The analysis of information security

According to the information security analysis, this firm has committed multiple security violations that have threatened the consumers' trust. The security flaws include a network infiltration attack that exposed credit card information as well as an inside job in which personal data was stolen owing to lax access control procedures. As a result, this article describes how to design a risk management approach that addresses the two security violations and discusses how to mitigate these risks.

Analysts predict that increasingly sophisticated information security threats will continue in the near future. As a result, the majority of firms continue to be targets of cyber criminals' information security attacks. The persistence of the internet attacks, for instance, has already become a communal issue confronting nearly all enterprises (Craig, Shackelford and Hiller, 2015).

Moreover, a cyber risk possesses the capacity to impact an organization’s bottom line. The cyber-attacks normally target corporation’s utilization of cyberspace with the intention of destroying, maliciously controlling or disabling a computing environment or even pilfering restricted information and ruining the reliability of the data (Conference of State Bank supervisors, 2016).

Consequently, the impact of the cyber security risks could make an organization to be apprehended legally accountable alongside compromising the customer assurance. Also beyond the influence to a single corporation, these risks have tremendous economic aftermaths. Thus, for the enterprises to adequately manage the persistent threat from these risks and cyber-attacks, corporations have to unite and through collaboration so as to share industry guidelines and best practices that identify potential vulnerability (Craig, Shackelford and Hiller, 2015)

Risk management strategy

The risk management strategy involves: identification of the security risks; protection of organization assets, systems and data; detection of data breaches, unauthorized access, and system intrusions; response to a potential security event; and recovery from a security event through restoration of normal services and operations (Conference of State Bank supervisors, 2016).

Firstly, identification of the potential risks entail information classification, vulnerability and threat identification, risk measuring and communicating the risk (Conference of State Bank supervisors, 2016). These identification strategies aid in securing information based on the level of its sensitivity so that highly sensitive information is properly secured. The risk identification assists in the active management of all hardware devices on the organization’s network.

Secondly, protection from potential risks encompass client authentication, access control and data security. The protection measures operate by limiting the aftermath of a security incident. Additionally, protection employs the cyber hygiene mechanism, which is the responsibility of every employee who are trained accordingly so that they be vigilant and in a state of preparedness consistently when it comes to information security. Similarly, data security through encryption, multifactor authentication alongside network access control all achieve threat mitigation when employed appropriately.

Furthermore, detection is the next defense line against the threats. The utilization of the detection systems alongside the baseline detection inventory is a good detection strategy. These assists in correcting any detected issues by the IT manager and thus mitigating any threat that can result via intrusion and any network anomaly.

Consequently, the response entail adequate preparation for any security incident. The response strategy embrace the knowledge applied in order to counter the threat whenever an incident occurs. Equally, the response strategy also involves breach communication through a checklist (Craig, Shackelford and Hiller, 2015).

Lastly, recovery enmeshes infrastructure recovery, data restoration and reconnecting the service with minimum disruption (Conference of State Bank supervisors, 2016). To achieve this, a well-reviewed preparedness audit checklist has to be employed so that the incident response strategy can be tested. Additionally, the third-party vendors can be engaged when necessary.

Conclusion

The best practices and sharing of industry standards in identifying weakness, detecting risks, protecting the organizations assets, utilization of an incident response strategy and recovering the information system all with regular reviews shall mitigate the threats. This will be achieved when every employee alongside the IT staff is trained accordingly and given the responsibility to assist in protecting the organization’s information.

Reference

Conference of State Bank supervisors (2016). A Resource Guide for Bank Executives: Executive Leadership of Cybersecurity. Cybersecurity 101 Retrieved on February 3, 2017 from https://www.csbs.org/CyberSecurity/Documents/CSBS%20Cybersecurity%20101%20Resource%20Guide%20FINAL.pdf

Craig, A., Shackelford, S., & Hiller, J. (2015). Proactive Cybersecurity: A Comparative Industry and Regulatory Analysis. American Business Law Journal, 52(4), 721-787. http://dx.doi.org/10.1111/ablj.12055