14 Nov Search, review, and compile 10-15 references to be used for your Project Paper. APA-format these references, put them on a Word document along with a short abstract or review of each of the r
Instructions
Use the attached previous work for this assignment.
Search, review, and compile 10-15 references to be used for your Project Paper. APA-format these references, put them on a Word document along with a short abstract or review of each of the reference with its content and how you will be using them in your Project Paper. I expect to see at least 10 APA-formatted references, each followed by a 1-paragraph review of the article.
4
Week 2 Proposal
Information Assurance
Information Assurance (IA) is the practice of protecting information and information systems from unauthorized access or use. In the context of the above scenario, HME would need to put in place measures to protect its data assets from unauthorized access or use. This could include, for example, implementing access control measures to restrict access to data to authorized personnel only, and encrypting data to prevent unauthorized individuals from being able to read it (Yan et al., 2022). It is important to note that IA is not just about protecting data from external threats, but also from internal ones. For example, HME would need to ensure that its employees are aware of and adhere to data security policies and procedures, and that data is backed up in case of accidental loss or destruction.
Strategy for AI Implementation
There are a few frameworks that could be used for IA implementation, such as the NIST Cybersecurity Framework or the ISO 27001 standard. The choice of framework will depend on several factors, such as the specific needs of the organization and the resources available (Shopina et al., 2020). In general, the IA implementation process will involve conducting a risk assessment to identify vulnerabilities and threats and putting in place controls to mitigate these risks. These controls could include, for example, access control measures, data encryption, and employee training.
Risk Mitigation Strategy
The first step in mitigating risks is to identify them. In the context of the above scenario, HME would need to identify the risks associated with its data assets, such as unauthorized access or use, data breaches, and data loss. Once risks have been identified, controls can be put in place to mitigate them. As mentioned above, these controls could include access control measures, data encryption, and employee training. For example, HME would need to have an incident response plan in place in case of a data breach. This plan would outline the steps to be taken in such an event, such as notifying affected individuals and authorities, and conducting a forensic investigation.
Accrediting Body
There are several accrediting bodies that could be used to ensure that IA is embedded into organizational culture, such as the International Organization for Standardization (ISO) or the National Cyber Security Centre (NCSC). The choice of accrediting body will depend on several factors, such as the specific needs of the organization and the resources available.
Response and Disaster Recovery Plan
In the event of an intrusion or disaster, it is imperative for the company to ensure that a plan is in place on how to deal with the intrusion or disaster. This plan should outline the steps to be taken in such an event, such as notifying affected individuals and authorities, and conducting a forensic investigation. It is also important to have a disaster recovery plan in place in case of data loss. This plan would outline the steps to be taken in such an event, such as restoring data from backups, and would be tested on a regular basis to ensure that it is effective.
References
Shopina, I., Khomiakov, D., Khrystynchenko, N., Zhukov, S., & Shpenov, D. (2020). CYBERSECURITY: LEGAL AND ORGANIZATIONAL SUPPORT IN LEADING COUNTRIES, NATO AND EU STANDARDS. Journal of Security & Sustainability Issues, 9(3). https://jssidoi.org/jssi/papers/journals/pdownload/36#page=249
Yan, A., Hu, Y., Cui, J., Chen, Z., Huang, Z., Ni, T., … & Wen, X. (2020). Information assurance through redundant design: A novel TNU error-resilient latch for harsh radiation environment. IEEE Transactions on Computers, 69(6), 789-799. https://ieeexplore.ieee.org/abstract/document/8960475/
,
2
Elements of a Security System Design
Elements of a Security System Design
Asset Protection and Threat Identification
One of the key elements to consider when designing a security system is to identify the assets that need to be protected and the threats that could potentially compromise those assets. Jacobs (2016) illustrates that once the assets and threats have been identified, it is important to select the appropriate security controls to mitigate the identified risks. The security controls should be designed in a way that they work together to create a comprehensive security solution. For example, if the asset is a computer system, the security controls could include physical security measures to prevent unauthorized access to the system, as well as logical security measures such as password protection and data encryption. If the threat is a malicious software attack, the security controls could include installing and updating anti-virus software and creating firewalls to block unauthorized access to the system.
The Cost of Security Measures
It is also important to consider the costs of the security measures when designing a security system. The security measures should be proportional to the value of the assets they are protecting. In other words, the costs of the security measures should not outweigh the benefits they provide. When designing a security system, it is important to strike a balance between security and cost (Jacobs, 2016). Therefore, a security system should be designed in a way that it is effective at mitigating the risks while also being cost-effective.
A Flexible and Adaptable Security System
The security system should also be designed to be flexible and adaptable to changing needs. In order to make sure that the security measures are still effective in reducing the threats identified, they should be constantly assessed and modified as necessary. (Jacobs, 2016). The security system should also be tested periodically to ensure that it is functioning as intended. When changes are made to the system, it is important to retest the system to ensure that the changes do not introduce new security vulnerabilities. An example of this is when a new security measure is introduced, such as data encryption. The system should be tested to ensure that the data is still accessible to authorized users and that unauthorized users are unable to access the data.
References
Jacobs, S. (2016). Engineering information security: The application of systems engineering concepts to achieve information assurance. 2nd Edition. Wiley-IEEE Press. https://books.google.com/books?hl=en&lr=&id=dfxoPL11PwYC&oi=fnd&pg=PR23&dq=Engineering+Information+Security:+The+Application+of+Systems+Engineering+Concepts+to+Achieve+Information+Assurance,+2nd+Edition&ots=qigkPEZVWJ&sig=bSRDEAGNGmu2Iq37APm8i_m59IA
