Refer to Devil’s Canyon, Part A in Wk 4. Using the potential risks for Devil’s Canyon you identified in Wk 4, create a 3- to 4-page matrix to share with the team. In your matrix, you should: D
Policies, Plan, and Risk Policies play a significant role in the implementation of security plans that organizations have. After various vulnerabilities have been identified, employees and other stakeholders of Devil’s Canyon Enterprise will need a set of procedures that will guide them in the implementation stage. Without policies, any strategy that the management creates will not have a clear pathway to its success (Furnell et al., 2016). Procedures are required to assign roles and responsibilities to each worker in the security protocols being created. Policies also pinpoint the enterprise’s risk appetite, ensuring it stays within its limit both financially and managerial. Some of the procedures needed include password policies, physical security policies, data privacy policies, and incident response policies. Security plans and strategies are vital for the successful implementation of the security needs of a company. The enterprise can only achieve operational efficiency if a comprehensive method includes every business process that Devil’s Canyon Enterprise is involved in to make a profit. The security plan ensures all leaders and managers are accountable for the decisions they make in the process. Without a plan, the funds set aside by being lost through fraudulent activities and must, therefore, be well managed (Furnell et al., 2016). If there are any service providers needed, they must be obtained by management from a reputable organization that has positive reviews from the IT industry. The plan will ensure communication between service providers, employees, and the is flawless. Threats of the Enterprise Some of the threats the enterprise will face include insider threats. It occurs when rogue employees intentionally steal, share, and manipulate sensitive information leading to loss of the business’s reputation. It can also be unintentional when employees do not comply with the set rules and regulations, exposing the company to hackers. Protecting the enterprise from rogue employees must be a priority; management must ensure that the employees’ comprehensive education and training occur (Jail et al., 2019). Any rogue employees must be timely removed from the enterprise or disciplinary actions taken accordingly. A two-factor authentication technique should be applied. An employee’s functions must also be mapped by management to their operations to prevent misuse (Jail et al., 2019). Viruses and malware are a threat to the organization. The IT team must use the latest software and hardware system to counter them. Physical security of IT resources is a threat that can lead to losses. Therefore, they must be kept behind healthy locks and hinges using authentication systems to deter unauthorized access. Phishing attacks occur when hackers employ tricks that lead to sensitive information being shared. Hackers might send a photo or an email to users. If the user opens it, it releases malware installed into a system and waits to access courses. Ransomware threats occur when hackers lock users at the enterprise until they pay a fee (Kurpjuhn, 2019). The hackers prefer virtual currencies as authorities cannot track them. Devil’s Canyon can protect itself by updating all its systems and educate employees not to visit suspect sites. The IT team must also set up firewalls to monitor the users with access to the system closely. Therefore, Devil’s Canyon will effectively protect itself by identifying mitigation strategies that fit into their system. The enterprise’s management must implement a decentralized leadership network to ensure quick decision-making when threats are identified. It will also give them enough time to focus on the business’s core functions, leading to increased productivity. Table Representing Risks RISK PROBABILITY OF OCCURRENCE IMPACT (LOW, MEDIUM, HIGH) RISK RATINGS INSIDER ATTACKS MEDIUM HIGH HIGH VIRUS AND MALWARE LOW MEDIUM LOW PHYSICAL SECURITY LOW HIGH MEDIUM PHISHING MEDIUM HIGH HIGH RANSOMWARE MEDIUM HIGH HIGH References Hassija, V., Chamola, V., Saxena, V., Jain, D., Goyal, P., & Sikdar, B. (2019). A survey on IoT security: application areas, security threats, and solution architectures. IEEE Access, 7, 82721-82743. Kurpjuhn, T. (2019). The guide to ransomware: how businesses can manage the evolving threat. Computer Fraud & Security, 2019(11), 14-16. Safa, N. S., Von Solms, R., & Furnell, S. (2016). Information security policy compliance model in organizations. computers & security, 56, 70-82.