Assignment

Q. Find out the top governing strategies used to protect the information in the
organization and how the success of the strategies is measured. You need to find
out 2 strategies.
Ans. Securing information within an organization is essential to uphold
confidentiality, integrity, and availability. Two prominent governance strategies
in the realm of information security are:
Access Control and Authentication:
Description: Access control and authentication constitute foundational
approaches aimed at permitting exclusively authorized individuals or systems to
access sensitive information within an organization. Access control mechanisms
encompass user authentication methods such as passwords, biometrics, and
multi-factor authentication, along with role-based access control (RBAC) and
discretionary access control (DAC).
Implementation: Organizations can execute access control through the
deployment of identity and access management (IAM) systems, directory
services, and controls at the network level. This entails the definition of access
privileges, specifying who can access particular resources and under what
specific circumstances.
Success Measurement: The efficacy of this strategy is typically gauged
through diverse metrics, which encompass:
 Access Logs: Thoroughly monitoring and scrutinizing access logs to
detect any unauthorized access attempts or suspicious activities.
 Compliance: Ensuring that access control policies adhere to relevant
regulatory requirements and industry standards.
 Incident Response: Evaluating the strategy's effectiveness by assessing
its capability to prevent or mitigate security incidents linked to
unauthorized access.
Data Encryption:

Description: Data encryption involves the process of transforming sensitive

data into an encoded format to shield it from unauthorized access, even in cases
of data interception. Encryption serves to guarantee the confidentiality and
integrity of data.
Implementation: Organizations can institute data encryption in three key areas:
data at rest (i.e., data stored on devices or servers), data in transit (i.e., data
transmitted over networks), and data in use (i.e., data processed by
applications). This encompasses the utilization of encryption algorithms and the
implementation of robust key management systems.

Success Measurement: The effectiveness of data encryption can be assessed

through several critical metrics, including:
 Encryption Coverage: Evaluating the percentage of sensitive data that is
encrypted across various states (at rest, in transit, in use).
 Key Management: Ensuring the secure storage and effective
management of encryption keys, which involves routine key rotation and
monitoring.
 Data Breach Impact: Analyzing the impact of data breaches by
assessing the preservation of data encryption, a factor that can
substantially mitigate the consequences of a breach.