Explain How We Fix Our Security Goals To Improve Security Performance

1. The first objective that I specified was that blames should be legitimately reported, the reason that blames should be accounted for accurately is so that the issue administrator knows precisely what the issue is and what they are attempting to alter and when the need to settle

The following security and risk mitigation measures to be included in the current daily, weekly, quarterly, and/or yearly tasks.

There are three main factors that need to be addressed when examining physical and technical security. These are prevention, detection of threats, and finally the recovery of systems. Prevention’s goal is to stop breaches and thieves before they even have a chance to make a move. Prevention is one of the main goals of all cybersecurity. This prevention will be the first line of defence. Detection ensures that if the protections are breached that the cause and effect will be identified. These detections also help in changing the company’s security policies. Finally, is recovery is the way that the breaches are addressed. All systems affected will be restored in some fashion and further changes will be made to policy and documentations. If there is any physical damage, it will be fixed.

* Review the results of a qualitative Business Impact Analysis (BIA) for a mock organization

Another step involves security checks upon implementation and describes agency-level threat to the business scenario or the mission. It similarly entails sanctioning the information system for processing and lastly constant monitoring of the security controls. FISMA and NIST's standards are aimed at offering the ways for agencies to achieve their identified missions with safety commensurate with the threat (United States Department of Agriculture, 2015). Together with guidelines from the Office of Management and Budget (OMB), FISMA and NIST create a framework for advancing and growing an information security scheme (SecureIT, 2008). Such framework includes control descriptions and evaluation, program development, and system certification and accreditation. The final objective involves conducting daily functioning of the agency and achieving the agency's articulated objectives with sufficient security commensurate with risk.

|Review of Informational |Whether the Information Security Policy is|The security policy |Without the review of |Each policy should be |

Due to the lack in data security elements, the following recommendations are suggested: strategy and risk assessment. Overall data security begins with the identification of risks and the strategy on the solution to those risks. This can be accomplished through a Strength Opportunities, and Threats (SWOT) analysis. Strengths and weaknesses are derived from internal factors, such as employees, while opportunities and threats are derived from external factors, such as hackers (Value Based Management, 2011).

1. Why is risk mitigation and filling in critical security gaps an important next step after the security assessment is performed?

Among one of the missions of The U.S. Department of Homeland Security is to protect and preserve the security of the Cyberspace in the country. The principal objective of this Security Plan is to give instructions and direction for the Department’s workers and help the Homeland Security to create best practices and strategies in the IT security system.

Security Officers must obtain a consensus for which mitigating controls are key, which can be a trying negotiation between the CISO, Chief Technology Officer, Cyber Threat Intelligence (CTI), Infrastructure Engineering, Audit and Assurance teams, and the Investment and Audit committees. How do you harness your entire organization to focus on a common agreed-upon list of key security controls?

Identify what you see as the main purpose of security management and discuss what is meant by the statement that ‘security measures must be commensurate with the threat’.

The Main Purpose of Security Management and Security Measures must be Commensurate with the Threat

As global security continues to grow exponentially in response to threats of cyber terrorism, the field of computer security continues to proliferate into many adjacent socioeconomic and technologically-based areas of society. Gartner Group, a leading market research in the enterprise IT industry, has stated that the worldwide market for security software will reach $21B in 2011, rising to $15.8B in 2015 (Karjalainen, Siponen, 2011). This rapid growth of computer security is also driving the development of entirely new patents in the areas of cryptography, enterprise security management strategies, and extensive support for more advanced programming features for securing enterprise networks (Albrechtsen, 2007). The pace of development in this market is accelerating as the sophistication and variety of threats continues to also exponentially escalate (Liang, Xue, 2010).

Consequences of failing. The goals set the vision, and the objectives are the specific results that must be obtained to achieve success. Regardless of what the business assets that are to be secured, information or technical assets, physical plant, personnel, the organization must have a security strategy that can be implemented, measured, and revised as the business climate and operational environment change ( Caralli, 2004). Failing to ensure the safety of secured information can have devastating consequences. One great example, on September 16, 2010 one of the most prestigious hospitals in the

The purpose for an IT security policy is to provide “strategy, policy, and standards regarding the security of and operations in cyberspace, and encompasses the full range of threat reduction, vulnerability reduction, deterrence, international engagement, incident response, resiliency, and recovery policies and activities, including computer network operations, information assurance, law enforcement, diplomacy, military, and intelligence missions as they relate to the security and stability of the global information and communications infrastructure” ("Cyberspace policy RevIew", 2016).