Critique discussion post below-Just half page

I don’t know how to handle this Science question and need guidance.

To: CCISO

From: daclas smitt

Date: 30 March 2020

Re Memo on Identification and Selection of IT Security Controls

Introduction

As the security gap identified by the M&A Team contributed to the bankruptcy of Island banking Services. These factors have given a gap to the company and the security controls have been compromised. So, I would like to suggest some security controls which would help the organization not to face this problem again.

Security Controls

It is necessary to maintain effectiveness and cost for designing an IS control. If we see the first level it requires defining the main controls and the design through which they detect, protect or correct the assets under the attack. The NIST defines this first layer as high-level control. ISO 27001 provides out the list of key effective controls. Designing a control also requires fully accredited with the attributes (Ross, 2014).

The cybersecurity framework that should be implemented accordingly is access control, awareness training, data security, maintenance, protective technology. We will be discussing some of the frameworks controls and how it will help in protecting Island Banking Services (National Institute of Standards and Technology, 2018).

Access Control

Access control uses technology to perform the work and this technology is highly recommended to protect the asset management of the bank. The access control has to check about all the assets of the bank is protected and also see that these are being safe and protected well from all the process of being lost or hacked. The access control is important because it will help to keep a check on the asset of the bank and see that they are safe (Schreider et al., 2018).

Awareness Training

Awareness Training is a manual process where the employees should be trained about the problems that the bank has faced and how it can be overcome. Every employee should be given some training and how they will implement those training in fighting cybercrime and this training will teach them some basic activities and it will help the organization and also the data will be more secure (Schreider et al., 2018).

Data Security

Data security uses a technology process where the data of the organization is protected through the uses of different technology. The data are kept safe by installing firewalls on the computer, giving the password on every machine, not allowing to use malicious websites, blocking those websites which might be harmful for the organization. Educating the employees about the possible causes of data loss and trying to not open any emails which can be malicious. Data Security is important for the organization to sustain out and protect the data so this data can be protected and should not be attacked by the cybercrime (Schreider et al., 2018).

Maintenance

Maintenance is a manual process where the organization should create a group to maintain all its asserts and check whether all their process is running smoothly or not. These processes will be useful for checking whether all the assets are in the correct place or not. The maintenance team needs to see that there be any type of data breaches in recent times or not. So the maintenance team is important because they need to check about the safety of the data and also the organization (Schreider et al., 2018).

Protective Technology

The protective technology is being used to protect all the assets of the company as well as to see that every data and all assets have been protected thoroughly and to see if these protective measures are helping to stop the data from getting breached or lost. All the processes are being done on the basis of making the process easier and familiar and these processes will help to check out whether there is any process of saving out the data from getting breached (Schreider et al., 2018).

Summary

To protect the organization from getting breached or attack from cybercrime it is necessary to implement a framework so that all the important data will be protected as all the data are very important for the organization. Every organization has a different aspect of doing the work and all the work are important and necessary to be protected from getting breached. It is the responsibility of the organization to impose some strict rules and develop a framework that would help the response team to work accordingly and it will also help to reduce the number of attacks on the company.

References

National Institute of Standards and Technology. (2018). Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1. National Institute of Standards and Technology. https://doi.org/10.6028/nist.cswp.04162018

Ross, R. S. (2014). Assessing Security and Privacy Controls in Federal Information Systems and Organizations: NIST Special Publication 800-53A. https://doi.org/10.6028/nist.sp.800-53ar4

Schreider , T., Svetcov, E., Williams , K., Fitzgerald , T., Gomez-Sanchez, J., Rayle, K., & Baklarz, R. (2018). Certified Chief Information Security Officer (3rd ed.). Retrieved from https://bookshelf.vitalsource.com/#/books/CCISO-E/cfi/13!/4/4@0.00:48.6