As information security continues to play important role in running a successful business, it is important for a commercial company to have a plan of action capable of protecting valuable information (Haase, 2002). That is in order to ensure continuous protection, it is essential to create and follow an Information Assurance Framework (IAF).
Information assurance architecture promotes practical solutions to effectively manage business risks. It implies identification, selection and arrangement of IA mechanisms and services in business needs. IAA consists of an IAA Framework, IAA Process, and a variety of supporting templates, tools and methodologies. A reference model provided by the IAA helps to consider security from many perspectives and in various contexts, while the IAA Process is a direction where the IAA Framework can be applied. IAA ensures a systematic approach to create effective plan for risk management that should be integrated with the enterprise. There is a variety of tools and methods to address security issues and they can be used separately or together depending on each individual situation (Willett, 2012). Hibbard (2009) argues that IA is a complex of measures and preventive actions aimed to defend and protect information as well as the information systems. It is critical to understand that business process and service, as well as technical infrastructure is incomplete until there are discussions about risk and how to mitigate it (McKee, 2012).

Root Cause Analysis Report on Client Database Failure

Have your dreamed that your academic life would be full of fun and emotions? You would not miss parties, datings and trips... Instead of writing, you would play video games and chill?

We have created this service for such students as you - who can write an assignment, but prefers to spent these unforgettable years in more pleasant way. We consider that being a student is the best period of YOUR life and we would help!

Fill in the order form (less than 5 minutes), provide your paper requirements and enjoy your life!

ORDER NOW!

Why Mid-Terms.com is your BEST choice in custom writing?

24/7 Customer Support

We have 24/7 customer support to help you. Feel free to drop us an email or contact via free Live Chat.

100% Confidentiality

We fully respect your integrity and all details will be kept wholly confidential throughout the process.

Plagiarism Free Papers

Our every paper is written from scratch. You would never meet the person with the same work.

Save lots of cash with us!

Placing an Order You Would Get Your Own Code

Submit an order to get your referral code. This code will be unique for you and can be shared with your friends.

Note, that this code would provide your friend with 17% exclusive discount!

Earning Money

You will earn money if your friend would make an order, using your referral code. You will get a partial percentage of amount on every successful assignment completion (10% from his/her orders).

Amazing Discount System

15% off for your first any order and lifetime discounts system!

On Tuesday morning, March 15th, 2016 at 10:13am a failure occurred Client Database (CD) program when managers launched it on one of the office computers. The senior sales manager, Janet Smith, noticed that the Client Database program was uploading slowly and informed the system administrator on duty, Jeremy Doe, about the incident. Mr. Doe immediately isolated the computer from the intranet and HME network. Afterwards he launched a backup antivirus program on the computer where the problem was and ran a general scanning. After the scanning program revealed a newly modified worm to be a reason of the DC slowdown, Mr. Doe informed the chief security manager of the failure. To ensure that the malicious program was not distributed via intranet from the damaged computer, system administrator launched the network antivirus scan of the sales managers’ office. Since it was a newly modified worm distributed via social media in private messages from hacked accounts, the antivirus software was not able to detect it and allowed it to enter the system.

Chronology of Events/Timeline

10:13 AM – Tuesday, March 15th 2016. Sales manager Janeth Smith reports a problem with the CD program, it is slow to upload.
10:15 AM – Tuesday, March 15th 2016. System administrator on duty, Jeremy Doe, immediately isolates the computer where the problem was reported from the intranet and HME network.
10:17 AM – Tuesday, March 15th 2016. System administrator Jeremy Doe runs an alternative antivirus program on the reported computer.
10:30 AM – Tuesday, March 15th 2016. The alternative antivirus program reveals a malicious program on the computer.
10:31 AM – Tuesday, March 15th 2016. System administrator Jeremy Doe informs the chief security manager of the NY office about the incident.
10:33 AM – Tuesday, March 15th 2016. System administrator Jeremy Doe launched the network antivirus scan of the sales managers’ office.
10:34 AM – Tuesday, March 15th 2016. Chief security manager Page Down arrives and verifies that all isolation sequences and data scanning procedures have been performed. She records the version of the system administrator Jeremy Doe and instructs him to finish the network scanning and report afterwards. She then reports the incident to the HME Project Manager.

