NETS1015 Security Management

People, technology, processes, and structure in security information systems play an inevitable role in managing practical aspects of information security systems (Klju?nikov, Mura & Sklenár, 2019). In this security awareness training document, an effective idea on security management parameters will be defined by stating transparent views on breach description, media sanitization, mitigation approaches, legal consideration, ethical contexts, CIA security model and its role in implementing information security training program. Finally, elements to consider during the training program implementation will be done to ensure a transparent process briefing.

Breach response strategies

Some core strategic responses against common threats or breaches that must be followed are:

• Reviewing potential threats in different operational areas will be the first strategic consideration as it would help to identify critical areas of threat that needs to be focused upon by implementing a weekly threat analysis plan and mitigation strategies
• Creating an incident response plan against the identified risk areas would be the next stage as it will help the organization with a documented plan of action to combat critical risks associated with a project
• Establishing a dedicated response team to handle information security breaches such as phishing, intrusion, SQL injection and others can be strategized as it will help to identify critical violations in their early stages

Media sanitization considerations

Media sanitization can be contemplated as a process by which data is irreversibly removed from a specific media or the media where a piece of particular information is kept safe is completely destroyed (Ahmad et al., 2020). The process of information media sanitization is usually done following the standards and technicalities mandated by NIST 800-88 Revision 1, Guidelines for Media Sanitization. As per the guidelines, media sanitization can be done considering the following processes:

• Disposal of media by discarding a specific media
• Clearing media that makes data of a specific media unreadable through actions like overwriting
• Purging tend to remove data more robustly and protects the extracted data from laboratory-grade attack
• Destroying media that ensures non-usability of data

Mitigation approaches with Legal and ethical considerations

Information security breach mitigation to provide a cohesive development approach across an entire IT ecosystem needs to be confirmed for managing access of the most valuable data (Aldawood & Skinner, 2018). The following mitigation strategies can be primarily taken into account for effective strategic procedural development:

• Limiting access to useful data of the institution would help to mitigate critical challenges associated with different breaches such as malware attacks, SQL injections or intrusion commanded by an insider
• Compliance with third-party vendors for managing essential issues of a security breach
• Conducting regular security awareness training for helping employees stay up to date
• Continuously monitoring network traffic for avoiding denial of service or similar attacks

According to the recent mandates of Cybersecurity Law 2022: section 430 (1.1) of the criminal code, obstructing, interfering or interrupting lawful usage of data or nullifying the access of data to a specific person who is entitled to access it will receive a severe penalty (Global Group, 2022). Thus, adherence to the regulatory aspect is primarily needed. Besides, consideration of ethical parameters for disclosing the risks when they are known needs to be taken into account as it may help stop a breach.

CIA security model

The confidentiality, Integrity and Availability (CIA) triad is also known as a model designed to guide IS policies within an organization (Covert et al., 2020). The model effectively consolidates the components mentioned above and protects data from breaches. Primarily, the confidentiality context is associated with secrecy and data sensitivity which needs to be covered in an organization for all data. Ensuring the elimination of unauthorized modification intentionally or unintentionally can be essentially done based on this specific context. Apart from that, the core aspect of availability provides information available to authorized users whenever needed. This model helps to maintain a proper idea of security parameters in a cohesive manner.

                                                                         Figure 1: CIA security model

Role of the model in implementing IS training program

This CIA security model can predominantly help implement the IS training program as it ensures vital security feature enablement that assists in managing a proper approach to compliance. Additionally, providing business continuity as well as preventing overall reputational damage can be essentially done with the help of the CIA security model. Apart from that, the model will eventually assist the training program by enabling understanding of different IS factors that reduce the chances of a breach.

Elements to consider during training program implementation

Training program implementation can be effectively done by adopting effective as well as long-term training strategies (Reshan & Saleh, 2021). The core elements that must be considered during appropriate training program implementation can be defined as follows:

• Assessing training needs for different levels of employees
• Setting organizational training objectives
• Creating a proper training action plan
• Utilization of education and training materials
• Transferring knowledge, abilities and skills to individuals

References

Ahmad, A., Desouza, K. C., Maynard, S. B., Naseer, H., & Baskerville, R. L. (2020). How integration of cyber security management and incident response enables organizational learning. Journal of the Association for Information Science and Technology, 71(8), 939-953. https://asistdl.onlinelibrary.wiley.com/doi/am-pdf/10.1002/asi.24311

Aldawood, H., & Skinner, G. (2018, December). Educating and raising awareness on cyber security social engineering: A literature review. In 2018 IEEE International Conference on Teaching, Assessment, and Learning for Engineering (TALE) (pp. 62-68). IEEE. https://www.researchgate.net/profile/Hussain-Aldawood/publication/330293734_Educating_and_Raising_Awareness_on_Cyber_Security_Social_Engineering_A_Literature_Review/links/5d9ae3c192851c2f70f21bf8/Educating-and-Raising-Awareness-on-Cyber-Security-Social-Engineering-A-Literature-Review.pdf

Covert, Q., Steinhagen, D., Francis, M., & Streff, K. (2020, January). Towards a triad for data privacy. In Proceedings of the 53rd Hawaii International Conference on System Sciences. https://scholarspace.manoa.hawaii.edu/bitstream/10125/64277/1/0433.pdf

Global Group. (2022). Cybersecurity 2022 | Laws and Regulations | Canada | ICLG. International Comparative Legal Guides International Business Reports.

Klju?nikov, A., Mura, L., & Sklenár, D. (2019). Information security management in SMEs: factors of success. Entrepreneurship and Sustainability Issues, 6(4), 2081.

Reshan, A., & Saleh, M. (2021). IoT-based Application of Information Security Triad. International Journal of Interactive Mobile Technologies, 15(24).

Which subject do you need assignment help for? Are you looking for physics assignment help or law assignment help? Do you need programming assignment help? From English to Psychology assignment help, we cover all subjects in your academic curriculum. We have handpicked qualified assignment writers for each subject. The experts are also native English speakers, thereby ensuring that you will get a perfect paper from us. We also have a brilliant team of essay helpers who are familiar with all types of essays. Get essay help from the eminent experts at your convenience.