Your task is Cybersecurity Director to develop an Organizational Strategic Security Plan to defend against Cyber Attacks. This plan includes strategies and plans for security architecture consisting of tools, techniques, and technologies to detect and prevent network penetration, and to design effective Cybersecurity counter measures.
For the purpose of this assignment, your plan is only required but not limited to have the areas outlined under the requirements listed below:
Introduction (your fictitious organization "Skyward" background and IT architecture)
Develop an Organizational Strategic Security Plan that does the following:
1. Establishes a Security Awareness & Training Program
2. Defines Policy and Compliance for your organization
3. Addresses Intrusion Detection and Prevention Tools and Techniques
4. Defines Vulnerability Assessment and Penetration Testing Procedures
5. Establishes a Disaster Recovery Program
6. Defines Defense in Depth principles
Security Awareness & Training Program
Being cyber security director various training programs and security awareness is created. They launch awareness so that it reduces the risk of cyber security. Thus training is provided so that they can overcome all the security issues. Security awareness programs are important as they reinforce security and responsibility in the company. Training programs are organised in an organisation which tells about all kind of attacks so that at time of security breach they could take proper steps (Abrams & Weiss, 2018).
Security awareness is done by communicating all the concept of cyber security among employees. For spreading awareness a security handbook is shared among all the employees and training programs are helpful for both new hires as well as on-going employees. Security awareness and training programs guarantees that security control and steps are decided.
The benefits of cyber security awareness and training help in exposure to cyber security risks. They also lower the frequency of cyber related attacks and also save the times by possibly finding all the flaws. The training program covers the organisational policies, culture, procedures and threats. The training session covers new threats and involves all the business culture.
Policies and Compliance for your organization
There are various security threats due to cyber-crimes. Thus as a director various policies are designed that covers providing appropriate rights to the employees about who can read, write and modify the system. The access is limited to only valid users. The policies cover the details regarding who can access the system. There are viruses and attacks that weakness the security of the network thus encryption of data is done (Todev, 2015). The information is encrypted so that even if hackers or third party access the data they cannot read the actual data.
Cyber security policies are a set of rules and regulations that are designed for an organisation so that security breach does not occur within an organization. These policies basically determine who is responsible to access the data. The policies include updating the software’s and implements security audits for the management. The policies states that regular data backups need to done so that at time of security breaches it do not cause loss to an organisation.
Intrusion Detection and Prevention Tools and Techniques
An intrusion is a bug that soils the confidentiality, integrity and availability of a network. Thus it is important to monitor these events so that it does not allow access to resource by unauthorised users. For this intrusion detection technique is used to be aware about all the intrusion that penetrates in the network by taking predefined actions like blocking of IP addresses. The detection system is used to keep an eagle eye on the system. Intrusion Detection in a system is the main part as it identifies the incorrect behaviour in the system caused by attack (Ashfaq, Wang, Huang, Abbas & He, 2017). It is software that uses a signature list of possible malware and designs policies to give alert regarding an attack. It creates signature list of threats and compares it with any upcoming malware on the network, so that abnormalities don’t penetrate in the system. It helps in organizing and understanding the aim of security and control measures.
It also checks the network traffic and trails that network that is not misused or accessed by third party. It aims in catching the attacker before it cause real damage on the network. Among various network intrusion detection technique, Snot is commonly used intrusion detection system. It is available for free ad helps in detecting threats. It provides user friendly interface for managing security issues.
Vulnerability Assessment and Penetration Testing Procedures
Penetration testing is a way to test the weak portions of the system and the areas were vulnerabilities have hit the system. There are various tools that follow penetrating testing procedure like nets parker, metasploit, Nessus and many others. These are kind of scanners that watch the network from inside out. They scan the system for finding the weak spots so that steps could be taken to recover from such vulnerabilities. These frameworks are based on the concept of exploiting the security measures. Security assessment tools suggest the evaluation of attacks so that vulnerabilities do not exploit in the system (Veracode, 2017). Vulnerability assessment tools helps in discovering the flaws in the system so that alerts could be provided regarding all the pre-existing bugs. Penetration test is an attempt that deals with all the vulnerabilities by fixing all the bugs. They provide a more detailed view about all the threats and flaws that exist in the system. After finding the flaws they find the ways to mitigate the flaws by fixing them.
Disaster Recovery Program
If any cybercrime attacks the system there are various disaster recovery plans that are pre-defined. It covers taking a complete backup of the system so that at time of system failure it does not affect the working of an organisation. The disaster recovery programs are designed to protect the data assets after the data breach. It is an approach that is used to prevent the network from the root cause of all the threats (Shacklett, 2015). They protect the data by using a new cyber security plan to ensure that confidentiality integrity and availability is maintained. They recovery plans include using firewalls so that all the vulnerabilities are blocked and viruses are addressed (Donaldson, Siegel, Williams & Aslam, 2015). The recovery plans for cyber security covers a strict access control that prevents data to be accessed by unauthorised user.
Defence in Depth principles
It is a principal that provide assurance that information is secured throughout the system. It provides security control throughout the system. The main idea behind this principal is to defend the system against all the attack by using several methods. It is basically divided into three parts that is physical, technical and administrative (Ahmad, Maynard & Park, 2014). The physical control deals by preventing the assets to be used by invalid users. The technical control involves in protecting the entire technical framework like disk encryption, fingerprints, security directories and all the system. Defence in depth is the synchronized security countermeasures used to protect the integrity of the data assets in an organisation (Ibrahim, Hamlyn-Harris & Grundy, 2016). The principal is based on military to defeat the enemy to penetrate in the system.
Abrams, M., & Weiss, J. (2018). Malicious control system cyber security attack case study–Maroochy Water Services, Australia. McLean, VA: The MITRE Corporation.
Ahmad, A., Maynard, S. B., & Park, S. (2014). Information security strategies: towards an organizational multi-strategy perspective. Journal of Intelligent Manufacturing, 25(2), 357-370.
Ashfaq, R. A. R., Wang, X. Z., Huang, J. Z., Abbas, H., & He, Y. L. (2017). Fuzziness based semi-supervised learning approach for intrusion detection system. Information Sciences, 378, 484-497.
Donaldson, S., Siegel, S., Williams, C. K., & Aslam, A. (2015). Enterprise cybersecurity: how to build a successful cyberdefense program against advanced threats. Apress.
Ibrahim, A. S., Hamlyn-Harris, J., & Grundy, J. (2016). Emerging security challenges of cloud virtual infrastructure. arXiv preprint arXiv:1612.09059.
Shacklett. M. (2015). 10 ways to develop cybersecurity policies and best practice. Retrieved from https://www.zdnet.com/article/10-ways-to-develop-cybersecurity-policies-and-best-practices/.
Todev. N. (2015). Here’s How to Develop a Cybersecurity Recovery Plan. Retrieved from https://www.onr.com/blog/heres-develop-cybersecurity-recovery-plan/.
Veracode. (2017). Vulnerability assessment and penetration testing. Retrieved from https://www.veracode.com/security/vulnerability-assessment-and-penetration-testing.