be difficult to calculate the return on something that “might” occur, such as a power outage or a hacker attack. Despite the fact that it is easier to justify the costs based on previous, well-documented events, some companies are still reluctant to devote resources to defense.
One of the most effective techniques is to set aside a certain percentage of every IT project to be spent on defense. For example, the cost of software to encrypt personal data such as Social Security Numbers may be included in an Identity and Access Management project. Furthermore, if the software agreement is properly negotiated, the same software may be allowed to encrypt other restricted data on other servers as well.
Unfortunately, exploiting events that occurred with other similar organizations is one of the simplest ways to raise funds. A breach of social security numbers at surrounding universities would undoubtedly raise concerns about your own university’s internal security. The students, and possibly the local media, will inquire about the security of their social security numbers. During these times, IT can obtain unexpected funds to strengthen the infrastructure’s security posture. It is important to have a plan in place at all times so that you can take advantage of these opportunities rather than wasting money on resources that are not needed.
A framework is a supporting structure for something else. Frameworks are used throughout the management literature when a large number of ideas need to be arranged in a way that many people will understand and remember (i.e., management frameworks facilitate the arrangement of similar concepts to achieve a purpose of interest).
Many risk management frameworks are common, including CERT’s OCTAVE, the International Standards Organization’s ISO 27002 (The British Standards Institution, 2015), and the National Institute of Standards and Technology’s NIST 800-39 guidelines on managing information security risk (NIST, 2020). Furthermore, leading vendors such as Microsoft and Google publish their own information security risk management guidelines. These recommendations present similar concepts and are the product of the industry’s best minds working together to handle IT risks. Any of these principles will be a great place to start when creating an information risk management plan for your business.
References
The British Standards Institution. (2015, July 31). Mapping the revised editions of ISO/IEC 27001 and ISO/IEC 27002.
National Institute of Standards and Technology. (2020). Security and privacy controls for information systems and organizations.NIST Special Publication 800-53, Revision 5.
Weekly Resources and Assignments
Review the resources from the Course Resources link below :
Risk Assessments: A Weighted Score Approach to Improving Risk Management Decisions
Crandall, K. S. (2020). Risk assessments: A weighted score approach to improving risk management decisions. 2020 Intermountain Engineering, Technology and Computing (IETC), Intermountain Engineering, Technology and Computing (IETC), 2020, 1–5.
Increased security breaches have made it more important than ever for businesses to detect, minimize, and remove potential risks. This paper will suggest a new approach for improving risk management models that are currently in use.
A Framework for Risk Management of Large-Scale Organization Supply Chains
Hong, T., & Kolios, A. (2020). A framework for risk management of large-scale organization supply chains. 2020 International Conference on Decision Aid Sciences and Application (DASA), Decision Aid Sciences and Application (DASA), 948–953.
This paper proposes a novel approach to supply chain risk management (SCRM), based on the creation of a risk assessment system that addresses the value of SCRM and supply chain visibility (SCV). The paper also addresses the particular risks within the manufacturing sector using quantitative analysis and empirical evidence. The paper states that supplier delays and low product quality can be considered predominant risks related to the manufacturing industry, based on survey data and a case study from Asia. However, since supply chain risks are intertwined, it is necessary to increase supply chain visibility to fully understand risk triggers that eventually lead to risk results. The system developed can be extended to various industries to alert organizations to current threats and trigger improvements in supply chain visibility, allowing risk management strategies to be modified. Organizations may use constructive risk reduction techniques to better control their exposure by identifying potential risk sources.
Supply Chain Risk Management
Greene, S. (2018). 11.1 Supply chain risk management (Lesson 12: Establish and maintain a security awareness, education, and training program) [Video]. In CISSP (2nd ed.). Pearson IT Certification.
The supply chain is the ecosystem of organizations, processes, people, and resources involved in providing a product or a service. The supply chain represents the steps it takes to get a product or service to the consumer or the end-user. The supply chain includes outsourced operations, and it definitely includes external providers.
Managing Supply Chain Risk
Greene, S. (2015). 1.17 Managing supply chain risk (Lesson 1: Security and risk management) [Video]. In CISSP. Pearson IT Certification.
In the CANA Information Bulletin, we address the Security and Risk Management domain. We need to integrate security risk considerations into acquisitions, strategy, and practice. This includes supply chain participants, risk and risk management, supply chain assurance, including SSA16 reports, SysTrust, and WebTrust principles, and certification.
Answer preview for this assignment, you will write a paper for your selected organization and its industry
1810 words