Question

In: Computer Science

You are part of a team responsible for designing an assessment to determine whether or not...

You are part of a team responsible for designing an assessment to determine whether or not your company’s information security controls are in compliance and to identify any necessary improvements or adjustments.

Select two of the aspects listed below and discuss the importance of each in establishing a successful security metrics program. Give specific examples. What problems/issues might your company face if those aspects are not handled appropriately?

  • Identifying stakeholders
  • Defining metrics program goals and objectives
  • Deciding which metrics to report
  • Establishing targets and thresholds
  • Developing strategies for collecting metrics data
  • Determining how metrics will be reported
  • Creating a remediation action plan
  • Conducting a formal program review cycle

Solutions

Expert Solution

1. Developing strategies for collecting metrics data:- This field should specify the data source ,frequency of collection of data and allocate the responsibility of data compilation.Automated collection of data is generally more accurate than manual collection so organisation should employ automated way of data collection ,analyse it and report it into matrices.Automated collection is easy to configure and require less resources to be used in case of manual collection.

example:-If there is threat of viruses in a computer system then it will be the first question that what is the source of viruses,is it coming from external removable media storage or is it through internet browsing or emails.if we have found that the virus and threats are due to emails then we have to develop a strategy so to collect data based upon the emails like the numberof spyware or virus detected in emails or the percentage of suspected emails detected, then we have to ensure the frquency of data collection according to the percentage of suspected emil detected and then form the security matrics according to that.

2. Conducting a formal program review cycle:-The continue feedback of the security matrics is very necesaary to evaluate the matrics and its value and if it is not progressing or improving then it has to be discarded.New matrics should be added to improve and refine the progress of security program.A fresh scan of security matrics standard and its accuracy should be done to ensure the fine tuning of program.

example:-If the email threats and virus data is collected and matrics is formed and suppose a new type of malware attack through internet and email will be there ,so to prevent that new matrics should be added or the older matrics should be updated and improved to identify that new malware or spyware.

  • The aspects which are shown above should be handled properly to ensure the prevention from the threats like data loss ,database injections,security breach etc. The areas like malware management,emails management,vulnurability management and patch management are very important to work upon and uptight the security control over these areas through these security aspects.

Related Solutions

Suppose that you are working as part of a team designing a network for XYZ high...
Suppose that you are working as part of a team designing a network for XYZ high school. Consider that the school has six departments, Admin, Academic, Human Resource (HR), Finance, IT support and Sports. 1. Analyse the project hardware requirements along with the number of devices and cost. 2. Justify the approach you would be taking to design the network for the school. 3. Using the network simulator (such as packet tracer) design the network. 4. Illustrate the network configuration...
Suppose that you are working as part of a team designing a network for XYZ high...
Suppose that you are working as part of a team designing a network for XYZ high school. Consider that the school has six departments, Admin, Academic, Human Resource (HR), Finance, IT support and Sports. 1. Analyse the project hardware requirements along with the number of devices and cost. [3 Marks] 2. Justify the approach you would be taking to design the network for the school. [3 Marks] 3. Using the network simulator (such as packet tracer) design the network. [4...
CASE STUDY You are a part of the team responsible for planning the Land & Homes...
CASE STUDY You are a part of the team responsible for planning the Land & Homes Group (ASX code – LHM), a property development company, audit engagement for 2020. You are required to gather relevant background information and prepare a report for a meeting with your audit seniors. Assume that this is the first time that the audit will be conducted by your audit firm for this client. Your report must address the following issues: QUESTIONS 1) Based on your...
CASE STUDY You are a part of the team responsible for planning the Land & Homes...
CASE STUDY You are a part of the team responsible for planning the Land & Homes Group (ASX code – LHM), a property development company, audit engagement for 2020. You are required to gather relevant background information and prepare a report for a meeting with your audit seniors. Assume that this is the first time that the audit will be conducted by your audit firm for this client. Your report must address the following issues: QUESTIONS 1) What do you...
You are part of a team responsible for implementing an activity-based costing system. Some of the...
You are part of a team responsible for implementing an activity-based costing system. Some of the members do not understand the steps involved in implementing such a system. Prepare a summary showing your team members the steps involved and a brief description of each step that are completed in the process.
You are part of a team that is determining whether your company should undertake a new...
You are part of a team that is determining whether your company should undertake a new project. Your team calculated the NPV of the new project using the cost of capital (weighted average cost of capital) to discount the future cash flows. However, the Chief Financial Officer noticed that your team excluded the interest payments in estimating the future cash flows. Discussion Questions: Why did your team exclude interest payments in the estimation of future cash flows of the new...
You are the leader of the customer service team for an organisation. You are responsible for...
You are the leader of the customer service team for an organisation. You are responsible for ensuring that the shop is always staffed with assistants who make customers feel welcome, attend to their questions and needs knowledgably and promptly and who are able to maintain the shop’s displays at all times. At any one time you have a team of 15 assistants with six needed per day. Due to the nature of the work you have an average turnover of...
You are the leader of the customer service team for an organisation. You are responsible for...
You are the leader of the customer service team for an organisation. You are responsible for ensuring that the shop is always staffed with assistants who make customers feel welcome, attend to their questions and needs knowledgably and promptly and who are able to maintain the shop’s displays at all times. At any one time you have a team of 15 assistants with six needed per day. Due to the nature of the work you have an average turnover of...
Determine whether the computer system on which you are working is part of a local area...
Determine whether the computer system on which you are working is part of a local area network. If it is, determine what servers are available and how they are used. Is there a significant difference between the ways you access local resources and remote resource I do not believe I am on a local area network. I am on a private network in my house, and the only things connected to it are my devices. I could be wrong on...
You are responsible for designing a drug that would target a Gram negative bacterial species What...
You are responsible for designing a drug that would target a Gram negative bacterial species What would you target at and why? You are responsible for designing a drug that would target a Gram positive bacteria would you target at and why? explain
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT