acca7028

Apply the principles and practices of Data security, Governance and Compliance based on a given scenario ACCA7028 Your name Submission date Abstract Many businesses, especially those that work internationally such as NatureGarden, must comply with a number of different cybersecurity regulations. Frameworks can be a great way to address this complicated data security challenge over the cloud. They give organisations way to define, apply and monitor controls across multiple compliance regimes thus strengthening data security. This paper was able to design data security, governance, and compliance approach using ISO 27001 recommended approach. The design presented meets the minimum requirements for ISO 27001 certification, but NatureGarden needs to implement the system, train its employees, and actively follow the policies and processes to improve its information security. Implementing such approach is an ongoing process that requires the organization to gain knowledge, responsibility, and experience in information security. The recommend that NatureGarden seek guidance from a professional with expertise in the standard. While the documentation provided is important for achieving certification, the organization must also focus on promoting a culture of information security and ensuring that all members take responsibility for it. The effectiveness of security depends on clear policies and processes, and it is not solely the responsibility of the IT department. As NatureGarden implements the recommendations in this document, adjustments can be made based on the approach developed. The information provided is flexible, and NatureGarden can adapt and refine it during the implementation process. Introduction This report used NatureGarden case study, which is a highly popular brand that sells products for maintaining a healthy lifestyle. They have a strong global presence and use cloud services to provide IT services to their staff and clients. The majority of their network is wireless, and they have a significant online and social media presence. Due to their large workforce and customer base, they are facing pressure to allow personal devices to access their network, but they are concerned about the security of their staff and client data, as well as protecting their valuable intellectual property. Currently, they do not have any established security policies in place. In particular, this report discusses various data security, governance, and compliance frameworks that can be adopted by NatureGarden. Thereafter, a new approach is proposed based on framework discussed as well as the importance of having good practices or having an up-to-date regulation and standards as an international firm such as NatureGarden. Security framework There are many different frameworks, however a few dominate the market applicable for international companies such as NatureGarden include; US National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity (NIST CSF) [3]; Critical Internet Security Controls (CIS) [4]; the International Standards Organization (ISO) frameworks ISO/IEC 27001 and 27002 [5]. NIST CSF The NIST Cybersecurity Framework is intended to be used to protect critical infrastructure such as power plants and dams from cyber-attacks [1], [2]. However, its principles can be applied to any organization seeking better security. It is one of several NIST standards that cover cybersecurity. The actual implementation of the framework can involve thousands of person-hours and hundreds of pages of documentation, procedures, and controls. However at root, the framework is quite simple to understand [5], [6]. Figure 1: NIST CSF Framework [6] As illustrated in Figure 1, the core of the framework is a list of cybersecurity functions that follow the basic pattern of cyber defense: identify, protect, detect, respond and recover. The framework provides an organized mechanism for identifying risks and assets that require protection. For example, under the “protect” pattern, the framework contains a category known as PR.DS, which stands for “Protect Data Security.” Digging deeper into the framework, PR.DS has seven subcategories, each aimed at ensuring data protection. These include controls to protect data at rest (PR.DS-1), protect data in transit (PR.DS-2) [5], [6]. To comply with PR.DS-1, for example, NatureGarden could require encryption of