OCU C)ISSO D Discussion Lesson 16
- This topic has 9 replies, 3 voices, and was last updated 11 months, 1 week ago by
.
-
Posts
-
-
A security officer needs to plan ahead for all “what-ifs.” Planning for a disaster is important in order to have a speedy recovery thus losing the least amount of money for an organization. What are ways to prevent disasters? Discuss at least 4 of these ways and how preventing these can be better than a cure.
-
There are several ways to prevent disasters and minimize their impact on an organization. Here are four examples:
1. Conduct regular risk assessments: Regular risk assessments help identify potential threats and vulnerabilities, and provide insights into where additional controls or safeguards may be needed. By proactively addressing these risks, organizations can prevent disasters from occurring in the first place.
2. Implement appropriate security controls: Implementing appropriate security controls, such as access control, encryption, and network security measures, can help prevent cyber-attacks and data breaches. These controls can help ensure that sensitive information is protected and that systems remain secure and available.
3. Develop and test a disaster recovery plan: Developing and testing a disaster recovery plan is crucial for ensuring that an organization can quickly recover from a disaster and minimize the impact on business operations. The plan should include procedures for restoring critical systems and data, as well as communication and coordination protocols for responding to the disaster.
4. Conduct regular training and awareness programs: Regular training and awareness programs can help employees understand the importance of security and disaster preparedness, and provide them with the knowledge and skills needed to identify and respond to potential threats. This can help prevent human error and ensure that employees are prepared to respond to a disaster.
Preventing disasters is often better than a cure because it is generally less expensive and disruptive to prevent a disaster than it is to recover from one. Preventive measures, such as risk assessments and security controls, can help avoid or minimize the impact of a disaster altogether, while a reactive approach may result in lost revenue, lost customers, and damage to the organization’s reputation. In addition, a well-prepared disaster recovery plan and regular training and awareness programs can help minimize the downtime and disruption caused by a disaster, allowing the organization to resume operations as quickly as possible.
-
Marcena,
Your amazing word choices and excellent responses are just incredible. Well done, once again! I feel that we as future professionals, maybe some of us are currently practicing, that incorporating and testing an action plan is a must. The little details in the ‘what ifs’ discussion are often overlooked. I also feel that if we discuss disasters with companies and organizations that have suffered a loss, will also be a great point of reference in our planning to protect and restore our organizations.
God Bless,
Kevin
-
Marcena, I agree with your ways of planning for a disaster. I sometimes wonder how many employers have regular disaster and fire training with their employees. I think that ensuring that each employee knows and understands and has the skills to identify potential threats and how to safeguard against them is critical in keeping everyone in the physical location safe and keeping the data safe. I had to install a fire detection system in the daycare center that was run in our church. After installing it and testing it, I had to make weekly trips there to do fire drills. At first, they would know the time and day I was coming, but then just to catch them off guard and make it seem more realistic, I would just stop in and set the alarm off. It was important to make sure that all the staff and children knew how to get out of the building safely and in a timely manner.
-
-
IST3100 Information Systems Security Officer
Week Five
Assignment # 2
WK5 “What ifs” Discussion
Kevin Mehok
Hey Class,
This week to me is all about prevention and situational awareness. It all starts with assessments of risks, and/or potential scenarios that may or may not occur. To me, based upon the reading, we should simply be proactive, discuss risks as a team, and finally, have an action plan in place.
Security Controls, what are they? Well, I am a huge component of encryption. In the security control segment, we should be prepared to identify what is considered as ‘sensitive’ information. Once this has been determined, we can encrypt this intel.
Recovering, or being prepared as to how to recover from a disaster is another must! The goal in this area should set upon restoring core or critical systems as quickly as possible in the event of a disaster. Developing this procedure will require a tremendous amount of solid communication and coordination between teams and units.
Training: Yes, good ole training. Organizations need to literally practice drills just like many of us may have in our school days. For example, when I was in grade school, we had both regularly scheduled tornado and fire drills. We also implement unplanned drills. The point I am driving home is, practice procedures as a team as if an actual disaster were occurring.
As a security officer, we not only need a formal plan or plans in place, but timeliness is a must. The faster we can restore our organizations, the better.
Thank you. That’s all I’ve got.
God Bless,
Kevin
-
Hey Kevin,
I couldn’t agree more with your focus on prevention and situational awareness this week. Assessing risks and potential scenarios is crucial to stay ahead of any unforeseen events. Being proactive and discussing risks as a team is a great way to ensure everyone is on the same page and ready to respond effectively.
I share your enthusiasm for security controls, especially encryption. Identifying sensitive information and encrypting it is a key step in safeguarding data. Encryption adds an extra layer of protection, making it harder for unauthorized individuals to access confidential intel.
Preparing for disaster recovery is a must-have in any organization. Restoring core systems quickly is vital to minimize downtime and maintain business continuity. The coordination and communication between teams and units play a critical role in developing effective recovery procedures. It’s like a well-choreographed dance where everyone knows their part.
Ah, training! It’s amazing how much we can learn from those childhood drills. Just as we practiced tornado and fire drills in school, organizations should conduct regular and unplanned drills. These exercises help teams familiarize themselves with the procedures and simulate real-life disaster scenarios. The more we practice as a team, the better equipped we’ll be to handle actual emergencies.
Timeliness is indeed crucial when it comes to disaster recovery. Having a formal plan or plans in place is essential, but executing them swiftly is equally important. The faster we can restore our organizations, the sooner we can get back on track and minimize the impact of any incident.
-
Hey Marcena,
Thanks for responding and being on the same page with me on this week’s discussion surrounding Disaster Planning. Timeliness to me is key. If we can not safely remove our teams from danger quickly and efficiently, the entire evacuation process will be worthless.
Practice makes perfect, so training is a must to obtain proficiency in timeliness. I really do feel that drills need to be run over and over to perfect the process accordingly.
I hope you are having a great week.
God Bless,
Kevin
-
-
From the information I gathered from the video on lesson 16, there are several ways to prepare and plan for a disaster. I have listed four of those ways below:
1. A company or organization needs to identify items, that if planned properly will not turn into a disaster. This includes making sure that they have redundant power supplies, backed up communication mechanisms, identifying single points of failure, and recognizing necessary fault-tolerant solutions.
2. An organization also can plan for and be prepared for a disaster by having fault tolerance and redundancy technology installed and working properly. Making sure that the right fire and safety inspections are in place and tested regularly which includes installation and testing of fire detection and suppression equipment.
3. Making sure that the equipment they have is maintained and tested regularly will help in case of a disaster. Having offsite data backups wheater that is other servers offsite or cloud computing backups. Making sure that the data is backed up and current on another device of some kind will ensure that the process goes well when trying to restore the data.
4. Employee training and testing are vital in planning for a disaster of any kind. If the employees know the procedures and protocols for a disaster and are trained in what to do it will make the process much easier. Making sure that each employee knows their role should a disaster occur will ensure that everyone is safe and that the data can be restored promptly depending on the situation.
-
-
Kevin, great to be in another class with you, and as always thanks for making it a great one. I agree with your statement about training. You can have the most up-to-date state-of-the-art fire detection, fire suppression, firewalls, security protocols and policies, and a well-trained security officer and team but if none of the staff or employees know how to train for a scenario or how to react should one happen that is all a lot of wasted time and money. As you said, good ole training will help to reduce the risk of a disaster or breech and also help to mitigate the damage should one occur.
-
- You must be logged in to reply to this topic.