Save up to 25%

Make your first order with 15% OFF (code: midterms15) and get 10% OFF MORE for ALL orders by receiving 300 words/page instead of 275 words/page

Investigative Team and Method

The investigative team for this RCA has been selected by the Vice President of Technology who oversees all research and development projects:
Page Down – Chief Security Manager and RCA Team Lead
Jeremy Doe – System Administrator
Lily Black – Quality Assurance Engineer
The investigative team will interview the participants of the event and employees working at the sales office where the problem occurred. The team will also analyze the data from the antivirus program log and communicate with the software provider to find out the reasons for the antivirus failure. The team will also use other techniques and tools based on the complexity of the data and event. After the root causes are identified and the corrective actions are determined, this RCA will be transferred to HME project team to allow them to use it in the project plan, take preventive action to avoid similar incidents in the future.

Findings and Root Cause

The investigation team of the CD failure event on March 15th, 2016, has determined several findings:

  • The malicious program that penetrated into the computer and was not detected by the existing antivirus was newly modified with no available treatment at the moment of the event.
  • The existing antivirus program failed to detect the malicious program, since its database was not timely upgraded.
  • The user of the computer who is a sales office employee, Janet Smith, used Facebook earlier in the morning of March 15, 2016 to communicate with the client. She received an instant Facebook message from her acquaintance with e suspicious link, but automatically hit enter to open it. It was the new virus that is distributed via social media, especially Facebook.
  • System administrator Jeremy Doe performed all shut down and data preservation procedures correctly and notified his supervisor within an appropriate amount of time.
  • The fact that the network of each section of the HME is isolated and has separate firewalls prevented the malicious software enter other computers. The damage was done to one computer only.

Based on the above findings the RCA team has determined the root cause for the Client Database failure. The primary one was the lack of safety awareness, when the computer user hit ENTER on the link with a virus.

Corrective Action

The following corrective actions were determined based on the findings of the CD failure on March 15th, 2016. The RCA team has determined the following corrective action to prevent a repeat of this incident:
The level of safety awareness should be significantly controlled among the personnel of HME. RCA team proposes that safety guidelines should be upgraded and distributed within all the employers. Special training security programs should be developed and introduced in the company, indicating them as obligatory. To ensure software non-failure, the RCA team proposes that two antivirus programs should be operating on the computers of the company in order to prevent entering incorrect. The expected result of this corrective action is the elimination of human error associated with future trial cables runs.

IAA Framework

Have your dreamed that your academic life would be full of fun and emotions? You would not miss parties, datings and trips... Instead of writing, you would play video games and chill?

We have created this service for such students as you - who can write an assignment, but prefers to spent these unforgettable years in more pleasant way. We consider that being a student is the best period of YOUR life and we would help!

Fill in the order form (less than 5 minutes), provide your paper requirements and enjoy your life!

ORDER NOW!

Why Mid-Terms.com is your BEST choice in custom writing?

24/7 Customer Support

We have 24/7 customer support to help you. Feel free to drop us an email or contact via free Live Chat.

100% Confidentiality

We fully respect your integrity and all details will be kept wholly confidential throughout the process.

Plagiarism Free Papers

Our every paper is written from scratch. You would never meet the person with the same work.

Save lots of cash with us!

Placing an Order You Would Get Your Own Code

Submit an order to get your referral code. This code will be unique for you and can be shared with your friends.

Note, that this code would provide your friend with 17% exclusive discount!

Earning Money

You will earn money if your friend would make an order, using your referral code. You will get a partial percentage of amount on every successful assignment completion (10% from his/her orders).

Amazing Discount System

15% off for your first any order and lifetime discounts system!

When building IA framework and process, the risks will be thoroughly identified, enumerated and listed in order to be successfully mitigated (Bernus et al, 2006). Being a basic conceptual structure, a framework helps to describe a subject by means of a predefined set of descriptive concept and terms. The IAA Framework is the basic conceptual structure for defining and describing information assurance architecture (Willett, 2012). Since HME operates in the sphere of the engineering, its chief aspects of IA will be defined as information security to provide business continuity. The IA Framework for the HME will be built on nine core IA principles and will be maintained by a specific IAA Process. People, policy and software (systems and applications) will be used as the pillars of IAA Framework for HME.

