SECURITY ARCHITECTURE AND DESIGN 5
Running Head: SECURITY ARCHITECTURE AND DESIGN 1
Security Architecture and Design
Bhavya Pulukuri
University of the Cumberlands
Dr. Charles DeSassure
01/28/2022
Security Architecture
The NIST framework refers to the set of guidelines applied by private organizations to guide them in laying down the relevant measures to play an integral role in detecting, determining, and responding to cyber-attacks. The objectives of this framework are to adequately respond to the absence of standards in the face of security. It comprises numerous steps, including needs identification, assigning the spending on risk, portfolio designing, selecting the right product, and executing the rebalancing as desired. This framework will be effective in assessing and verifying the system as secure, thus increasing the confidence of the company to connect to the company’s primary database without the fear that their data will be compromised.
NIST Framework that will be followed by Herb life Inc.
According to the NIST framework, the first step that Herb life Inc. will commit is to look beyond their border of defense and identify the types of attacks that the company is prone to experience. In this case, identifying the organization’s assets and requirements that are at significant threat of experiencing cyber security will be the first thing the company needs to look into (Schoenfield, 2015). Herb life Inc. will require thorough vetting of how their consumers are using and accessing the company database and the system to determine what is differentiating their security necessities from other organizations operating in different industries. In such a scenario, Herb life Corporation has the most valuable database. Therefore, they should prioritize every opportunity to ensure that the company will be safeguarded and protected from any damage.
The second step is to assign the spending risk by laying down measures to guide the company in allocating its technological, financial, and human resources wisely to avoid budget overruns. The organization will list the threats that are likely to go unnoticed by their security system and channel vital resources in detection, response, and data recovery (Krumay et al., 2018). Here, the organization should approach this issue assuming that the data system has been breached. They should think about what they can do to prevent such a scenario from occurring and implement strategies that will aid them to recover to where they were or generally reduce the impacts. Here, Herb life needs to gather the tools that will enable the company to keep track of such issues. The tools that the company will implement should be straightforward such that they will be able to identify intrusion and fix them as soon as possible regardless of the system they are occurring in.
The third step is the initial design of the portfolio. In this step, Herb life needs the company’s capability to shield itself from attacks based on the threats identified in the step above. The company will also need to establish a more balanced security investment portfolio that will be most effective. This will ensure that the company will see that all of their goals and objectives to have a secured sharing platform with the mother company will be possible. The fourth step is selecting a suitable product to facilitate the essential capabilities for choosing a convenient location to manage their data exchange (Carter et al., 2021). For example, Herb life will need to explore how they can identify, examine and respond to future threats they might encounter when sharing data on a particular product with the mother company. They will need to learn and understand the different attributes of their products to understand the kind of protection and visibility the company needs in identifying hidden threats and understand the type of risk by centralizing their information security and auditing the information.
The last step will be to rebalance the company by realigning the weights of their portfolio assets. In this case, the company will conduct numerous activities such as asset procurement or periodical selling of existing investments in their portfolio to maintain the desired or initial level of asset allocation or the impending risk.
As a concluding remark, the NIST framework will be suitable in this case because it is a thorough process that is helpful in the verification of a security system to ensure that the company will avoid complications associated with cybercrime risks in the future.
References
Carter, T., Kroll, J. A., & Michael, J. B. (2021). Lessons learned from applying the NIST privacy framework. IT Professional, 23(4), 9-13.
Krumay, B., Bernroider, E. W., & Walser, R. (2018, November). Evaluation of cybersecurity management controls and metrics of critical infrastructures: a literature review considering the NIST Cybersecurity Framework. In Nordic Conference on Secure IT Systems (pp. 369-384). Springer, Cham.
Schoenfield, B. S. (2015). Securing systems: Applied security architecture and threat models. CRC Press.