In order to implement these new virtual processes, the information technology role grew paramount. Ken Hu, CIO, charge his department with responding to these new challenges with the highest priority. With the emerging business model, information assurance takes on a more critical role in the company. There are more applications installed to support customer services, and there are greater volumes so data generated as these applications are used. Customer support is more critical. Access by club member is 24 x 7, and high reliability and quick response times are essential. Mr. Hu realizes that the club’s employees are the weakest link in securing the systems, applications, and networks. He is concerned that the employees will not understand their role in the information assurance plan. He asked you to formulation an information assurance awareness program to address this company weakness. Describe an information assurance program for Mr. Hu that will promotes employees understand their personal responsibilities and organizational policies. Include in program examples of information assurance risks attributed to club employees, the purpose of the program, guidelines to develop an effective program, and the type of education that you recommend.
With club member readily accessing AFF services, systems, applications, data, and networks, an access management framework is needed to prevent actions on IT assets by unauthorized individuals. To permit or deny access to an IT asset correctly, AFF must manage integration between identify management and access governance systems. Access to an IT asset should be granted for a specific need to fulfill a specific purpose and suspended once the need is no longer there. Consider your role as a consultant to Beverly Walden. Describe and assess the access management framework for AFF’s business model. In your assessment, please include the strengths and weaknesses of the framework.
In the middle of the night, Aspen Family Fitness suffered an incident which was discovered to be a distributed denial of service (DDoS) attack. From 4:30am, Ken Hu, CIO, was responsible for managing the response to the attack as well as coordinating with the company’s senior management. Incident handling is the first step in the actual recovery process. The activity is undertaken by the organization to manage the consequences of an incident to minimize both tangible and intangible damage. Incident handling is important because it provides the approach to respond quickly and efficiently to unexpected events such as a DDoS attack. In detail, describe the best practices that HU should incorporate into AFF incident-handling process in order to minimize the chances of mistakes being realized during an incident such as a DDoS.
When all else fails, an important option available for recovery may be to rely on backups. Unfortunately, organizations often have poor management of backups and restoration processes. Backup and restoration are important operational and data protection strategies. In detail, describe the best practices that an organization should use for backup implementation.