Cybersecurity Procedures (Arlyn)
Just like every other organization, Adius, LLC relies on information technology to manage their information, processes, and assets in order to thrive, conduct their business efficiently, and deliver their services effectively. However, no organization is immune from cyber-attacks and threats. In fact, cyber-attacks and threats have been increasing exponentially during the past few years. Having outdated and irrelevant cybersecurity procedures, policies and practices places organizations in greater vulnerabilities and risks. For this reason, cybersecurity procedures, policies and practices in place must be in line and be more relevant to the security needs of Adius, LLC.
In the recent event, Adius, LLC…show more content… In addition, internal audit could aid Adius to gain better understanding and insight on how they can better redesign and implement their security plan based on findings and results of the internal audits. This way, Adius could make a better utilization of their readily available resources or acquire new ones in order to properly protect, guard or at least minimize risks that could potentially compromise the systems, information, processes, and assets in a well-rounded and efficient approach.
As part of the internal audit, Adius should conduct a thorough risk analysis. Risk analysis will help Adius identify threats based on the value of the assets that need protection in order to determine their vulnerabilities, their likelihood of exploitation, and the potential impact to Adius if compromised in order to estimate the cost of defense measures that are needed (p. 421). The internal risk analysis is likely to be done based on the NIST 800-30 guidelines in order to identify risks, assess the risks, and taking rigorous measures to reduce risks to an acceptable level (NIST Special Publication 800-30, 2012). This way, Adius could better defend itself or at least minimize risks that could potentially compromise the systems, information, processes, and assets in the future.
In the light of recent data breach at Adius, the organization has been trying to determine reactively rather than