My main goal is to conduct a CIA Triad (Confidentiality, Integrity, and Availability) to the information system by providing and ensuring this is practiced by my employees. But before being able to manage these goals I would have to look deep into the company vulnerabilities and reduce any possible risk to an acceptable level. There are several decisions I can make upon the risk findings discover such as Risk Mitigation. In this process patches may be install to help reduce the risk or fix the problem that originated. With the standards, regulations, and policies implemented a guidebook will be form that will show the guidance to take if certain threats arise that can harm the company. It will also show what is expected of the employees, their rights and the consequences that follow. But in order for me to do this I will provide training to my employees so they are aware and have a better visual of what the company is about and the expectations. Another important thing is assigning roles and responsibilities for the employees, and what each department is expected to conduct in order to keep asset and information …show more content…
I will pass policies that show employees how to construct strong passwords to log in to the system such as P0c0nt@s2132, in which shows not only letters but upper case, symbols, and numbers. As well as, a secret question and password must be provided to provide reassurance that the person logging in is who they say they are. Next would be to have the right and updated anti-virus and malware protections. This will help detect threats that enter the system. Locking your network and applying wired networks, which involves plugging into physical outlets or hacking modem ports. If a wireless network is needed disabling the SSID broadcasting to work on a wireless router for a hidden network. Another important policy would be the internet policy that involves what site are to be blocked, and only company emails are to be open for work purposes. If dealing with secret assets or information, encrypting the information attach with password will be