Assignment Task:
Prior to or when security measures fail, it is essential to have several response strategies in place.
Write a prevention and response plan that addresses the following:
1. Auditors certify (accredit) an organization's compliance. Often organizations will negotiate with the auditor for more favorable findings or to accept mitigating controls. Identify how negotiations with accreditors on compliance should be dealt with and provide an example.
2. Describe appropriate response strategies that can be put into action (i.e., breach notification policies).
3. Explain employee training recommendations for creating awareness of the organization's security measurements.
4. Define how to obtain feedback on the effectiveness of security policies from stakeholders and provide an example.
5. Describe how to identify new threats, vulnerabilities, and risk management (including backups and recovery), or any countermeasures that may not have been accounted for when the initial security measures were first implemented.
6. Identify mechanisms to adapt to threat intelligence, which identifies new and overlooked vulnerabilities, threats, and countermeasures. Explain how this would be reported and communicated.
7. Explain how operational managers, stakeholders, and/or individuals affected by new threat intelligence will be notified and provide examples for each notification method.
8. Identify organization management techniques to respond quickly to new challenges.
9. Define and apply the NIST cybersecurity Framework functional areas, implementation tiers, and profiles.
10. Describe how to develop a business continuity plan to prevent and recover from failures in the system.
Please provide references