Information Security Management Essay Example | Topics and Well Written Essays - 1250 words

Information Security Management - Essay Example The fourth step is associated with creating contingency strategies. In the fifth step, information technology contingency plan is developed. The sixth step involves training, testing, and exercise. A maintenance plan document is developed, in the seventh step. The recommended standard approach to the process is to combine the both system development and life cycle (SDLC) risk management contemplation for the process of contingency planning. 2 Incident Response Planning Steps The incident response planning is associated with detailed set of processes and procedures which mitigate, detect and foresee the scope of an unexpected event directly impacting on information resources and assets. Incident Detection Identifying the incident to determine whether the incident has occurred due to routine operations or it is the occurrence of an actual incident. The identification of incidents, also known as incident classification, is related to analyze the originality of an actual incident. Howeve r, reports from system administrators, including intrusion detection systems, anti-virus software may facilitate to incident classification. Incident Response After the identification of actual incident, the incident response personnel follow with a responsive approach. Likewise, the responsive approach includes informing to key personnel, allocating tasks and documenting the incident. Incident Escalation If the incident response team cannot contain the incident, the impact of the incident is significantly out of reach. Prioritizing business processes as per business impact is essential. For instance, (fraud risk management server) in a bank stops responding, the business impact will be ‘most critical’. Incident Recovery After the containment of the incident, the process of incident recovery initializes. The incident response team must comply with â€Å"What to do to recover from the incident†. The team must restore services, backup data, continuously monitor the effected system etc. 3 Criteria for Law Enforcement Agencies The law enforcements agencies should be involved if any incident violates civil and criminal law. It is the sole responsibility of the organization to inform law enforcement agencies. However, the involvement of ‘what type of enforcement agencies’ relates to the type of crime conducted. 4 Why businesses Continuity Plans are tested and rehearsed? Plans are tested and rehearsed to ensure that the ongoing projects meet the changing needs of the organization. Secondly, the plans are also tested and rehearsed to ensure that the capacity of organization is compliant with all the applicable regulations. 5 Summary for Special Publication (SP) 800-34 Contingency Planning Guide For federal information system contingency planning, this publication provides recommendations, instructions, and considerations. Contingency planning is associated with the intermediate control measures for incidents related to information syst em services, which may occur due to interruption. The intermediate controls consist of recovery of information systems function by utilizing equipments exchange, performance of information systems, and relocation of information systems. This guide addresses contingency planning to three platforms. The platforms are Client / Server Architecture, mainframe systems and Telecommunication systems. Moreover, the guide provides seven progressive steps for contingency planning process. The 7 steps are: Contingency plann

Reflection paper - Characteristics & Support of Effective Coaching & Essay

Reflection paper - Characteristics & Support of Effective Coaching & Mentoring - Essay Example First, the team members expect that the coach should be objective and have positive criticism. This expectation requires that their coach is able to give constructive criticism to the members regarding their performance during the training, as well as being able to point out and acknowledge the positive aspects of the trainees (Knight, 2008). This is vital, since it enables the team members to know the truth regarding their performance, in terms of where they are doing well, and where they need changes and improvements, without frustrating or even killing their morale. The other expectation that the participants have regarding their coach’s characteristic is that; the coach should be readily available. This means that the coaches should avail themselves whenever the team members need them, or be available to the team members, whenever they make appointments with them. For the coaching to be effective, the relationship between the coaches and their team members who they are tra ining should be that of partners (Knight, 2002). This is because, individuals feel valued and appreciated, whenever they treated as equals, as opposed to being treated as subordinates, or even being dominated over by others, regardless of their position in the chain of command. Thus, to make the coaching more effective, the trainees require to have the freedom to make choices regarding certain aspects of the coaching, and requires the coach to honor their choices, being a partner to the coaching exercise (Knight, 2008). This way, the members of the team being coached requires the coach to be available when they need him, or whenever they make an appointment with the coach. This is also aligned with the principle of punctuality as one of the expectations that the participants would expect their coach to have. The participants in the coaching sessions expect that the coach will be available in good time, when they set such time. The availability and the punctuality of the coach are th e two characteristics that are fundamental for effective coaching, since they go a long way in enhancing the trust that the team members will have on their coach (Knight, 2008). The other important expectation that the participants have regarding the characteristics of the coach is that; the coach should be knowledgeable in the subject matter. There is nothing that commands respect and trust more, than an individuals’ competency and demonstrated knowledge and ability in the field of specialization of the individuals. Thus it is through being highly knowledgeable in the subject matter, that a coach is able to win the trust of the participants, since they have the comfort that they are gaining the best (Lipton & Wellman, n.d.). This motivates the individuals to be even more enthusiastic and committed to learning, considering that they have the belief that they are achieving the best. However, the most significant expectation of the participants regarding the characteristics of the coach is that the coach will have good listening skills, and thus be able to give them positive emotional support. Listening skills are vital for coaching, considering that they enable the coach to learn the team members, including their strengths and weaknesses, and thus enable the coach