Scribd Logo
Upload

Welcome to Scribd!

  • Anna Gogacz Reflections

    Uploaded by

    Wonder Lost
    17 views6 pages
    1) A detailed security risk analysis identifies key threat actors and ensures threats are determined and prioritized and controls are implemented. It helps thwart attacks like those on Colonial Pipeline and JBS Meats. 2) Contingency planning helps thwart attacks, ensure disaster recovery, and provide guidelines to deal with breaches. It facilitates business continuity. 3) Security audits assess organizations against regulations and standards to ensure they remain secure and monitor for intrusions.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    1) A detailed security risk analysis identifies key threat actors and ensures threats are determined and prioritized and controls are implemented. It helps thwart attacks like those on Colonial Pipeline and JBS Meats. 2) Contingency planning helps thwart attacks, ensure disaster recovery, and provide guidelines to deal with breaches. It facilitates business continuity. 3) Security audits assess organizations against regulations and standards to ensure they remain secure and monitor for intrusions.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    17 views6 pages

    Anna Gogacz Reflections

    Uploaded by

    Wonder Lost
    1) A detailed security risk analysis identifies key threat actors and ensures threats are determined and prioritized and controls are implemented. It helps thwart attacks like those on Colonial Pipeline and JBS Meats. 2) Contingency planning helps thwart attacks, ensure disaster recovery, and provide guidelines to deal with breaches. It facilitates business continuity. 3) Security audits assess organizations against regulations and standards to ensure they remain secure and monitor for intrusions.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 6

    Reflection 1: Detailed Security Risk Analysis

    For this topic, I found the stakeholder management component of security risk analysis novel
    and surprising in a way that shed light on Detailed Security Risk Analysis, as a component of
    broader security risk assessment basics, preparation and analysis.

    It seems to me that the conventional approach to Detailed Security Risk Analysis needs to be
    updated or reconceptualized or its premise questioned or reconsidered, as where, with the dog
    that didn't bite, the premise is faulty or not up-to-date with the principles of the cyber resilience
    lens of information security.

    A detailed security risk analysis helps to ensure that key threat actors are identified and
    neutralized, and is especially important in the context of a pandemic, given the proliferation of
    phishing schemes and ransomware attacks, including those that preyed on the Colonial Pipeline
    and JBS Meats. A detailed security risk analysis thus helps to ensure that threats are effective
    determined and prioritized, security controls are well implemented, and an effective remediation
    plan is implemented.

    Here are my thoughts regarding how the approach to Detailed Security Risk Analysis could or
    should be updated to reflect the principles of cyber resilience.

    Foremost, security risk analysis teams should ensure that network scanning and vulnerability
    testing policies are adequately implemented and included in the overall security audit
    framework. Secondly, security risk analysis teams should also be able to inventory the
    company’s key information assets, identify and delegate data ownership and custodian roles,
    and evaluate risk mitigation and management models.

    As these team presentations unfold, it seems to me that among the selected topics listed below,
    the topic of Detailed Security Risk Analysis resonates most powerfully with me for the following
    reasons:
    1. A detailed security risk analysis helps to ensure that key threat actors are identified and
    neutralized
    2. A detailed security risk analysis helps to ensure that threats are effectively determined
    and prioritized, security controls are well implemented, and an effective remediation plan
    is implemented.
    3. A detailed security risk analysis help thwart key potential attacks, disasters and risks.

    Reflection 2: Contingency Planning

    For this topic, I found the theme of business continuity novel and surprising in a way that shed
    light on Contingency Planning, as a component of broader security risk assessment basics,
    preparation and analysis.
    It seems to me that the conventional approach to this topic needs to be updated or
    reconceptualized or its premise questioned or reconsidered, as where, with the dog that didn't
    bite, the premise is faulty or not up-to-date with the principles of the cyber resilience lens of
    information security.

    A cybersecurity contingency plan is a risk management plan that outlines the key
    recommendations, instructions and considerations for how a company can effectively ensure
    business continuity in the event of a cybersecurity breach, and details how to forestall and avoid
    potential and prospective breaches, losses and attacks. These contingency plans require a
    strategic understanding of the key types of risks and threats, and an implementation of practical,
    real-world guidelines to effectively mitigate threats.

    Here are my thoughts regarding how the approach to Contingency Planning could or should be
    updated to reflect the principles of cyber resilience.

    Foremost, contingency planning teams should ensure that network scanning and vulnerability
    testing policies are adequately implemented and included in the overall security audit
    framework. Secondly, Contingency plans should also be able to inventory the company’s key
    information assets, identify and delegate data ownership and custodian roles, and evaluate risk
    mitigation and management models.

