Developing the Corporate Strategy for Information Security

Assignment 1: Developing the Corporate Strategy for Information Security 

Nelson Gomes

Professor Gregory Blanche

SEC 402: Cyber Security

May 02th, 2016

Functions of CISO with examples

Chief Information Security Officers (CISOs), are in charge of guaranteeing different parts of their associations’ cyber and data security, are progressively finding that the time tested, customary data security systems and capacities are no more sufficient when managing today’s inexorably extending and dynamic cyber risk environment. The constant event of exceedingly announced, worldwide cyber interruptions outline the insufficiency of reactive controls-and practices-based methodologies, which might be vital yet are not adequate for ensuring and sustaining their associations’ basic cyber assets.

The three key capacities that capture the larger part of a CISO’s obligations:

Three competencies of that of a CISO

  • Protect, Shield, Defend, and Prevent – Ensure that the association’s staff, approaches, procedures, practices, and advancements proactively secure, shield, and safeguard the venture from cyber threats, and prevent the occurrence and recurrence of cybersecurity incidents similar with the association’s danger resistance.
  • Monitor, Detect, and Hunt – Ensure that the association’s staff, arrangements, procedures, practices, and advancements screen continuous operations and effectively hunt for and recognize foes, and report occurrences of suspicious and unapproved events as speedily as could be allowed.
  • Respond, Recover, and Sustain – When a cybersecurity incident happens, minimize its effect and guarantee that the association’s staff, strategies, procedures, practices, and advancements are quickly conveyed to return resources for typical operations as quickly as time permits. Resources incorporate advancements, data, individuals, offices, and supply chains (Mehravari, 2016).

Functions of CIO with examples

  • The CISO leads the assessment and evaluation of the security project to guarantee that all perspectives are in consistence with security prerequisites (e.g., FISMA), while understanding security dangers and vulnerabilities to operations and the association’s surroundings.
  • In constrained cases and in little organizations, the CISO may likewise evaluate the administration, operational, and technical security controls of the data framework to guarantee viability.
  • The CISO is a recognized role title at the organization level however the above obligations might be completely performed under an alternate title at the project, sub-office or component level (DHS, 2015).
  • The Chief Information Officer (CIO) concentrates on data security strategy inside an association and is in charge of the vital use and administration of data, data frameworks, and IT. The CIO sets up and regulates IT security measurements programs, incorporating assessment of consistence with corporate approaches and the adequacy of policy execution. The CIO likewise leads the assessment of new and developing IT security innovations.

    Data Security – utilization of standards, arrangements, and strategies important to guarantee the confidentiality, integrity, accessibility, and protection of information in all types of media (electronic and printed version) all through the information life cycle. Example – Access Control, Antivirus software, and privacy.

    Enterprise Continuity – the utilization of standards, arrangements, and procedures used to guarantee that an enterprise keeps on performing vital business capacities after the event of an extensive variety of potential cataclysmic occasions. Example – Business continuity plan, disaster recuperation, and risk mitigation.

    Incident Management – knowledge and comprehension of the procedure to plan and avoid, detect, contain, destroy, recuperate, and apply lessons gained from occurrences affecting the mission of an association. Example – Incident handling, records and response.

    IT Security Training and awareness – Training exercises are intended to educate laborers about their security obligations and show them about data security procedures and systems to guarantee obligations are performed ideally and safely inside related situations. Awareness exercises present crucial data security concepts to the workforce that are intended to influence user behavior. Example – CBT, WBT, and certification (DHS, 2008).

    Two security assurances of that of a CIO

    The two (2) security assurances that could be achieved by the CIO developing a formal security awareness, training, and educational program would be Computer Based Training and Web Based Training with certification(s) (DHS, 2008).

    Methods used by the CIO to certify security functions

    IT security planning is a risk management issue. Consequently, the OCIO obliges offices to take after the IT Security policy and guidelines to mitigate security dangers in a mutual and trusted environment. Offices will:

    (1) Ensure secure connections between and among administrative offices happen inside a mutual and trusted environment.

    (2) Ensure secure collaborations between and among business accomplices, outside parties, and that state offices use a typical validation process, security architecture, and point of entry.

    (3) Close unapproved pathways into state networks and to the state’s information.

    (4) Prevent abuse of, harm to, or loss of IT hardware and software facilities.

    (5) Ensure representative responsibility for security of IT assets.

    (6) Ensure and oversee consistence with these IT security benchmarks, including the yearly confirmation of security consistence from the office heads to OCIO (WaTech, 2000).

