Risks and Challenges
Acts of Nature Include Lightening storms, hail storms, tornado’s earthquakes floods or any other natural disaster you could think of that could possibly disrupt daily operations and make data unavailable for any reasons.
Dependency Failures Include systems or personal that become inoperable that are outside our control to repair. This includes 3rd party application or cloud storage, also includes the termination of critical employee example would be a system administrator resigns, or subject matter expert was terminated.
System and Environmental Failures …show more content…
External Attack. Is just like internal attacks only deployed from outside the network in an attempt to gain entrance and elevated privileges. These attacks seek to harm the company its employees, or customers and data.
Social engineering is always a threat and exposes every user in the organization as a possible unknowing accomplish to an attack.
Data breach will be the main threat in the Embassy. There is a large amount of classified information that could be leaked to the wrong person at any time. If a guest happens to see information that’s classified that is technically a data breach.
Virus and emails that contain applications or malicious software could make it into the network through social engineering or lack of user training.
Regular Operating system exploits and vulnerabilities are a common threat for all aspects of IT security. Rouge access points, and seemingly misplaced thumb drives could be gateways into bad times in IT …show more content…
These regulations or procedures will probably come from higher up in our organization and disseminated to use through pre-established means, but we do not have this information yet.
FISMA Compliance
“In order to reach FISMA compliance all departments and agencies are required to coordinate and cooperate with the Department of Homeland Security as it carries out its cyber security responsibility and activities as noted in the OMB Memos 10-15 and 10-28. Any updates or changes to practices will be implemented as quickly as it is safe to do so”. (FISMA, 2015)
“Department of Homeland Security activities will include (but will not be limited to):
• overseeing the government-wide and agency-specific implementation of and reporting on cyber security policies and guidance;
• overseeing and assisting government-wide and agency-specific efforts to provide adequate, risk-based and cost-effective cyber security;
• overseeing the agencies ' compliance with FISMA and developing analyses for OMB to assist in the development of the FISMA annual report;
• overseeing the agencies ' cyber security operations and incident response and providing appropriate assistance;