Answer & Explanation:Critique needed: Red Clay Renovations is a company that understands that technology
is a part of everyday life for much of the modern world. The world is
ever connected, global and local community interaction feels one and the
same, happening real-time with little senses of distance or separation.
Technologies are rapidly being created to leverage the potential and
possibilities of device connectivity and the internet to make life more
automated. While many companies may be new to the idea of “smart homes”
and the “Internet of Things”, RCR has been implementing these
technologies in our residential renovations as well as our own office
environments for years. While utilizing the advantages of the Internet
and information technologies is prudent there are some security risks
that RCR exposes themselves to. Cyber threats are always ready to take
advantage of any vulnerability and if successful a single cyber-attack
can have a seriously negative impact on a company.
While RCR implements some best practices IT solutions
there are so risks that the company is exposed to. One risk that can be
damaging to RCR is the information that it collects, processes, and
stores. From financial data to medical information, if RCR were ever
victims of a security breach and this type of information was
compromised it could be devastating for the company. A second risk would
be the fact that RCR has offices in different locations which requires
offices to connect and communicate with each other over a public network
called the Internet. A third risk would be the use of “smart home
devices” in the company’s offices. These devices if compromised could
allow unauthorized physical access to information and information
systems. A fourth risk is the implementation of BYOD. While this program
can be cost effective, unmanaged systems can pose a real threat to
information integrity. The fifth risk is risk is a successful denial of
service of the operations site in Ownings Mills. This facility provides
RCR as a whole a number of key services. If it were to go down, even for
a few minutes, the impact on the company could be sever.
To mitigate or neutralize these risks it will require a
finical investment by the company. For many of these risks an investment
of people and process would be implemented. RCR has used best practice
solutions throughout its network which required technology investments
but it is important that investments in people as process are down.
Processes need to put in places to make sure that an adequate balance
between confidentially, integrity, and availability of information and
information systems is maintained. This effort will also take an
investment in training the people that interact with the information and
information systems daily know and understand what they are to do and
how they are to do it. If need be, investing in specialists like pen
testers or security consultants should be used to ensure that RCR does
their due diligence. (Schrader, 2014)
The strategy I would suggest implementing is minimize
exposure. The information and information systems used by RCR during
daily operations is are threatened by internal and external threats.
Whether the intent is malicious or not, an internal threat can be just
as damaging to the company as an external threat. Minimizing exposure
aims to reduce the amount of access to information and/or information
systems by streamlining the network by using only the number of systems
and devices that are necessary. (Davis, Libicki, Johnson, Kumar,
Waatson, Karode, 2016) This strategy can be cost effective while at the
same time providing major security benefit by reducing exposure as well
as reducing the impact of a successful compromise.
The strategy of minimizing exposure can help in the
planning and programming stages of budget preparation. With the planning
phase, systems or access points that are not needed can be removed off
the network can be identified, also systems that are providing or
receiving too much data can be identified. By finding these systems it
can help to streamline the network helping to reduce cost. Minimizing
exposer can help in the programming phase by developing a process for
how a new system is determined to be needed, when it gets added to the
network and what amount of access that system will have to the network
resources.
Schrader, C. (December 8, 2014). Cyber Security Budget Planning for Small Businesses. Retrieved from http://www.nationalcybersecurityinstitute.org/general-public-interests/cyber-security-budget-planning-for-small-businesses/
Davis, J. S., Libicki, M. C., Johnson, S. E., Kumar, J., Watson, M., & Karode, A. (2016). A framework for programming and budgeting for cybersecurity (Rand TL-168). Retrieved from http://www.rand.org/content/dam/rand/pubs/tools/TL100/TL186/RAND_TL186.pdf
