IST3100 Information Systems Security Officer
Assignment # 2
WK5 “What ifs” Discussion
This week to me is all about prevention and situational awareness. It all starts with assessments of risks, and/or potential scenarios that may or may not occur. To me, based upon the reading, we should simply be proactive, discuss risks as a team, and finally, have an action plan in place.
Security Controls, what are they? Well, I am a huge component of encryption. In the security control segment, we should be prepared to identify what is considered as ‘sensitive’ information. Once this has been determined, we can encrypt this intel.
Recovering, or being prepared as to how to recover from a disaster is another must! The goal in this area should set upon restoring core or critical systems as quickly as possible in the event of a disaster. Developing this procedure will require a tremendous amount of solid communication and coordination between teams and units.
Training: Yes, good ole training. Organizations need to literally practice drills just like many of us may have in our school days. For example, when I was in grade school, we had both regularly scheduled tornado and fire drills. We also implement unplanned drills. The point I am driving home is, practice procedures as a team as if an actual disaster were occurring.
As a security officer, we not only need a formal plan or plans in place, but timeliness is a must. The faster we can restore our organizations, the better.
Thank you. That’s all I’ve got.