Respond to the following in a minimum of 175 words.
A plan of action and milestones (POA&M) is a living, historical document that identifies tasks that need to be created to remediate security vulnerabilities. The goal of a POA&M should be to reduce the risk of the vulnerability identified.
Describe some of the common challenges with developing and maintaining a POA&M from the standpoint of a CISO versus a CIO.
Respond to the following in a minimum of 50 words.
Savage
For a Chief Information Security Officer (CISO) and a Chief Information Officer (CIO) there can be some challenges when it comes to developing and maintaining a plan of action and milestone (POA&M). And some of them are budget related, or dealing with out-of-date controls and systems, and having to make sure your plans are understandable to the people using them. When it comes to budget, you need to make sure your plans for the POA&M are within financial reason for the organization you are working for. If you are trying to use the most expensive controls or software, the organization’s CEO may not be on board with your plans. When dealing with out-of-date controls and systems you may have to decide whether or not it’s more cost and time effective to replace the controls and systems with new ones or try and develop something to work around them. And when it comes to making your plans understandable, keep in mind who will be using them, for example: if you are implementing plans that have to do with password protection, do the organizations’ employees know how to practice safe password usage?
For the CIO they do most of the overseeing of the plans to dictate whether or not to bring it to the attention of corporate.
Respond to the following in a minimum of 50 words.
Woods
The CISO is the one that makes sure that the technology for the company
that will protect the company asset and everything else. He is
responsible for checking making that the security features are working
for the company and maintaining the security of it. He got make sure
that the assets of the company is protected and also the consumer
information as well. The technology have to be up to the standards of
the company. The CIO he works more closely with the computer system to
see how the system is working and see if there any changes that needs to
be addressed so he can tell the whoever in charge on what he notices
and he insight on how the system is performing. CISO he got to have the
information before meeting with the President of the company and the
others leaders. CIO has to make sure he gives the right information to
the CISO he the one has to talk to the President and a report on the
company computer system or any issues that needs to be addressed.
The post Respond to the following in a minimum of 175 words.
A plan of action and milesto appeared first on Skilled Papers.
