If I will newly hired as IT Security Manager of a medium size business of 400 employees and have 6 personnel in our security department. My company CIO asked about the security plan of company, as a manger of IT company, I need to secure the data of company is my responsibility. Security strategy plan helps to prepare an organization to face any type of unwanted security issues. As a security manager first thing I will do the Identification of threat, assessment of risk and controlling and mitigation actions should be planned, implementation of recovery strategies and continuity planning, and final step is documentation.
I will plan my thoughts in an order
• Establishing security roles and responsibilities
• Training to …show more content…
Maintaining the security for a network can be challenging task. Hackers often seem to be one step ahead of network users, even those who are following the best security practices. However, securing the network is essential to protecting for privacy, reducing the risk of identity theft, and preventing hackers from steal of important data. Before company reconnect the network can take a security practices for protecting company sensitive information and data by preventing, detecting, and responding to a wide variety of attacks. I will provide more security for our company network by constructing firewalls and regular updating the login and password credentials (Whitman, Mattord, & Green, …show more content…
The goal at this point is to create a method for evaluating the relative risk of each of the listed vulnerabilities. There are many detailed methods for determining accurate and detailed costs of each of the vulnerabilities. Likewise, there are models that can be used to estimate expenses for the variety of controls that can be used to reduce the risk for vulnerability. I will provide the continuity planning procedures; if any incident happens to the data of company the remaining operations no need to stop. It will help to continuing the operations (Whitman, Mattord, & Green, n.d.).
Recovery strategies and crisis management: As a manger I will use the mitigation control and recovery strategies for an incident. The mitigation is used to reduce the impact caused by the exploitation of vulnerability through planning and preparation. In this includes the business continuity planning. Acceptance is the other strategies to protect the information assets and to accept the outcome of its potential exploitation.
Implementation of security
I will plan my thoughts in an order
• Establishing security roles and responsibilities
• Training to …show more content…
Maintaining the security for a network can be challenging task. Hackers often seem to be one step ahead of network users, even those who are following the best security practices. However, securing the network is essential to protecting for privacy, reducing the risk of identity theft, and preventing hackers from steal of important data. Before company reconnect the network can take a security practices for protecting company sensitive information and data by preventing, detecting, and responding to a wide variety of attacks. I will provide more security for our company network by constructing firewalls and regular updating the login and password credentials (Whitman, Mattord, & Green, …show more content…
The goal at this point is to create a method for evaluating the relative risk of each of the listed vulnerabilities. There are many detailed methods for determining accurate and detailed costs of each of the vulnerabilities. Likewise, there are models that can be used to estimate expenses for the variety of controls that can be used to reduce the risk for vulnerability. I will provide the continuity planning procedures; if any incident happens to the data of company the remaining operations no need to stop. It will help to continuing the operations (Whitman, Mattord, & Green, n.d.).
Recovery strategies and crisis management: As a manger I will use the mitigation control and recovery strategies for an incident. The mitigation is used to reduce the impact caused by the exploitation of vulnerability through planning and preparation. In this includes the business continuity planning. Acceptance is the other strategies to protect the information assets and to accept the outcome of its potential exploitation.
Implementation of security