IAA Views

Architectural view is a perspective on the architecture that isolates and focuses attention on a specific class of concerns. According to the IAA Framework, there are six architectural views: policy, people, information/data, business process, and infrastructure (Willett, 2012). Aiming to build an effective IA for HME requiring “integration from Inception”, the IA View will concentrate on the most critical aspect of a successful security program: people. The IAA people view concerns both groups of people and individuals. The people view is the key to the framework. The personnel of the HME must be aware of and actively involved in IA from inception through implementation, operations, and maintenance to ensure awareness and understanding. The IAA Framework policy view is related to risks within business and maintains policies to guide IA decisions and activities in the company. Policies are guidelines for desired and appropriate behavior. In terms of policy view of the HME IAA Framework, the security guidelines are under the scope. Business process view addresses the continuity of the workflow (Cherdantseva and Hilton, 2013). In terms of HME IAA Framework, this view is taken into account, since the planned activities are time-consuming and can interrupt the workflow.

IAA View Core Principles

Due to IA core principles it is possible to define the main goals of information assurance, since it is easy to identify vulnerabilities and produce safeguarding for managing risks that may arise during the business processes (Pulkkinen, 2006). In the course of the HME case, awareness is one of the main objectives. It ensures that information is effectively distributed among the personnel. Since the HME is an international, multicultural company with for white-collar and blue-collar personnel, it is essential to establish a clear understanding of security guidelines. Integrity ensures that information remains in its original form (Hamilton, 2006). Since the Security Guidelines for HME, and the process of slight environmental adjustment by senior managers (SM) in other offices will be under strict control of the chief SM, such important IAA principle as integrity will be preserved. Availability means that information, in the case of HME, Security Guidelines technology, is ready for use. Security Guidelines that are to be developed within the IAA Framework for HME will be ready for use and authentic due to the clear and controlled method of maintenance and safe distribution of the information between the offices of HME, and thus following the IA core principles such as availability and authenticity. Utility is pursued by means of continuity of use of SG that will be upgraded and re-distributed in the company’s personnel. The employees will access the SG and the tests via protected connections on their working computers only, for anyone else the access will be denied, pursuing the possession principle of the IAA Framework. Being a critical IA element (Smith and Randolph, 2015) privacy management will be strictly followed while application of the SG campaign at HME. The tests of the SG will only enquire person’s Name and office location only. Confidentiality will be also preserved, since all the test results will be disclosed only to the authorized senior personnel in charge of the SG campaign implementation and control. Moreover, authorized use is provided by means of safeguard access to the SG documents. It is important to the HME IAA Framework to follow the nonrepudiation principle, since the information is carried out via the online transactions that should be secure.

Our Advantages

  • English-speaking writers
  • Affordable prices
  • Custom writing on any subject
  • Up-to-date sources only
  • Complete confidentiality
  • BA, MA and PhD writers
  • 300 words/page
  • Prices start from $10.19
  • Only original papers

IAA View Organizational Context Framework

When the IAA Process and IAA Framework are applied, the IA should be considered IA from the organizational views as well (Evernden R & E, 2003). In the Organizational Context Framework for HME the following layers are involved: governance, management, builders and operations. Security policy will capture the governance layer at the point of approving the suggested Security Guidelines by the builder layer. The management layers will imply budgets and timelines that implementation of SG and training will require. Since system administrators are involved in the IAA Framework, operations layer is important at the IA planning. In such a way, all the organizational context layers such as governance, management, builders and operations are involved into the IAA Framework for HME.