    As these team presentations unfold, it seems to me that among the selected topics listed below,
    the topic of Contingency Planning resonates most powerfully with me for the following reasons:

    Foremost, contingency plans are able to help thwart key potential attacks, disasters and risks.
    Furthermore, contingency plans can help to facilitate effective disaster recovery, and ensure
    strong business continuity and the resumption of core business operations in a timely manner.
    Finally, contingency plans provide real-life guidelines that ensure that future attacks or breaches
    can be summarily dealt with.

    Reflection 3: Security Auditing

    For this topic, I found the need for compliance to industry audit standards (or lack thereof) novel
    and surprising in a way that shed light on Security Auditing, as a component of broader security
    risk assessment basics, preparation and analysis.

    It seems to me that the conventional approach to this topic needs to be updated or


    reconceptualized or its premise questioned or reconsidered, as where, with the dog that didn't
    bite, the premise is faulty or not up-to-date with the principles of the cyber resilience lens of
    information security.

    For example, the security audit is supposed to be a full and holistic assessment of a company's
    information system against a broad audit checklist of federal regulations and externally
    developed standards. This should cover security controls related to network vulnerabilities,
    applications and software, and physical vulnerabilities, as well as issues related to human
    lapses. However, security audits can often focus exclusively on the hardware and software
    dimension, and neglect the importance of the human dimension in security controls.
    Furthermore, many organizations fail to ensure compliance between their security audit and the
    larger checklist of federal regulations and externally developed standards.

    Here are my thoughts regarding how the approach to security audits could or should be updated
    to reflect the principles of cyber resilience.

    Foremost, security audit teams should ensure that network scanning and vulnerability testing
    policies are adequately implemented and included in the overall security audit framework. A
    robust information security policy that is frequently monitored and revised should also be
    implemented to effectively govern employee activities. Vulnerability management and change
    management policies are also important to ensure that any vulnerabilities or policy changes do
    not disrupt business continuity. Finally, organizations should implement a robust network
    monitoring and logging system to ensure strong documentation and monitoring from potential
    intrusions and unauthorized asset access.

    As these team presentations unfold, it seems to me that among the selected topics listed below,
    the topic of Security Audits resonates most powerfully with me for the following reasons:
    1. Security audits ensure that organizations are able to remain as best in class secure operators
    and managers of critical asset infrastructure
    2. Security audits actively support organizations in monitoring of potential intrusions and
    unauthorized asset access.

    Reflection 4: Security Risk Assessment Basics

    For this topic, I found the process of risk factor assessment novel and surprising in a way that
    shed light on Security Risk Assessment Basics, as a component of broader security risk
    assessment basics, preparation and analysis.

    It seems to me that the conventional approach to this topic needs to be updated or


    reconceptualized or its premise questioned or reconsidered, as where, with the dog that didn't
    bite, the premise is faulty or not up-to-date with the principles of the cyber resilience lens of
    information security.

    For example, organizations can often execute or implement generalized assessments that do
    not adequately map the relationships and threats that link assets, risks, and mitigating controls,
    leaving significant vulnerabilities in their overall security strategies due to the insufficiency of
    their budgets or resources. Furthermore, organizations can frequently forget that beyond
    identification of assets, there is a need to then construct an assessment approach that identifies
    security risks and relevant correlations between threats, mitigating controls and vulnerabilities.
    Here are my thoughts regarding how the approach to Security Risk Assessment Basics could or
    should be updated to reflect the principles of cyber resilience.

    Foremost, security managers and cybersecurity teams should implement broad based Security
    Risk Assessment Basics courses that help all employees to match a company's business
    requirements to the selected or identified security controls. This should also equip students with
    a deep understanding of the data requirements for implementing an effective risk assessment.
    Students should also be able to inventory the company’s key information assets, identify and
    delegate data ownership and custodian roles, and evaluate risk mitigation and management
    models.

    As these team presentations unfold, it seems to me that among the selected topics listed below,
    the topic of Security Risk Assessment Basics resonates most powerfully with me for the
    following reasons:
    1. Security Risk Assessment Basics helps a team to effectively identify, neutralize and manage
    key security risks and control lapses in software applications.
    2. Security Risk Assessment Basics helps to enable managers to commit to informed decisions
    in areas such as tooling, resource allocation and security controls, thus serving as a key part of
    the organization’s overall risk management process.

    Reflection 5: Security Risk Assessment Preparation

    For this topic, I found the stakeholder alignment component to be novel and surprising in a way
    that shed light on the need for strong stakeholder support in security risk assessment
    preparation, as a component of broader security risk assessment basics, preparation and
    analysis.

    It seems to me that the conventional approach to this topic needs to be updated or


    reconceptualized or its premise questioned or reconsidered, as where, with the dog that didn't
    bite, the premise is faulty or not up-to-date with the principles of the cyber resilience lens of
    information security.

