Paper Example on on Protecting Critical Infrastructure: A National Priority

Introduction

Critical infrastructures can be defined as networks, IT equipment', physical assets, information or data, and systems that are considered sensitive and significant to the United States, and if they are accessed by the wrong people or destroyed could cause great impacts or weaken the state's financial, or physical security, safety, public wellbeing, and the effective functioning of the state Administrations or institutions (Yan & IGI Global, 2010). Therefore, the mission of the critical infrastructure is to strengthen the entire American and United States society. However, in the recent years, it has become very challenging for the state to protect its critical infrastructures from cybercriminals and attacks due to the developing and advancing of technologies, lack of qualified personnel's to work in the cybersecurity field and the evolving cyberattacks. If the government's sensitive data is hacked, the information can be used to take down the Americans system or take over some functions of the United States, which can result in significant problems that would affect the people's lives and the American society.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

Recommendations

For the United States government at all levels to help prevent cyber threats, they should take all measures to harden its systems and implement security actions or policies that can be used to protect its systems from being hacked or accessed by people with wrong intentions that can cause harm to the American people. Therefore, the United States government should put up strong tools, policies, and features in their system that can help prevent cybersecurity and to alleviate the perceived cyber risks and vulnerabilities facing the critical infrastructure. The government should also employ professions, improve their security technologies in the systems and hire best practices to help prevent data breaching and reduce the dangers that the critical infrastructures systems may be facing.

The Tiers of Risk Management

Different organizations have various approaches in which they provide risk management strategies within the organization. Organizations use different methods to identify and review the possible risks that they are likely to experience, which help them to identify and plan for the steps to take to protect the people concerned or involved and the organization at large. Therefore, risk management is an activity that involves the integrated into every aspect of the organization which are; the organization level, the information system level, and mission and business process level (Durst & Henschel, 2020). Therefore, there are three tiers of risk management since one person cannot be able to prevent and control the risks for the entire organization, and the overall risk management process influences and affect different part of the business.

Tier 1: The Organization or Governance Level

The risk management in this level focuses on the overall functioning and operations of the business. In this strategy, the management can identify how the entire business functions or works. Therefore, this tear addresses risks from a general organization perspective.

Tier 2: Mission or Business Process Level

In this strategy, the organization is focused on the specific function within the business or business process, practice, unit or area which is mainly guided by the risk management in tear 1

Tier 3: Information Systems or Environment of Operations

This level of risk management is concerned on all the information systems of the organization and individual systems that may be found within the business, which is greatly impacted by tier 1 and 2.

The Risk Management Process

For an organization or business to run smoothly and effectively, the management must be able to put into action a systematic risk management process (Shoemaker & Sigler, 2014). The risk management process involves the following;

Identify the Risk

The management should be able to identify and describe risks that might affect the business or projects outcomes

Analyze the risk

Once the risks are identified, the management should be able to determine and understand the nature and consequences of each risk and how each risk can affect the objectives and goals of the organization or project.

Evaluate the Risk

After identifying and analyzing the risks, the management and the team should be able to evaluate the risks based on its magnitude and effects on the project.

Mitigate or Deal with the Risk

One the management has discovered, analyzed, evaluate the risks they should come up with the methods or ways to deal with each risk and its consequences.

Monitor and Review the risk

After the entire process of identifying, analyzing, evaluating, and deal with each risk, the management should be able to monitor the risks and review the consequences and effects of e risks and ensure that the does not happen in the future if the risk can cause harm to the organization.

Ways to Respond to Risk

The response to different risks depends on the type of risk, impacts of the risks to the business, and the organization's attitude to the risk (Shoemaker & Sigler, 2014). In today's developing world, most businesses and companies are experiencing a different kind of threats, particularly in the IT and information management as the operations and digitization continue to grow. Organizations are vulnerable to risks such as cybersecurity which involves data leakage, data theft, system hacking and denial of services, and corporate sabotage. However, there are different ways that organizations can use to respond to such risks which include;

Accepting the Risk

An organization or a business may accept the risk if it does not harm the business and the cost of eliminating it is too high.

Transfer the Risk

A business or an organization may decide to transfer the risk through the insurance if they are not able to manage it.

Reduce the Risk

The management can help reduce the risks by implementing a safety measure to prevent the risks

Eliminate the Risk

Finally, a business or an organization may decide to eliminate risk if it can cause harm to the business by changing their operations.

The Federal Information Security Management Act (FISMA)

FISMA is legislation passed in the United States, in 2002, to help prevent, reduce, and protect the federal government information or data, assets, and operations from security risks (Gantz & Philpott, 2013). The act established a set of security and guidelines standards that state organizations and agencies have to meet (Gidiere, & American Bar Association, 2006). For example, the head of each agency and program officials, to perform yearly assessments of data security programs, with the aim to reduce risks at or below acceptable levels in an efficient, cost-effective, and timely way.

The IT Security Law

Despite the great efforts for the congress trial to pass an updated IT Security Law, they have not succeeded due to various reasons. One of the reasons why it has become so challenging for us to pass an updated IT security Law is that the federal government and the private sector do not agree on what kind of liabilities are appropriate to be passed into cybersecurity law. Another reason is that both the private sector and federal government fear that one party might exploit the other and some will be given less right than the other once the updated IT security Law is passed into law. Also, it is challenging to pass the updated IT security Law because due to the fast-growing world and technologies, there have been new threats and vulnerabilities emerging. Therefore, security risks keep changing and increasing. As a result, these updated IT security Law needs to be improved and increased in different fields.

References

Durst, S., & Henschel, T. (2020). Knowledge Risk Management: From Theory to Praxis. Available at: Cham Springer International Publishing 2020. http://www.worldcat.org/oclc/1139759009

Gantz, S. D., & Philpott, D. R. (2013). FISMA and the Risk Management Framework [Recurso electronico]: The New Practice of Federal Cyber Security. Available at: Estados Unidos, Syngress. http://www.worldcat.org/oclc/1045661515

Gidiere, P. S., & American Bar Association. (2006). The Federal Information Manual: How the Government Collects, Manages, and Discloses Information Under FOIA and other Statutes. Available at: Chicago, Ill, ABA Section of Environment Energy and Resources. http://www.worldcat.org/oclc/1037780657.

Shoemaker, D., & Sigler, K. (2014). Cybersecurity: Engineering a Secure Information Technology Organization. Available at: Australia, Delmar. http://www.worldcat.org/oclc/1064646773

Yan, Z., & IGI Global. (2010). Trust Modeling and Management in Digital Environments: From Social Concept to System Development. Available at: Hershey, Information Science Reference. http://www.worldcat.org/oclc/556968804.