Computer Science Homework Help
CIS 512 SU Strategic Planning for Information Security Discussion
Just as quickly as new technology is developed, hackers find new ways to disrupt operations. As a result, security is an ongoing endeavor in all organizations. Strategic planning can help organizations be prepared to address new daily threats to information security. Moreover, many of today’s organizations are adopting virtualization as a way to reduce their footprint in hardware costs and to improve their backup system capabilities at the client and server levels. At the same time, virtualization poses security risks that organizations need to consider as part of their strategic planning process.
Go to Basic Search: Strayer University Online Library to locate and integrate at least two quality, academic resources (in addition to your textbook) on the role of strategic planning in mitigating information security threats, including those associated with virtualization. You may also use government websites, such as Cybersecurity from the National Institute of Standards and Technology.
As you write this post, keep in mind your current organization’s or a previous organization’s strategic planning for information security, its infrastructure, and its training.
Please respond to the following in a post of at least 200 words:
- Justify the importance of strategic planning to an organization’s information security.
- Identify and describe the topics to be included in strategic planning for information security.
- Specifically describe the security threats associated with virtualization.
- Explain how strategic planning can help to mitigate the security threats associated with virtualization.
- Provide full citations and references, formatted according to Strayer Writing Standards.
- For assistance and information, please refer to the Strayer Writing Standards link in the left-hand menu of your course. Check with your professor for any additional instructions.
In 60 to 75 words, please respond to student’s comment below:
Professor and Peers,
Ed here. In general English Language usage, I want to consider strategic planning as an activity that is used to set priorities, focus energy and resources, strengthen operations, ensure that all those involved in the activity are working toward common goals, establishing agreement around intended outcomes/results, and assessing and adjusting the direction in response to a changing environment. It should be a disciplined effort that produces fundamental decisions and actions that shape and guide those involved in it, who it serves, what it does, and why it does it, with a focus on the future. Effective strategic planning should convey not only where those involved in it is going and the actions needed to make progress, but also how it will know if it is successful.
Concerning our discussion, this week, our textbook outlines strategic planning from three angles; namely enterprise strategic planning, information technology (IT) strategic planning, and cybersecurity or security strategic planning.
What is the importance of strategic planning to an organization’s information security?
I would like to think here, professor and peers that, the importance or business benefits of an effective information security strategic plan are significant and can offer a competitive advantage. This is because an organization’s information security strategic plan, should allow executives, management and employees to see where they are expected to go, focus their efforts in the right direction and know when they have accomplished their goals. It should be a clear and concise document (Evans, 2015). The plan can also position an organization to mitigate, transfer, accept or avoid information risk related to people, processes and technologies. An established strategy also helps the organization adequately protect the confidentiality, integrity and availability of information.
What are the topics to be included in strategic planning for information security?
Included in the strategic plan should be; complying with industry standards, avoiding a damaging security incident, sustaining the reputation of the business and supporting commitment to shareholders, customers, partners and suppliers, a list of deliverables or benchmarks for the initiatives, including the name of the person responsible for each, defining the vision, mission, strategy, initiatives and tasks to be completed so they enhance the existing information security program, etc.
What are the security threats associated with virtualization?
Industry observers are sounding the alarms on the security realities of a virtual enterprise. As we know too well, professor and peers, it’s the nature of the threat landscape: attackers move where emerging technology moves (Mari-Len De Guzman, 2007). In its latest Internet Security Threat Report (ISTR), a compilation and analysis of IT security activities worldwide, Symantec Corp. cited virtualization-related security attacks as among the trends to watch for in the near future (Mari-Len De Guzman, 2007).
There is no doubt that the use of virtualization adds additional layers of concern (Stallings, 2019). We’re told that virtualized environments aren’t more secure. Some of these threats include; Shared Technology Issues, Denial of Service, Data Loss, Advanced Persistent Threats (APTs), Malicious insiders, Account hijacking, data breach, etc. The week’s readings made it clear that security threats can originate externally and internally in a virtualized environment, and these “intra-host threats” can elude any existing security protection schemes.
Since these virtualized security threats are hard to pin down “this can result in the spread of computer viruses, theft of data, and denial of service, regulatory compliance conflicts, or other consequences within the virtualized environment,” (Dignan, 2008). One compromised virtual machine could infect all Virtual Machines on a physical server. And so, the biggest security risk with virtualization, we are told, is the “guest-to-guest attacks,” where an attacker gets the root or administrator privileges on the hardware, and then can hop from one virtual machine to another (Dignan, 2008).
How can strategic planning help to mitigate the security threats associated with virtualization?
As we’ve discussed earlier, strategic planning is an activity that is used to set priorities, focus energy and resources, strengthen operations, etc. A way to mitigate these threats in an organization, professor and peers, is to get in touch with companies that’ve carried out some measurable work in virtualization security, and incorporate such measures to the security strategic plan. Some of the private companies worth checking out include BlueLane’s flagship product, VirtualShield, finds virtual machines and updates and patches them. Reflex Security’s approach creates a virtualized security appliance and infrastructure. Catbird has a VMware certified virtual appliance dubbed V-Agent. IBM and VMware, we’re told, are also developing secure hypervisor technology and ways to lock down virtual machines, respectively (Dignan, 2008).
In last week’s discussion, we touched on the continuous new challenges for IT to meet, and so, this week, executing a security strategic plan is a critical success factor for organizations that truly want to maximize their ability to manage information risk. I’m hoping that I’ve touched all areas of the week’s discussion.
Ed.
References:
Stallings, W. (2019). Effective Cybersecurity: A Guide to Using Best Practices and Standards. Pearson Education (1st
edition).
Evans, B. (2015). The Importance of Building an Information Security Strategic Plan. Retrieved from
(https://securityintelligence.com/the-importance-of-building-an-information-security-strategic-plan/).
Dignan, L. (2008). Virtualization: What are the security risks? Retrieved from
(https://www.zdnet.com/article/virtualization-what-are-the-security-risks/).
Mari-Len De Guzman. (2007). Security bells ringing over virtualization. ComputerWorld Canada; North York Vol.
23, Iss. 9, (Apr 2007): N_A. Retrieved from
(https://www-proquest- com.libdatab.strayer.edu/docview/219925650?accountid=30530).
Talk to us support@bestqualitywriters.com