Defense Logistics Information Service
(DLIS)
Outline I. Introduction a. Scope b. Assign to departments c. Risk Matrix d. Risk mitigation plan e. Impact Analysis II. (BIA) f. Departments g. Business Impact h. Costs Analysis III. Recommendations (BIA) i. Business Impact Analysis Results j. Maximum Acceptable Outage IV. (DLIS) Business Continuity Plan a. Purpose b. Scope c. Plan Objectives d. Disaster definition e. Recovery teams f. Team member responsibilities g. Instructions for using the plan/Invoking the plan h. Data backup policy i. Offsite storage procedures j. In the
…show more content…
Key roles that will play a big part in the completion of this project will pertain to network security and reliability and client confidentiality.
Department Managers | * Departments will do a RA specific to their department. * Duties will be carried out by Supervisors. | Employees | * Employees will carry out task dependent on there department. | Assign to departments:
Risk matrix Level | Likelihood Definition | High | The threat source is highly motivated and sufficiently capable, and controls to prevent the vulnerability from being exercised are ineffective. | Moderate | The threat source is motivated and capable, but controls are in place that may impede successful exercise of the vulnerability. | Low | The threat source lacks motivation or capability, or controls are in place to prevent, or at least significantly impede, the vulnerability from being exercised. | *
Risk mitigation plan * Risk mitigation: The next major step in measuring level of risk was to determine the adverse impact resulting from successful exploitation of vulnerability. The adverse impact of a security event can be described in terms of loss or degradation of any, or a combination of any, of the following three security goals: * Loss of Confidentiality – Impact of unauthorized disclosure of sensitive information (e.g., Privacy Act). * Loss of Integrity – Impact if system or data integrity is lost by unauthorized
Lab #1 – Part A – List of Risks, Threats, and Vulnerabilities Commonly Found in an IT Infrastructure
The security ecosystems that are available in today’s IT environments are ill-equipped and are unable to
Defenselessness is a shortcoming in a framework or its outline that could be abused by a risk. Vulnerabilities are at times found in the conventions themselves, as on account of some security shortcomings in TCP/IP. Frequently, the vulnerabilities are in the working frameworks and applications. Composed security strategies may likewise be a wellspring of vulnerabilities. This is the situation when composed arrangements are excessively careless or are not sufficiently intensive in giving a particular approach or line of direct to organize overseers and
Regarding the four elements mentioned, “threat” deals with change, and when a person feels he/she has to make a change, unwillingly (Feist et al., 2013). An example the textbook gives is of a therapist working with a client, and trying to get the client to see things from a different perspective (Feist et al., 2013). The client may be hesitant to change; he/she has gotten comfortable with doing things a certain way which will make it harder for him/her to change.
Threats can come in many different forms, human and nonhuman. Some can cause harm, while others can cause no harm. “Advanced persistent threat attacks come from organized, well-financed, patient assailants” (Pfleeger et al., 2015, p. 15)
Further, Harris is clearly troubled by certain tactics taken by the NSA, such as when it has become aware of vulnerabilities in particular software or systems. On some occasions, the NSA has decided not to disclose those vulnerabilities or else it has encouraged firms not to cure them in order to permit the NSA to better identify the adversary and determine its goals. Harris also describes the tactic of injecting malware into an adversary’s computers and servers overseas, and shows that this tactic may have unforeseen
Thank you for responding to my discussion board post. You brought up an excellent point about using the proper tool for the job. In many case, depending upon the size of an organization and its information technology department, they may not properly use or implement the correct tools for the security task they want to complete or not utilize all of a systems or devices capabilities. This can also leave the devices that they implemented vulnerable.
Threats come in various forms but we must remember that threats are people not just malware.
Reports of computer security failures appear frequently in the daily new. Cite a reported failure that exemplified one (or more) of the principles listed in the chapter: easiest penetration, adequate protection, effectiveness, weakest link.
Zero Day Exploits where the assailant discovers a flaw ahead of the security community in raises the defense (Wadlow, 2009).
A threat agent is a specific component that represents a danger to an organization’s assets. And a threat is an object, person or entity that represents a constant danger.
In the Workstation Domain security controls are one of the biggest challenges. Physical security threats are concerns associated more with attackers who gain physical access to the premises. The attackers can cause physical destruction of equipment or sabotage the equipment. The attacker can sabotage the system if the attacker has sufficient knowledge of the system, such as a former employee, and gains access to the system and then renders the system unusable, or deletes and changes information.
1. Data Breach: A data breach is an incident in which sensitive, protected or confidential
The creation of a threat model is a way for organizations to be able to
We have to keep our security framework much hardened and solid with the goal that the likelihood diminishes. Yet, in the event that we neglect to do as such there are solid shots that the danger will happen, Carol Dekkers, Dave Zubrow, and James McCurley (February, 2007).