    Functions and security efforts of digital forensics

    Digital Forensics refers to the learning and comprehension of digital examination and investigation methods utilized for recovering, validating, and analyzing electronic information to recreate occasions identified with security episodes. Such exercises require building a digital information base. The digital forensics function complements the overall security efforts of the organization by:

    Operational duties of digital forensics team

    • Providing satisfactory work spaces that at the very least take into account electrical, thermal, acoustic, and security concerns (i.e., scholarly properties, arrangement, contraband) and security prerequisites (inclusive of access control) of equipment and personnel and in addition give satisfactory report writing/administrative territories.
    • Apply, maintain, and analyze results from intrusion detection frameworks, interruption prevention frameworks, system mapping software, and different tools to ensure, detect, and adjust data security-related vulnerabilities and occasions.
    • Provide audit information to suitable law enforcement or other investigative offices to incorporate corporate security components (DHS, 2008).

    The imperative variables that protect and upgrade the confidentiality and integrity of information asset with regards to confidentiality would be to have a solid encryption. Integrity cryptography is an imperative component for guaranteeing information or assets. Confidentiality is the method for client allocated encryption that deal with essential data like accounts with vital data to permit accessibility. A case of confidentiality are the individuals who work in banking infrastructure with access to individual financial data that you wouldn’t have any desire to get into the wrong hands. The encryption code comprises of numbers and letter sets which are hard for programmers/hackers to gain accessibility. Integrity is about hashing the information transmitted over the Internet through a secured system with a HTTPS. First, hash information is received, and stored, then compared with the hashing of a unique message. This could be utilized as a part of private emails, content/text over the Internet. The first hash must be given protection that is secured in a computerized signature. Accessibility is an approved gathering or work force with the capacity to ask the data as required. In light of Denial of Access Attacks (DDoS), it can influence Web access. Accessibility is about backing up frequently off-site which can forestall harm and permit prompt restore if anything happens to an association server hard drives.

    Resources available to the digital forensics team

    There are such a large number of assets accessible for digital criminological examiners on the Internet, yet so far there has been no focal webpage to unite references to all of them. Every individual expert, specialist, or seller has accumulated their own particular rundown practices to their interests, and perhaps gave their very own few assets:

    Acquisition Tools – At the point when directing a forensic review audit examination, one of the principal things that a criminological examiner must do is accumulate and safeguard the digital evidence. This is known as the acquisition process. Amid this procedure it is critical that the evidence be gathered and put away utilizing trusted techniques and instruments since it might later be utilized as a part of a criminal or common court activity. A standout amongst the most trusted applications available today to do this is NTI’s SafeBack. SafeBack is a device used to make a mirror-picture, or bit-stream backup document, of any capacity gadget, for example, a hard drive. NTI recommends, “The procedure is comparable to photography and the making of a photograph negative. Once the photograph negative has been made a few precise reproductions can be made of the first.” (BAE Systems, 2008) The best possible gathering and protection of evidence is so crucial to forensic auditing that a lot of exploration are led around there alone.

    Analysis Tools – After the digital evidence has been legitimately accumulated saved, auditors must figure out what part of it constitutes real proof. This investigation step regularly develops a few stages, each of which depends vigorously on the rate and proficiency of varying software applications. For the most part, the primary tool that an auditor will use to look at digital proof for hints is a file listing and documentation software bundle. These bundles can look at a bit-stream picture and create a listing of files and records that were available on the first gadget (Bigler, 2001).

    While a listing of records is clearly a crucial report, so too is the listing of installed programs. With it, an auditor can search for software’s that is commonly used to cover up, secure, encode or erase records from examiners. The simple presence of encryption bundles, for example, “TrueCrypt” or ‘Hide and Seek’ (a steganography instrument that can shroud documents inside pictures) show intent to conceal proof and will help the auditor figure out which extra tools may be vital (Bigler, 2001).

    File Recovery Tools – Another crucial toolset in the forensic inspector’s toolbox are document recuperation tools. Numerous clients believe that once they erase a document from their PC, that the data contained inside it is gone until the end of time. Basically, this is not the situation. “At the point when a client erases a document, the file is not really wrecked. Rather, the pointer to the document is erased leaving the contents of the record in place. All erased documents turn out to be a piece of the free space on the capacity media which the PC in this way uses to store new records” (Bigler, 2001). It is a direct result of this that erased records can regularly be recuperated utilizing an assortment of business and free items available, for example, ProQuest’s ‘Lost and Found’ or ‘FreeUndelete’. At the point when recuperating erased documents, auditors ought to give careful consideration to the record’s qualities, analyzing when the record was last seen and erased (UKEssays, 2015).


    Mehravari, N. (2016, February 22). Structuring the Chief Information Security Officer (CISO) Organization. Retrieved May 02, 2016, from

    DHS. (2015, November 13). National Initiative for Cybersecurity Careers and Studies (NICCS). Retrieved May 02, 2016, from

    DHS. (2008, September 01). Information Technology (IT) Security Essential Body of Knowledge (EBK): A Competency and Functional Framework for IT Security Workforce Development. Retrieved May 2, 2016, from

    WaTech. (2000, July 14). Securing Information Technology Assets Standards | Office of the Chief Information Officer. Retrieved May 02, 2016, from

    UKEssays. (2015, March 23). Resources needed to conduct a forensic audit. Retrieved May 02, 2016, from