When a security incident occurs, a technician might limit his or her actions to fixing the failure. As the CIO, you are responsible for identifying ways to prevent future recurrences of the problem. To do so, you would review policies, procedures, and chronology to understand the vulnerability and how it was exploited. What would have to change to prevent a similar incident in the future? Is it cost-effective to implement this protection? Answering these questions allows organizations to learn and evolve.
***
WE WRITE PAPERS FOR STUDENTS
Tell us about your assignment and we will find the best writer for your project.
Write My Essay For MeYou are in your first week as the new CIO. You have started to settle into the job and meet the other executives. You are starting to get some ideas to improve customer response time and reduce costs by streamlining the support desk, but you want to get to know some of the personalities better before you launch any initiatives. The other day, you found a dusty copy of the corporate information security policy. Either the former owner knew the rules by heart or never bothered to read them.
You are a few minutes late to work this morning due to an accident on the highway. According to the radio, it was a minor accident, but traffic is moving slowly. You have 10 minutes before the CEO’s staff meeting, just enough time to check e-mail and send a quick response or two. Most of the messages are routine, mainly copies that you really do not need. Wait—there is a report of a minor security incident.
To prepare for this Assignment, create a logbook (a word-processing document). The purpose of this logbook is to capture a complete record of this course’s problem-based scenario and your actions as they unfold throughout the course. Next, review the Week 1 Security Briefing document, located in this week’s resources, to learn about the minor security incident. Also, familiarize yourself with the information security policy.
In your logbook, record the chronology of the security incident as you understand it. Write your response, including simulated orders to people who you, as CIO, may supervise. Explain what you expect each action to accomplish. As a minimum, record the following:
Date/time
Incident reported
Possible causes of the incident
Task descriptions
Tasks assigned to (by name or title)
Next, address these topics in a 2- to 3-page analysis:
A diagnosis of the problem
How to correct the immediate problem (action items)
What reports or notifications are required
How the security policy (or its implementation) failed so this incident could happen
Changes that will address the reported vulnerability and/or improve incident response for this type of situation
Tasks assigned to other departments, if applicable
Now, write a 1- to 2-page memo to communicate relevant facts to the legal team. This memo could be discoverable, so avoid personal thoughts, opinions, analyses, or interpretations. The goal of this memo is to file the appropriate paperwork and initiate any notifications required by law. Address the following points:
A clear problem summary
Facts that support the problem
A reminder of legal responsibilities (from your perspective as the CIO)
Actions are taken by IT to address the problem
A request to address communications to the customers
Finally, draft a 1-page memo to the organization that summarizes the issue and what the IT team is doing to manage it. Address the following areas:
The problem and its potential effects on the organization (in business language, not tech-talk)
The effect on business
What is being done to address the stakeholders
SAMPLE SOLUTION
Updated Security Policy -1
Chronology of The Security Incident
Date/time: 30th January 2021
Incident reported: malware event
Possible cause of the incident: Phishing activity to the company network system.
Username: ITCorps_incidence_response
Department: Information Technology and cyber security systems.
Severity of the incident: Moderate
Policy changes it might have triggered: The user policy including the expect activities and conduct when access the information system.Secondly, the user device policy. Third party vendor policy.
Status: Pending
Task Description: To investigate the attack’s depth and recommended cyber security system to prevent such incidents in the future.
Task assigned: In an organization that users a cyber-security system, all the persons involved have a responsibility. Employees should abide by the organization’s set policy using the network…
Order Original and Plagiarism-free Papers Written from Scratch:
