13 Aug Red Clay Renovations is a company that is well-known for its work in renovating different residential house (King, 2018). In order to support this continued excellence in renovation, Red Clay must implement a multi-
Red Clay Renovations is a company that is well-known for its work in renovating different residential house (King, 2018). In order to support this continued excellence in renovation, Red Clay must implement a multi-tiered plan in order to address cybersecurity threats.
Formulating a Plan
Red Clay Renovations’ multi-tiered plan includes several segments, the first of which necessitates financial investment. Following this investment, Red Clay must also utilize a strategy in order to minimize exposure to cyber-threats. Following the selection of a strategy, Red Clay then must implement this strategy in order to best mitigate any cybersecurity threats or concerns.
Financial Investment: 5 Risks that Must be Mitigated
There are several risks that have been identified as belonging to Red Clay Renovations, which requires financial investment in order to properly address. These five risks include not having a life-cycle replacement program, utilizing different-branded equipment, having access control for Web-based interfaces solely through single-factor authentication, and an unused Security Education, Training, and Awareness program.
Not having a life-cycle replacement program is a major concern that requires significant process investment in order to address this large risk. By not having a program to life-cycle, “upgrade, or implement any IT systems”, Red Clay Renovations is opening their organization to ad-hoc risk, confusion, and chaos when systems begin to become obsolete (King, 2018). Therefore, process investments are required in order to implement a program to life-cycle systems as they reach the end of their useful life-cycle.
Utilizing different equipment brands and not having proper standardization is a risk that must be addressed utilizing process investments. By not having a specific brand of “smart” home devices or controllers, the information technology department then must be able to address all sorts of different devices and brands, as opposed to properly streamlined procedures for a singular, or a handful of brands that Red Clay would mandate to be used. This would involve process investments to help streamline such an initiative within the company.
Access control for Web-based interfaces being limited to password-protected logins is another risk that must be addressed by Red Clay Renovations (King, 2018). Utilizing this form of single-factor authentication opens Red Clay Renovations to immense risk from hackers, who could potentially use thee access points to access Red Clay’s RFID system and “smart” device controls through a simple device such as a remote keylogger or a password cracker. This would require additional technological and process investments in order to implement a system of two-factor authentication within the company.
Red Clay Renovations’ Security Education, Training, and Awareness (SETA) program requires significant financial investment. As indicated by the Chief Information Officer, the Chief Information Security Officer is working with the IT Governance Board in order to restart this specific program (King, 2018). As a result, this program would most likely have an extremely limited amount of process investment. Therefore, as part of a new employee’s onboarding procedure, Red Clay Renovations should make it mandatory that said employee takes such SETA training.
Strengthening Red Clay Renovations’ “Bring Your Own Device” policy is also another risk that must be mitigated. Currently, contract employees are not allowed to bring their own devices to work at Red Clay Renovations (King, 2018). However, this must cause problems for said contract employees, who most likely risk termination in order to maintain communications with the outside world. By strengthening this specific policy through the committing of additional people investment in order to monitor devices under the BYOD policy, then Red Clay would encourage and raise employee morale at the organization.
Strategy
Red Clay Renovations must implement the framework of minimizing exposure in order to reduce the costs associated with responding to cyberattacks (Davis et. al., 2016). This strategy includes minimizing attack surfaces, which helps reduce the amount of attackable area for Red Clay Renovations’ IT framework. This can include a reduction of software attack surfaces, network attack surfaces, and human attack surfaces (Kassner, 2018). One way to minimize these surfaces is through reducing the number of network machines, which is an example of reducing a company’s network attack surface (Davis et. al., 2016). Other tactics include reducing the number of network access points on networked machines, and minimizing the amount of sensitive data on networked machines (Davis et. al. 2016). This strategy would be most helpful in order to reduce the costs associated with responding to cyberattacks, helping to maintain a healthy and sustainable information technology budget.
Implementation
This type of strategy in minimizing exposure can be implemented through a multi-step process (Swanson, 2006). When employees first receive hiring instructions, they must be made to take a training that makes them aware of the company’s various employee policies, to include Red Clay Renovations’ Acceptable Use Policy, the Bring Your Own Device Policy, as well as any other type of cybersecurity awareness training. Employees must also be made to take the Security Education, Training, and Awareness program on a bi-yearly basis, ensuring a constant refresher of current cyberattacks in order to make employees aware of any developments in threats in the IT world. Lastly, legacy employee devices must be standardized among one standard brand, and a life-cycle program must be put into place, to ensure that devices near their end-of-life are properly replaced without any type of ad-hoc repercussions. .
References
Davis, J. et. al (2016). A Framework for Programming and Budgeting for Cybersecurity. RAND. Santa Monica.
Kassner, M. (2018). 3 ways to minimize cyberattack threats by reducing attack surfaces. Retrieved from https://www.techrepublic.com/article/3-ways-to-min…
King, V. J (2018). Red Clay Renovations Company Profile. Retrieved from https://learn.umuc.edu/d2l/le/content/349440/viewC…
Swanson, M., Hash, J., & Bowen, P. (2006). Guide for developing security plans for federal information systems (NIST SP 800-18, Rev 1). Retrieved from http://csrc.nist.gov/publications/nistpubs/800-18-…
Our website has a team of professional writers who can help you write any of your homework. They will write your papers from scratch. We also have a team of editors just to make sure all papers are of HIGH QUALITY & PLAGIARISM FREE. To make an Order you only need to click Ask A Question and we will direct you to our Order Page at WriteDemy. Then fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.
Fill in all the assignment paper details that are required in the order form with the standard information being the page count, deadline, academic level and type of paper. It is advisable to have this information at hand so that you can quickly fill in the necessary information needed in the form for the essay writer to be immediately assigned to your writing project. Make payment for the custom essay order to enable us to assign a suitable writer to your order. Payments are made through Paypal on a secured billing page. Finally, sit back and relax.