Reference no: EM132362451

1.  What is an example of critical information in the utility industry,i.e., electrical, water/sewer, and gas?

you must include at least two citations and 3 references.

2. Operations security definition

According to Jason Andress (2014), Operations security is not limited to the process of identification of sensitive & critical information but extends to identify ways to protect them and thereby preventing them to be used by the adversaries. Operations Security was a field which was primarily introduced and practiced by US government for handling the sensitive information. But due to the exponential growth in the use of smart phones and internet, all of our regular day-to-day activities have pretty much moved to the virtual environments. This has forced many of the organizations to look for ways to protect the information and take countermeasures as and when required.

Importance for operations security

• It helps the businesses to protect their informational assets from insider threats, where the employees can gain access to the sensitive information regarding the practices and security controls of the organizations.

• It helps the business is protecting them against the various STRIDE related threats (STRIDE- Spoofing, Tampering, Repudiation, information Disclosure, Denial of Service, Elevation of privilege)

• It provides the management with controlling ability over the changes made to the IT infrastructure and the physical security by which the business operates.

• It also enables the businesses to define and set controls over protecting sensitive data that are at rest and are in transit (Rountree, 2011).
Application of Operations security at work

I am currently working at an Insurance firm on a Billing and Collections Project, which deals with a lot of sensitive and private financial data of the customers. Here is how the company is practicing operations security principles at work.

1. Closely monitored change control principles.According to Johnson (2015), security at work environment can be bolstered by the use of appropriate change management policies and apt physical security access control guidelines. Every change that is made to the IT infrastructure is closely monitored and requires various levels of authorization before it can be deployed permanently. This way the management is able to have control over the architecture and design of their Information asset.

2. Network access governance and restriction.Tea-leaves policies, Splunk and a dedicated audit team are present to monitor the various activities performed by the employees and also to regulate network traffic. The organization also has specialized access instructions that limits them from connecting from unsecured networks.

3. Risk management practices:The employees are given training regarding the current cyber security threats and phishing. They are also given quizzes and various team activities that encourage better risk management within departments.

4. Reducing human interference.Since employees are considered the weakest link through which the outsiders can gain access to protected information, most of the processes within the organization are now automated and thereby reducing need for manual work-around. Such activities reduce the need for employees to have access to all the customer data.

5. Business continuity plans and Disaster recovery plans.The organization also strictly adheres to the practice of developing disaster recovery plans for every tiny IT infrastructure change that is being deployed in order to ensure the authenticity and integrity of the overall IT asset.

6. Limited access.People who develop the IT asset are usually not provided with access to the Production data and thereby limiting the access only to processors who would be needing in on the daily basis. Business Ops people who work closely with the customer data do not have the thorough knowledge of the back end integration of the data base structures and data, which again minimizes the risks caused by the insiders (Johnson, 2015).

3. I am looking forward to applying for the network administrator job. The tasks of a network administrator comprise four major responsibilities. First, design and network planning that involve deciding on the best type of network that suits the need of a particular organization. Secondly, setting up the network, this comprises of installing the hardware that consists of the physical part of the network as well as configuring the databases or files, routers, hosts, and network servers. Third, maintaining the network, which involves troubleshooting network issues, administering network security, adding new network machine on the network, and administering network services such as NFS. Lastly, expanding network which is achieved by adding new computing devices and expanding network services by providing other shared programs. This paper will explore the security operations that are involved or should be adhered to during the daily operations of a network administrator.

Security operations of a network administrator include with keeping data classified, accessible, and guaranteeing its integrity (Bernard, 2019). Further, network administrator ought to supervise the cybersecurity program of a data framework or network, comprising overseeing data security implications inside the corporation, specific program, or other areas of responsibility, to incorporate key, personnel, foundation, prerequisites, policy enforcement, crisis planning, security awareness, and different resources.In addition, applying information process, knowledge of data, organizational interactions, analytical expertise, and skills as well as network and systems, and data exchange capabilities to oversee acquisition applications. These operations comprise executes obligations overseeing software, hardware, and information structure acquisition programs and another program of the administrator's policies. Gives direct help to acquisitions that utilize network (comprising National Security Systems), providing IT-related direction all through the complete procurement life cycle and applying IT-related laws and policies.

Develop and carry out a test of frameworks to assess compliance with requirements and specification by applying method and standards for practical planning, assessing, reviewing, and validating of functional, technical, and execution attributes (including interoperability) of systems or components of frameworks consolidating IT. This should be supported by evaluating, managing, and underpins the documentation, approval, evaluation, and authorization processes critical to guarantee that current and network systems meet the organization's risk assessment and cybersecurity. Ensure suitable treatment of risk, consistency, and confirmation from inward and outside points of view.

Troubleshoot, configure, install, and maintain server configurations (software and hardware) to guarantee their privacy, integrity, and accessibility. Oversees accounts, patches, and firewalls. As a network administrator on should be responsible for passwords, access control, and account creation (Porras et al., 2016). Install, test, maintain, configure, and oversees network and their firewalls, including hardware (such as routers, switches, multiplexers, cable, intermediary servers, and protective distributor frameworks) and application that licenses the sharing and transmission of all range transmissions of data to help the security of data and data frameworks. Examine an organization's present computer frameworks and strategies, and plans data frameworks solutions to support the organization work all the more safely, effectively, and efficiently. Bring information technology and business together by understanding the necessities and constraints of both.

In conclusion, risk analysis ought to be conducted to determine what information poses the biggest threat. Such as a network may contain important information on it thus will require more security measure to maintain security.