Post Project Proposal – Information Security Risks and Disaster RecoverySecurity Overview in an IT infrastructure
My proposed topic is “Information Security Risks and Disaster Recovery.” Cybersecurity
is an important field in the IT sector now that most devices have become more reliant on the
internet. Working on Information Security Risks and Disaster Recovery will provide some
essential features. D. Smith (2020) argues that studying the information security risks will help to
stay ahead of possible attacks.
Managing these risks would lead to the development of management policies, practices,
or procedures to identify and establish, then evaluate and analyze and finally monitor and treat
the information security risks. Depending on established needs after the assessment, a framework
can be implemented to mitigate the risks. An example of a framework that the paper will analyze
is NIST (National Institute of Standards and Technology). This framework does not treat the
threats with the same tools and intensity. Instead, the prioritization in the system takes care of the
primary targets. This prioritization makes NIST a very cost-effective network, a flexible one that
could change its focus whenever it is needed. Ernie Hayden (2014), a Security consultant, states
that even when NIST was launched, many people doubted its capacity and defense capabilities.
However, in the end, the advantages outnumber the disadvantages. What I want to understand
more is the differences between frameworks like NIST or COBIT (Control Objectives for
Information and Related Technologies) and what frameworks to choose for different scenarios.
My research question is: Which framework best suits various use cases of Information Security
Risks and Disaster Recovery? The goal is to select the best possible and most viable solution
among the available frameworks. The audience would be CIOs or Information Security Officers
searching for a framework solution for their companies.
I will analyze the Disaster Recovery solutions in the second part of the paper. In case
outside incidents might happen within a company’s network, a very important step would be to
ensure that the organization will be prepared for some unwanted scenarios. It is critical to
creating solutions to prevent and manage any situation that might arise. The Disaster Recovery
team will develop an “Incident Response Plan” and will set it in motion. Another step would be
to train the organization staff for the things that will come next. Testing must also be done in a
realistic way to uncover any unwanted legacy systems, network issues, operational or
management issues, or agent collisions. Five main steps need to be followed in case of a Disaster
Recovery situation. Identifying the risk is the first step and probably the most important one.
Without clear identification, practically everything else that follows will be in vain. Creating a
Disaster Recovery team will be the second step in operation. This team will have clear goals and
vast knowledge needed to overcome any issues. Determining the Response Action items is the
third step of the Recovery plan. After securing the response items, the Point Objective and the
Time Objective that will be done after the recovery will be concluded. The last step in the
recovery will be implementing the backup, either locally or from the Cloud.
Knowing about the Information Security Risks and the Disaster Recovery steps is crucial
in the IT field. Network Attacks represent a massive threat in society, as the base of everything is
information currently. If this data is corrupted or used by the wrong hands, disastrous
consequences might follow. IT security is becoming increasingly important in business dealings
for a firm, company, or government. Security must be a never-ending task, and research and
development of new defense systems have to be prioritized in every field.
Works Cited
Alsinawi, Baan. “ISACA Now Blog”. Is the NIST Cybersecurity Framework Enough to Protect
Your Organization? 2018. https://www.isaca.org/resources/news-and-trends/isaca-nowblog/2018/is-the-nist-cybersecurity-framework-enough-to-protect-your-organization.
Accessed 18 Jun 2022.
Ashford University. INF220 Week Four Informative Systems – Network Technologies
Development Approaches. 2016.
https://ashford.mediaspace.kaltura.com/media/INF220+Week+Four+Information+System
s+-+Network+Technologies+Development+Approaches/0_np0hexf9. Accessed 18 Jun
2022.
Cobb, Michael. “Mitigating risk-based vulnerability management challenges”. 5 steps to achieve
a risk-based security strategy. 2021. https://searchsecurity.techtarget.com/tip/5-ways-toachieve-a-risk-based-security-strategy. Accessed 18 Jun 2022.
Cipher Space. “IT Security Controls”. Top 5 IT Security Controls – What to Do and How to Do
It. 2021. https://www.cipherspace.com/blog/it-security-controls/. Accessed 18 Jun 2022.
Garcia, Mike. “Center for Internet Security”. The big three… in their own words. 2019.
https://www.nass.org/sites/default/files/events/2019%20Winter/CIS.pdf. Accessed 18 Jun
2022.
Hayden, Ernie. “Tech Target”. NIST cybersecurity framework: Assessing the strengths and
weaknesses. 2014. https://www.techtarget.com/searchsecurity/video/NIST-cybersecurityframework-Assessing-the-strengths-and-weaknesses. Accessed 18 Jun 2022.
Intellect Soft. “Blog”. COBIT vs ITIL: Choosing an IT Governance Framework. 2017.
https://www.intellectsoft.net/blog/cobit-vs-itil/. Accessed 18 Jun 2022.
Petters, Jeff. “Data Security, Threat Detection”. What is an Insider Threat? Definition and
Examples. 2019, https://www.varonis.com/blog/insider-threats/. Accessed 18 Jun 2022.
Smith, David J, and Kenneth GL Simpson. Cyber Security. 2020.
https://www.sciencedirect.com/topics/engineering/cyber-security. Accessed 18 Jun 2022.
Zhang, Shenghan, and Hans Le Fever. “Journal of Economics, Business and Management”. An
examination of the Practicability of COBIT Framework and the Proposal of a COBITBSC Model. 2013. http://www.joebm.com/papers/84-M021.pdf. Accessed 18 Jun 2022.