Question

You are going to begin the process of data gathering. There are three types of data you will be gathering – Administrative, Technical and Physical. For this assignment, you will be gathering your technical data. This data will be created by you for your fictitious company. You may use as many resources as you need in order to develop this data. The Internet, data from real companies, and data you just make up on your own may be used. Areas of data that need to be gathered are as follows:

• Information Control
  • User Accounts – what is the process for creating and managing them
  • User Error – how is this tracked and what happens in the event of user error
  • Sensitive and Critical Information – What is this information, what controls are in place to protect it and what are the policies and procedures
• Business Continuity
  • Contingency Planning – do they have it and how is it managed
• System Security
  • System Controls – what are they and do they need to be improved
  • Application Security – what is in place and is it effective
  • Change Management – what do they have in place, what are the policies and procedures and how often is it updated
• Secure Architecture
  • Topology – diagram the topology and include an overview
  • Transmission – how does this happen and how is it protected
  • Perimeter Network – what does it consist of, how is it managed
• Components
  • Access Control – what are the policies and procedures
  • Intrusion Detection – what system is in place and how is it managed
• Configuration
  • System Settings – what are the policies and procedures and how is it managed
• Data Security
  • Storage – what are the policies and procedures
  • Transit – how does this happen and what are the policies and procedures

All of the above information will be documented in the risk assessment. In some cases it will be tested and questions to appropriate personnel will be asked.

Answer 1

  DATA GATHERING FOR MY COMPANY

Gathering the data about company makes us to understand how the things will workout in our organization.In a company employment plays an important rule.

Following topic we need to cover:

.INFORMATION CONTROL:

1.USER ACCOUNTS: These involves the information about employes who works in the company.We need to create a document or an application to be filled information by a person who wants to work.Agreement should be made at the starting of recruitment process.

2.USER ERROR: If there any errors or fraud informations is found by an organisation,then they should face severe consequences,basic penalty will be there.

3.ASSET CONTROL: Asset should be controlled,create a basic budget plan,we need to track the expenses.And pay the debts.saving money and planing every step of a financial goals.

4.SENSITIVE INFORMATION: There will be sensitve(secure) information which is hidden from the external organisation.It should be kept in safer and trusted hands. Encryption of shared data between the clients and employees is mandatory. Use of digital Signatures to access the sensitive content must be implemented.

4.BUSINESS CONTINUITY: Business Continuity requires various procedures to deal with. Planning is evaluated based on requirements of business.Validating the previous data pattern of a business planning, identify the basic mistakes of planing and try to comeup with the better planing to satisfy the client needs.

.SYSTEM SECURITY: System security is needed to update data of the business monthly or annually.Strategies and planing of a business must be implemented.Every year a business comeup with a new ideas,procedures and policies.we need to keep it securely.Third party plays vital role in business,he helps to communicate and improve the business planing with other business or an organisation.Information and data of a business is shared with only a trusted third party.So he helps to manage and develop the ideas.In every step of business balance and secure planing of work should be maintained for better growth of business,that's how managing the business will be progressed.

we need to follow the basic steps to collect and gather the data of a business to satisfy and reach its goals.