CWU Audit Record Software Implementation Discussion Response

respond to post below:To: Padgett-Beale CISOFrom: bosek sakayoDate: March 31, 2020Subject: Identification and Selection of IT Security ControlsIntroductionThe M&A team has identified three events that contributed to the bankruptcy of IBS. The company officers and senior managers were able to conduct criminal activity using company IT assets without detection, does not have a disaster recovery/business continuity plan, and storage media was not backed up on offsite premises. The following families of controls from NIST SP 800-53 will be used to remediate the mentioned deficiency (Security and Privacy Controls, 2013):Analysis           The following are the controls within the AU and CP families that are recommended to deter the above shortages.SummaryThe M&A team has identified three events that occurred in the IBS, and that played a big part in IBS go bankruptcy. This was a result of not having adequate internal control and contingency plan. The NIST SP 800-53 was incorporated to suggest controls that may help deter mentioned deficiencies, and they are AU-3 (Content of Audit Records), CP-2 (Contingency Plan), and CP-6 (Alternate Storage Site). The team suggests employing audit management software, strategically written contingency plans, and cloud service. They will help fight officers and managers using the company’s IT for criminal activities and to be able to sustain essential business operation after servers, workstations, and storage media has been disrupted.