Kevin Mehok
Forum Replies Created
-
Posts
-
Kelly,
Great post. I think we tend to not include the Stakeholders enough. Sure, they are involved at a high level, but do they know who implements or does the designing? Most likely not. This is critical in the three keys of protocols, policies, and procedures. Not Poor, prior, planning…. Or maybe it is, lol. The key is knowing what is being secured, how, the why, and the plan in doing so.
God Bless,
Kevin
Hey Kelly,
How are you sir. I think the oversight, if you will, of the range of threats is far too often overlooked, or not fully calculated. Asset Management needs to be fully implemented before a protection plan can be put into place.
The segment in my opinion is understanding two folds, why are we protecting it, and from what? If we do not assess the value first, we could be paying too much.
God Bless,
Kevin
Marcena,
I have been wondering how you have been doing. Risk Management is a team effort and requires the entire organization to be aware of gate keeping and understanding the core needs of the unit first and foremost.
I feel that the entire needs to be aware of what needs to be protect and a clearly defined in a way as to what is being insured.
God Bless,
Kevin
IST3011 Information Systems Security Officer
Week One
Assignment #2
Week One Discussion
Kevin MehokHey Class,
I am not 100% sure as to what it is that we needed to discuss; however, I was super interested in reading content in Chapter Two regarding ISMS (Information Security Management System). I feel this will someday be our responsibility to understand, design, and implement Information Security at a high level. This is why I have selected this topic to discuss with our class.
Let’s begin with a structure, shall we? Everything starts with Senior Management and their support. The Senior Management ultimately needs to approve the policy or policies that Information Security aims to put in place.
Next the team with Senior management must agree on a budget. This budget will be a benchmark as to programs, training modules, and staffing resources can be put in place. Far too we immediately think about technology and hardware. Remember, Information Security protects what is already in place. Therefore, the budgeting, at least initially speaking, is not about new hardware, but the support around it.
Thirdly we may consider the team’s resources. Who is currently on the team, what resources may be allocated to conduct and lead training. One of the greatest resources our organizations can possibly have may come down to ‘awareness’ and ‘educated responses’ in the event of a cyber or digital attack.
Finally, Senior Management and Information Security team must be aligned with the proper authority. Such authority comes down to access, and gate keeping. Who and what are to be labeled as the gate keeper and hold permission levels to such authority.
Once the team assembles these steps, we can then establish a Security Framework. This is more or less a structured outline of the agreed policies, budget, resources, and authority. It is important to create a clear and concise Security Framework.
Now, class we can roll out Program Management. Program Management revolves around the teams goals, deliverables, and meaningful timelines. Perhaps, the response times will be tweaked, so new goals with be set. Perhaps additional security or controlled access with be required for deliverables. Lastly, maybe internal operations with coordinate specific deadlines that may impact our team’s timeline.
That’s all I’ve got.
God Bless,
Kevin
