Unit 4 Implement Controls

determined that the three primary risks the company faces in protecting the data are as follows:

The critical control security focuses on security functions that are effective to latest technology threats. These security controls prioritize on smaller number of action controls to aiming that must do first. Many organizations have adopted critical controls to prevent from future attacks and reduced risk by utilizing the controls (SANS, 2015). Following are critical controls:

| “Security controls are the management, operational, and technical safeguards or countermeasures employed within an organizational information system to protect the confidentiality, integrity, and availability of the system and its information” (NIST SP 800, 2009). The control allows the organization to efficiently mitigate the risk coming from the use of information System (IS) to conduct business operations and processes.

We cannot assume all risks will be normal, we have to expect uncontrollable events. We cannot we have all the assumptions so must continually evaluate our risk management.

Identification of controls already in place – including policies, firewalls, applications, intrusion and detection prevention systems, virtual private networks, data loss prevention and encryption.

For the control of the risk, following mechanism will be more effective in the implementation of the mechanism as the management must design the control environment with the assessment control risk. Thus it is essential for the higher management to look at the ground level and formulate the policies, guidelines and procedures which could be fitted with the environment which can more helpful in mitigating the associated risks.

Security controls are practical or managerial safeguards or counter events to avoid, counter or minimize damage or inaccessibility due to intimidations acting on their corresponding vulnerability, i.e., security danger. Controls are referenced

Risk management can be divided into three parts: defining a risk management strategy; identifying and analyzing risks; and handling identified risks, including the implementation of risk mitigation plans when needed.

Administrative controls are to ensure people understand and follow the policies and procedures. Preventative controls try to stop threats from trying to use a vulnerability to gain access to the network or computers. Detective controls identity a threat that has hit the network and computers and corrective controls reduces the effects of a threat on the system.

As it is highly not possible to eliminate risks in any organization it is the duty of the high level management and manager to use cost effective and efficient control implementation to mitigate risks identified. As risks cannot be stopped it is impractical similarly medica is facing risks in many of its departments, for instance; security of information from

The security management can attempt to relieve the issues with security controls as well as the controls are put in place to safeguard any vulnerability in the system. The four types of controls to reduce the risk are deterrent, preventive, detective, and corrective. Deterrent control tries to reduce attacks on a cloud system like a demilitarize zone by telling the potential hack to be warn if they proceed with the attack. Preventive controls strengthen the system against issues by reducing problems with strong authentication with

The initial phase in the OCTAVE Allegro process builds up the organizational drivers that will be utilized to assess the impacts of a threat to an organization 's main goal and business goals. These drivers are reflected in a situated of risk estimation criteria that is made and caught as a major aspect of this beginning step. Risk estimation criteria are a set of subjective measures against which the impacts of an acknowledged danger can be assessed and structure the establishment of a data resource hazard evaluation. Utilizing steady hazard estimation criteria that precisely mirror a hierarchical perspective guarantees that choices about how to moderate danger will be predictable over different data resources and working or departmental units. Notwithstanding assessing the degree of an effect in a particular range, an association must perceive which affect regions are the most critical to its main goal and business goals. For instance, in few organizations an effect to the association with its client base may be huger than an effect on its consistence with regulations. This prioritization of effected areas is likewise performed in this starting step.

The best way to respond to risks, regardless of where they come from, is to be prepared in advance through counter-measures, prevention and as much proactivity in general as possible. This is because acting with foresight and some due diligence will prevent many to most issues in a lot of firms and situations. A sterling example of this NOT happening is when TJX, the parent of TJ Maxx and other store chains, had its wireless consumer data including credit card information and other sensitive information exploited. What is really silly about that whole caper is that TJX was using WEP wireless encryption and that cypher was cracked long before TJX was caught with its proverbial pants down (Ou, 2007).

Security controls for the network system involves the creation of access and use for each user or user group. The control is used to "restrict a list of possible actions down to the allowed actions. For example, encryption can be used to restrict access to data, application controls to restrict processing via authentication, and DRM storage to prevent unauthorized accesses." (Securosis, 2012) The necessary controls are determined by "first listing out

When discussing Network security, it is not much different then home, business, work, and personal security. Sometimes they are used together in ways to protect the safety of lives and important information on documents or files that are personal or proprietary. In the past before the age of computers and most importantly a network and internet, most people used security alarms, security guards, safes and locks to protect. With this day and age, the technology being used has been transformed in to the digital future. Information systems are the overall aspect of computer technology for home and business. The methods used to attack and protect a computer or network from vulnerabilities or threats will be discussed. Some of the findings that can be associated with the security do to vulnerabilities will be identified. The studies dealing with the subjects and participants that have been conducted will also be annotated. The implications associated with these vulnerabilities, threats, and attacks will show findings of policies, technology, and countermeasures put forth to detect, deter, or stop them. The conclusions will draw forth all the findings and results that were found during the research of this paper.