IAA Process and Risks

The IAA Process is a prescribed manner that, when applied upward to the architectural level, will help to develop an IA architecture or integrate IA into an enterprise architecture (Willett, 2012). In case of HME, IAA Process is a series of processes to be applied in order to receive a to-be option. The intent of the IA Process for HME is to upgrade the personnel security awareness based on recent RCA report as well as driven by the fact that 10 000 new employees have been recently hired and require immediate training. The current business environment of HME and security measures needs to be updated in the aspect of human recourse management. The HME “To-be” is to strengthen security information by means of training personnel. The intent of IA architecture for HME in this case is to make the employees more qualified in terms of security measures. As for the environment, HME is an international business based in New York with offices and production facilities outside the country. The scope of the IA2 implies the following: there are 60 000 employees of the HME all over the world, including 25 000 of office personnel and 35 000 of manufacture personnel, 10 000 of which are new. As for the outputs, it is necessary to produce proper security guidelines, training instructions, time schedule for annual knowledge upgrade and tests, as well as the digital tests themselves.
HME existing well-built personnel hierarchy provides successful implementation of the IAA Framework plan. The Chief security manager in NY office will be in charge of the training campaign. Two security managers in Germany (1 per each office) and three security managers in China will be trained and empowered to deliver further knowledge to their employees. Therefore, after the security guidelines are formed and established in the main office, they will be delivered to security managers (SM) in each office. In order to save costs, the trainings for the SM’s will be carried out online via Skype conversations. Afterwards the SM’s will take corresponding knowledge tests. They will be empowered to adjust the security guidelines to their local environment, approve the adjusted versions with the Chief security manager and then organize trainings for personnel in each division of the company following the recommendations of the main office.
During the implementation of the IA Framework there is a possibility of risks. In order to identify, enumerate and address those risks, the IAA Framework will be based a number of views. In the view of environment, the plan should be comfortable for the personnel, people should be eager to enroll into the training program without significant time expenditures. In terms of business environment, since the training process if time consuming, it should be arranged in a way not interrupting the workflow such as production and management processes, but to fluently integrate into the process. As for the policy view, a complete, clear and correspondent Security Guidelines should be created in electronic and hard copies and available for every employee at the facility at any time. Taking into consideration stated above, the following risks can be identified based on the various IAA views: personnel can feel content about having to spend more time at work for trainings and tests, interruption of workflow, ineffective testing. Taking into account the risks stated above, the following risk mitigation methods are suggested: encouragement of people to visit the trainings and be successful in them, equal distribution of time of the trainings, knowledge control.

How it works:

Step 1:
Submit the Order Form

Step 2:
Proceed With Payment

Step 3:
Enjoy Your Completed Paper

IA Quantification Process

Heavy Metal Engineering, Inc. is subject to introduction of the new Security Guidelines. This decision is based on two milestones: 1. Hiring of 10 000 of new employees 2. Results of the RCA about the incident on March 15th, 2016 that was caused by personnel unawareness about the security measures in term of private usage of the work computers. How to avoid accidental security violations by HME personnel and ensure that the personnel has security awareness? Heavy Metal Engineering, Inc. intends to have Security Awareness level at 95% of the population of the company. Understanding of Security guidelines is an additional objective. There is a population of 60 000 people distributed in 5 sites which are located on various continents (American, Asian and European). 80% of the personnel have computer access on a regular basis, thus awareness can be distributed via e-mails, online training, audio and video training. In order for the suggested SG campaign to be effective, at least three opportunities should be provided to see and hear the message within a 12 months timeframe. Given, there are 60,000 people to track and global measures of the company, live training is cost and time prohibitive. All employees have an e-mail address and use it on a regular basis, moreover, they have corporate intranet accounts for daily use. The awareness and training campaign to deliver the new Security Guidelines to employees at all the company locations is sending out e-mail with training materials, then send the tests to complete. This campaign will take place within the next 12 months with knowledge check in every 6 months.
Conclusion
To effectively manage business risks, the information assurance architecture is required to effectively function within an enterprise. Practical solutions for businesses are promoted by means of creation of the IAA Frameworks in the result of IAA Processes coherent to all nine core IA principles. It is important to focus on such milestone as people, so a personnel oriented approach will be pursued while building the IAA Framework for HME. Of course, the problem is to be considered in a row of other IA views such as policy and business process. In terms of IAA View Organizational Context Framework, we address organizational layers as governance, management, builders and operations. There three risks and their management methods to provide the IAA Framework for HME be successful.