    For example, organizations can often execute or implement generalized assessments that do
    not adequately map the relationships and threats that link assets, risks, and mitigating controls,
    leaving significant vulnerabilities in their overall security strategies due to the insufficiency of
    their budgets or resources. Furthermore, organizations can frequently forget that beyond
    identification of assets, there is a need to then construct an assessment approach that identifies
    security risks and relevant correlations between threats, mitigating controls and vulnerabilities.

    Here are my thoughts regarding how the approach to security risk assessment preparation
    could or should be updated to reflect the principles of cyber resilience.
    As these team presentations unfold, it seems to me that among the selected topics listed below,
    the topic of security risk assessment preparation resonates most powerfully with me for the
    following reasons:
    1. Security Risk Assessment Preparation helps a team to effectively identify, neutralize and
    manage key security risks and control lapses in software applications.
    2. Security Risk Assessment Preparation helps to enable managers to commit to informed
    decisions in areas such as tooling, resource allocation and security controls, thus serving as a
    key part of the organization’s overall risk management process.

    Reflection 6: Security Risk Analysis

    For this topic, I found the stakeholder management component of security risk analysis novel
    and surprising in a way that shed light on Security Risk Analysis, as a component of broader
    security risk assessment basics, preparation and analysis.

    It seems to me that the conventional approach to Security Risk Analysis needs to be updated or
    reconceptualized or its premise questioned or reconsidered, as where, with the dog that didn't
    bite, the premise is faulty or not up-to-date with the principles of the cyber resilience lens of
    information security.

    A security risk analysis helps to ensure that key threat actors are identified and neutralized, and
    is especially important in the context of a pandemic, given the proliferation of phishing schemes
    and ransomware attacks, including those that preyed on the Colonial Pipeline and JBS Meats. A
    detailed security risk analysis thus helps to ensure that threats are effective determined and
    prioritized, security controls are well implemented, and an effective remediation plan is
    implemented.

    Here are my thoughts regarding how the approach to Security Risk Analysis could or should be
    updated to reflect the principles of cyber resilience.

    Foremost, security risk analysis teams should ensure that network scanning and vulnerability
    testing policies are adequately implemented and included in the overall security audit
    framework. Furthermore, organizations can frequently forget that beyond identification of assets,
    there is a need to then construct an assessment approach that identifies security risks and
    relevant correlations between threats, mitigating controls and vulnerabilities in the security risk
    analysis process.

    Foremost, security risk analysis teams should ensure that network scanning and vulnerability
    testing policies are adequately implemented and included in the overall security audit
    framework. Secondly, security risk analysis teams should also be able to inventory the
    company’s key information assets, identify and delegate data ownership and custodian roles,
    and evaluate risk mitigation and management models.
    As these team presentations unfold, it seems to me that among the selected topics listed below,
    the topic of Security Risk Analysis resonates most powerfully with me for the following reasons:
    ● A security risk analysis helps to ensure that key threat actors are identified and
    neutralized
    ● A security risk analysis helps to ensure that threats are effectively determined and
    prioritized, security controls are well implemented, and an effective remediation plan is
    implemented.
    ● A security risk analysis help thwart key potential attacks, disasters and risks.

    Reflection 7: Security Risk Mitigation

    For this topic, I found the theme of business continuity novel and surprising in a way that shed
    light on security risk mitigation, as a component of broader security risk assessment basics,
    preparation and analysis.

    It seems to me that the conventional approach to this topic needs to be updated or


    reconceptualized or its premise questioned or reconsidered, as where, with the dog that didn't
    bite, the premise is faulty or not up-to-date with the principles of the cyber resilience lens of
    information security.

    A cybersecurity contingency plan is a risk management plan that outlines the key
    recommendations, instructions and considerations for how a company can effectively ensure
    business continuity in the event of a cybersecurity breach, and details how to forestall and avoid
    potential and prospective breaches, losses and attacks. These contingency plans require a
    strategic understanding of the key types of risks and threats, and an implementation of practical,
    real-world guidelines to effectively mitigate threats.

    Here are my thoughts regarding how the approach to security risk mitigation could or should be
    updated to reflect the principles of cyber resilience.

    Foremost, security risk mitigation teams should ensure that network scanning and vulnerability
    testing policies are adequately implemented and included in the overall security audit
    framework. Secondly, security risk mitigation plans should also be able to inventory the
    company’s key information assets, identify and delegate data ownership and custodian roles,
    and evaluate risk mitigation and management models.

    As these team presentations unfold, it seems to me that among the selected topics listed below,
    the topic of security risk mitigation resonates most powerfully with me for the following reasons:

    Foremost, security risk mitigation plans are able to help thwart key potential attacks, disasters
    and risks. Furthermore, security risk mitigation plans can help to facilitate effective disaster
    recovery, and ensure strong business continuity and the resumption of core business operations
    in a timely manner. Finally, security risk mitigation plans provide real-life guidelines that ensure
    that future attacks or breaches can be summarily dealt with.

    You might also like