Part 1: Mitigation through Controls (4 points)
This assignment is an evaluation of the use of the four of the most important security controls for a well-known organization; the Motorola Corporation. In this case, I have found that the corporation has recognized the process of risk mitigation to be a unique process for the organization in that, the internal operating environment of the organization is specific to its need and as such its risks are specific to the organization. The organization selected to use four of the most important security controls under the principle of six sigma.
The four most important security controls- A Case study of Motorola
In the modern business environment, different organizations are making efforts to understand as well as meet the different expectations of the customer through a clear focus on the quality of the products offered in the market. Warfiel (2016) explains that there are different security risks involved in the process and as such, different tools have been availed in the market to help different organizations in the management as well as in the improvement of the security of their products and services. In this regard, the Motorola Corporation has chosen the use of the four security risk control principles of the six sigma strategy which the organization has utilized to a successful extent.
The corporation found a methodology for security risk control that uses specific principles and mechanism in ensuring that excellence in the management of security risks. Under the approach, the ultimate goal is to control any security threat through a methodology that ensures the organization creates products and services within a range of fewer than 3.4 defects per million products or services produced. The organization asked management to effectively bring under control any major security risk and witnessed its benefits as one of the world’s most famous and successful organization which is safe to work for.
The use of the four most important security controls tool within the Motorola
Under the six sigma, Motorola Corporation has adopted the four most important security risk controls for their business under the principles of;
For the corporation to stay ahead of any security risk as well as make better use of any device the approach was handy in creating an accurate inventory of all their physical and virtual servers. In addition, other connective gadgets such as tablets, Smartphone’s and PCs and any other device that is connected to their network or used within the organization environment. As a result, the corporation does not have to keep monitoring any rogue or unauthorized devices within its premises.
Subsequently, since it is not possible for the corporation to undertake a follow up of every flaw over each application, the approach of authorized and unauthorized software allows the organization to determine which software is on the different devices connected to their network. This helps in determining the risk as well as the potential impact of any emerging security risks and threats. For example, according to Warfiel (2016) through accurate maintenance of an inventory of the software and the hardware used over their network.
Drawing from experience, the organization established that the majority of the attacks exploit known vulnerabilities such as the publically disclosed flaws which vendors have already developed patches for. Thus, this principle helps the corporation to have in place a system for continuous vulnerability assessment as well as patch management which helps in plugin such holes before attackers find them. In addition, Warfiel (2016) reiterates that a system of continuous vulnerability assessment and remediation helps in the discovery of new vulnerabilities almost on a constant basis. However, as soon as a vulnerability assessment is undertaken, the scan results are outdated. To counter this challenge, the corporation makes use of other tools such as QualysGuard or nCircle PureCloud which are set up for automated vulnerability scan to be undertaken automatically on a regular basis.
The corporation resized that the majority of its security risk was in the form of malware such as viruses worms Trojan, rootkits as well as botnets. As a result, the corporation chose malware defenses for the protection of its systems in order to put in place such antimalware protection in the form of both McAfee Internet Security 2013 and BitDefender Internet Security 2013. Through this strategy, the corporation has been able to keep its security risk controls updated regularly in addition to giving it’s the capacity to detect and block or control any new or known malware threats. Moreover, through this tool, the corporation has ready alternative security risk control tool in the form of heuristic techniques that can identify suspicious or malicious behavior as well as defend against new and unknown attacks.
Part 2: Mitigation, Continuity, and Disasters
How the four of the most important security controls can best be used for mitigation, continuity, and disasters management
The most important role of the four most important security controls in disaster management is to facilitate the reduction and the overall avoidance of the potential losses. In addition, they enhance the chances for prompt and appropriate assistance that is most relevant in case of any disaster. This allows the organization to achieve rapid and effective recovery. For example, the four most important security controls allow the creation of a disaster management cycle that illustrates the most relevant processes by which the overall impact of any disaster can be minimized. The best plan of action during and immediately after the disaster as well as the most relevant steps to following order to ensure quick recovery after a disaster has occurred. In this regard, the four most important security controls facilitate the most appropriate actions over all the points within the disaster cycle that leads to greater and better preparedness better warnings, reduced and minimized vulnerabilities as well as the best overall future prevention of the disaster over the nest interaction of the disaster cycle.
Under the four most important security controls, any organization is able to achieve a complete disaster management cycle that includes that inherent shaping of the public policies as well as plans which can lead to the better modification of the causes of the disaster as well as their most appropriate mitigation of their effects on people, infrastructure and property.
