This essay has been submitted by a student. This is not an example of the work written by professional essay writers.
Certification

Security Risk Mitigation Plan for the CIA

This essay is written by:

Louis PHD Verified writer

Finished papers: 5822

4.75

Proficient in:

Psychology, English, Economics, Sociology, Management, and Nursing

You can get writing help to write an essay on these topics
100% plagiarism-free

Hire This Writer

Security Risk Mitigation Plan for the CIA

Introduction

The CIA is faced with quite a number of threats in the process of offering human intelligence to the US federal government. The most outstanding one being a cybersecurity risk. The data collected and stored by the agency is a point of interest to many entities. Therefore, this calls for an effective risk mitigation plan. A risk mitigation plan guarantees help during an incident, but most importantly, the policies making up the plan guides the daily organization activities, helping prevent possible exposure to attacks. The most likely risks hanging over the CIA include; Non-target specific agents e.g., worms, viruses and Trojan horses, cyber terrorism, malware, form jacking, and phishing attacks.

The CIA security policy and control pan

            For a successful security risk mitigation plan, the CIA needs to have some organizational security policies in place, that includes; an access control plan, awareness training policy, an organizational audit and accountability plan, a certification accreditation and security assertion policy and incident response plan in place (Lebanidze 2011). The access control plan limits access to access to CIA critical information. This plan puts boundaries to access to data, whereby only authorized personnel or device working on behalf of them is granted access to the system. The plan applies to both people and devices. The access control plan is implemented through password creation procedures like the use of public key infrastructure, PKI, to generate passwords that are only shared among trusted individuals or devices. The other security plan is the creation of awareness and training; the CIA administration is enlightened about possible existing security risks that come as a result of the organization’s daily activities. The risk mitigation panel also makes them aware of the cybersecurity laws and policies in place that help prevent any breach. The administration’s responsibility in the plan requires them to pass down the key information to the rest of the CIA junior employees to guide their daily conduct on and off work. The employees are trained to ensure that they conduct their information-related activities in a responsible manner to lower the vulnerability levels. Under the audit and accountability policy, the Central Intelligence Agency creates a channel that enables the organization to be able to create, safeguard, and also retain the organization’s information system audit obligations. The system allows for traceable activities which enable the users to be held accountable for their conduct.

To ensure proper authentication strategy, the identification and authentication plan puts user identity measures into place. Whether it is the primary user, an individual or device acting on their behalf, the system in place must identify and verify the procedure before allowing them to access the intended data. This ensures that accessed data is used for the planned purpose. Another crucial organ of the plan is the certification, accreditation, and security assertion policy. This procedure mandates the CIA to be able to evaluate the security controls within their information system, which aids in telling about the effectiveness of the security system in place. In case of any vulnerabilities, they are fixed to prevent any outside attack or unwarranted access capitalizing on the system deficiencies. The plan facilitates monitoring to be able to realize an effective security plan. In the case of an occasion, the incident response policy by the CIA establishes operational incident handling capacity as far as the organization’s information is concerned; this is achieved through thorough preparation. This gives the team a capacity to be able to detect any breach and layout recovery plans, the process is able to be tracked and the concerned parties recorded.

Risk mitigation practices

            Risk mitigation involves the actions the organization will take to be able to cut down the severity of a security risk occurrence, through a systematic reduction in the extent to which the organization is exposed to that particular risk plus the likelihood of its occurrence (Ahmed 2017). Possible risk mitigation practices in the case of a security risk occurrence include; risk transfer, risk avoidance, risk control, and risk acceptance (Ahmed 2017).

Risk transfer; This risk management approach involves the organization in context assigning a risk factor to the entity with the potential to handle it. For instance, in the case of outdated software and hardware, the CIA executives are mandated to assign the task to the tech team to sort out the issue by recommending an update of the appropriate software and replacement of the hardware.

Risk avoidance; Risk avoidance entails reconfiguring an organizational activity, which results in the disappearance of the risk. The Central Intelligence Agency has to ensure that their devices have antiviruses installed to prevent attack by any malicious programs that might alter the normal system functioning.

Risk controlling/mitigation; The risk management procedure in question involves the organization dodging the existing risk by varying confines of their normal activities, which helps cushion the extent of a risk impact. The CIA can choose a 90-day interval data backup program, which ensures that the data is backed up in the system and is able to be retrieved anytime. The procedure controls the level of damage such a breach can cause to the organization’s data.

Risk acceptance; In the case where the risks available can not be transferred, avoided, or controlled, the organization in question has to accept the risk. The organization accepts the existence of that risk and has to device means to work with that reality. The CIA database is always a target for hackers, but that’s a risk the organization has accepted, and that doesn’t mean they should cease operations.

Conclusion

Since the CIA is a hot spot target for most cybersecurity attacks, it calls for a collaborative effort from both the executives and the employees to be able to ensure the organization’s data safety.

 

 

References

Ahmed, R. (2017). Risk Mitigation Strategies in Innovative Projects. Key Issues for Management of Innovative Projects, Chp;5

Lebanese, E. (2011). Guide to Developing a Cyber Security and Risk Mitigation Plan. NRECA / The National Rural Electric Cooperative Association’s Cooperative Research Network Smart Grid Demonstration Project

 

  Remember! This is just a sample.

Save time and get your custom paper from our expert writers

 Get started in just 3 minutes
 Sit back relax and leave the writing to us
 Sources and citations are provided
 100% Plagiarism free
error: Content is protected !!
×
Hi, my name is Jenn 👋

In case you can’t find a sample example, our professional writers are ready to help you with writing your own paper. All you need to do is fill out a short form and submit an order

Check Out the Form
Need Help?
Dont be shy to ask