Cyber security tools are available to organizations requiring integration of its problem management, configuration management, and incident management processes.
The CEO and CIO need you and your team to create an IRP and change management plan. These plans will help the organization choose the appropriate cyber security tool.
Part I: Incident Response Plan
Incident response is a disciplined methodology for managing the aftermath of a security breach, cyberattack, or some other security incident. An IRP provides an organization procedures that effectively limit the impact on the data, system, and business and reduces recovery time and overall cost.
Create a 1- to 2-page IRP Microsoft Word for the organization you chose in Week 1. In your plan, ensure you:
- Discuss roles and responsibilities.
- Discuss the critical activities for each of the 5 phases in the incident response process.
- List at least 3 cyber security tools that work together to monitor the organization’s network for malicious and abnormal activity.
Part II: Change Management Plan
Change management plans define the process for identifying, approving, implementing, and evaluating necessary changes due to new requirements, risks, patches, maintenance, and errors in the organization’s networked environment.
Create a 1- to 2-page Change Management Plan in Microsoft Word for your chosen organization. In your plan, ensure you discuss:
- Roles and responsibilities
- The use of swim lanes and callouts
- Who should be involved in developing, testing, and planning
- Who reviews and signs off on the change management requests
Briefly describe how a change management plan reduces the organization’s risk from known threats.
Part III: Cyber Security Tool Comparison
Create a 1- to 2-page table that compares two of the industry standard tools that integrate incident management and change management.
Recommend the best tool for the organization to the CEO and CIO. Explain how it maintains compliance with the organization’s regulatory requirements.
Format your citations according to APA guidelines.
Encryption Methodologies to Protect an Organization’s Data Paper
Encryption Methodologies to Protect an Organization’s Data Paper 8
Encryption Methodologies to Protect an Organization’s Data Paper
David Dorsaima
CMGT/431
December 1, 2019
Steven Powelson
Encryption Policy for an Organization
The security of an organization is one of the key factors that determines success. In a world where technological advances have been made in all sectors, there is a need to ensure that robust measures are put in place to manage the prevailing situation. Lights on Dance (LOD) must also be able to initiate an encryption policy that would prevent loss of the critical data that has become a common scene in most organizations. We must keep in mind, zero loss is rare, but still is LOD goal. Hackers and malicious individuals have often taken advantage of any loopholes within an organization`s structure to steal and destroy any critical data for the organization. Therefore, such loopholes must be effectively managed by putting into place policies that would prevent the loss of such crucial data (Basmov et al. 2016).
LOD has a plethora of sensitive data that must be taken care of and monitored to ensure that this data isn’t lost or compromised. Examples:
· User/Customer information: Crucial data for LOD’s long term success. The sensitive data might comprise of names of the clients/Users, email, addresses, payment information, application attributes and/or social security numbers.
· Employee data: Similar to Customer/User data, our database may comprise of employee’s address, email, payment/payroll details, social security numbers and data associated with credential processing.
· Proprietary Data: (Intellectual property and trade secrets) All companies have secrets behind success that they rely on when making critical decisions.
· Operational information: All the details in the inventory books are usually sensitive company data that should not be disclosed to the public.
Therefore LOD’s encryption policy shall be in place to ensure crucial data points are effectively managed to prevent data loss.
Asymmetric and Symmetric Encryption Methodologies
The security of sensitive data is a matter of priority, that must be fully taken care of to ensure intrusion doesn’t take place. The best encryption method must be used to protect the data within the network. Therefore, in this case, we highlight some of the best available encryption keys that can always be used to protect our data. Asymmetric encryption method: Usage of both private and public keys to encrypt and decrypt messages. The sender and receiver must have the decryption keys to access the data. This is commonly used by the PKI in which the user’s information is kept away from unwanted hands, thus preventing threats and damage posed by intruders (Budish, Burkert & Gasser, 2018).
On the other, there is an asymmetric encryption method in which there is a single key that has to be shared among all users. In this case, the users must have this key to be able to access these sensitive data. In this case, there are TLS and SSL which are cryptographic protocols designed to provide communication security whenever used. They provide instant communication through messaging, emailing, web browsing and voice over IP. Therefore, LOD shall be able to incorporate these protocols, which would ensure mitigation of data loss.
Common Security Threats
There are various ways in which LOD might be exposed to threats and potential data loss. For instance, the issue of social engineering and phishing in which the employees might unknowingly or knowingly give access to critical data to unwanted persons. This is usually determined when the damage has already been done. It can be prevented by training employees on such issues (Byrne, 2018).
In addition, preventing poor password practices, while also discouraging entry/access from unwanted person, is a great step in the right direction. In most cases, employees often use passwords commonly used and known in the public domain, thus making it easier for an intruder to take note of such loopholes and attack from there.
Implementation of Encryption Methods
Protection of LOD’s sensitive data can only be done by implementing the use of an encryption method. Therefore, there should be the use of PKI, SSL, and TLS to ensure that all sectors of the company are well secured. This means that there must be the use of both primary and public keys for anyone that seeks to access data from the organization by the use of PKI. On the other hand, one must have a primary key to access data when using both TLS and SSL which are highly reliable and efficient when used.
References
Basmov, I., Nyström, M. B. G., Semenko, A. M., MacIver, D. M., & Li, D. (2016). U.S. Patent No. 9,477,614. Washington, DC: U.S. Patent and Trademark Office.
Budish, R. H., Burkert, H., & Gasser, U. (2018). Encryption Policy and its International Impacts: A Framework for Understanding Extraterritorial Ripple Effects.
Byrne, S. (2018). U.S. Patent No. 10,104,044. Washington, DC: U.S. Patent and Trademark Office.