For instance, the four security control provides a well-planned approach under which both mitigation and preparedness phases occur as part of the overall disaster management improvements which are anticipated prior to the event. The relevant developmental considerations are well catered for to play a role in facilitating the overall mitigation and preparedness of the organization or the community to effectively confront and control a disaster (Sabahi, 2011). There is a clear way over how once a disaster occurs, the management actors may get involved in the immediate response as well as during the long term recovery plans or phases. In this case, the four most important security controls provide the precise order on how the phases overlap as well as the length of each phase based on the severity of the disaster.
For instance, while the mitigation leads to the minimization of the disaster effects over the organization through such strategies as building of zoning and coding, generation of public education as well as through appropriate vulnerability analysis, preparedness facilitates the process of palling how to respond through preparedness plans, emergency exercise, warning systems as well as training (Sabahi, 2011). Subsequently, the response ensures efforts for the minimization of the hazards occasioned by the disaster are in place through the facilitation of search and rescue as well as through the provision of emergency relief. However, recovery entails the efforts for returning the organization normal operations in the forms of the relevant temporary measures.
Business continuity and disaster recovery priority actions based on four of the most important security controls of an organization
In the general sense Business, continuity and disaster recovery priority actions entail institution of those business functions that facilitate a quick resumption of business in the event of a major security disruption especially a malicious attack by cybercriminals. As a result, s sound business continuity and recovery plan provide the relevant procedures and instructions that an organization may follow in the face of such security disasters.
Hancock (2017) explains that it entails the business processes, assets business partners as well as the relevant or most helpful human resources. However, unlike what many people may think, a disaster recovery plan is not the same as a business continuity plan. However, the disaster recovery plan focuses more on the restoration of the IT infrastructure and other associated operations after a security crisis. As a result, it forms part of the inherent business continuity plan as the overall business continuity plan entails the entire continuity of the organization.
To remain, competitive any organization needs a proper business continuity plan. For example, it plays an instrumental role in the restoration of the organization’s resources which are critical for the corporation. For instance, the plan is well founded on the four most important security controls; it helps the organization to find ready recovery solutions. For instance, with the security of the organizations, IT assured the business can implement those solutions. Due to this, there is an increased level of both consumer and regulatory expectations for security (Sabahi, 2011). Thus, the organizations need to understand the most vital processes within their business which impact on the loss of such process over time. Such loses may entail financial, legal reputation or regulatory.
Hancock (2017) opines that any organization that may not have a good business continuity plan in place has no option but to assess their inherent business process to identify the areas that are vulnerable and which pose potential loses if the security of the organization systems is breached. In this regard, the creation of a good business continuity plan entails the following six steps;
However, under the four most important security control of an organization the business continuity plan of an organization must carry a business continuity planning tool as a checklist for the supplies and equipment the location and installation of data backup as well as other backup sites in addition to the correct and accurate and up to date information on emergency response as well as the key personnel and other associated backup site providers.
Drawing from the experience and case study of the Motorola Corporation, there are four security risk controls that an organization should always have in place to achieve and maintain a safer working environment. This is most critical because in the world it is not easy to find a perfect computer or network-based defense that can serve all security risk management needs of an organization.
A computer is constantly elevating the inherent security risk game of cat and mouse. Due to this as soon as one security risk is detected and managed and the latest threat addressed, attackers will always have developed a new technique to access the network thereby compromising the organization’s PCs safety. However, through these four strategies and principles, an organization has in place a tool for focusing their security risk management on the fundamentals of the inherent security risk thereby helping to minimize their risk as well as defend against the majority of such attacks.
For small organizations with limited IT resources, it may not be easy to defend and control every threat or possible exploit and attack. However, through the four important security risks control principles, it becomes easier to know what to prioritize. As a result, these four security risk control principles can help many organizations in achieving a great level of security compliance. For example, the four most important security and risk control principles help an organization in facilitating rather than impeding their business goal. Due to this, they provide a valuable starting point for their organizational security. Moreover, it has been established through different forums that these four most important security risk control principles have the capacity to address over 80 percent of all known security risk against an organizational network as the case is with the Motorola Corporation. For instance, drawing from the Motorola experience these four principles provide any organizational network and PCs with a commons ensure fundamental that has been long been established an s the best security practices. However, it is also important to note that these four are not exhaustive but suffice to say that they should be put in to practice immediately.
Warfiel, C. (2016). The Disaster Management Cycle. Retrieve from http://www.gdrc.org/uem/disasters/1-dm_cycle.html
Hancock, T. (2017). Information Security Governance; Guidance for Board of Directors and Executive Management. Retrieved from https://www.isaca.org/Knowledge-Center/Research/Documents/Information-Security-Govenance-for-Board-of-Directors-and-Executive-Management_res_Eng_0510.pdf
Sabahi, F. (2011). Cloud computing security threats and responses. In 2011 IEEE 3rd International Conference on Communication Software and Networks (pp. 245-249). IEEE.