Risk Management for Compliance

Within the Discussion Board area, write 200–250 words that respond to the following questions with your thoughts, ideas, and comments. This will be the foundation for future discussions by your classmates. Be substantive and clear, and use examples to reinforce your ideas.

For this Discussion Board, please complete the following:

Read the following article about the Colonial Pipeline cyberattack: https://www.cnet.com/tech/services-and-software/colonial-pipeline-ceo-tells-senate-decision-to-pay-hackers-was-made-quickly/

The Pipeline was hit by a ransomware attack . Around 100 gigabytes of data were stolen. Some operations had to be completely shut down due to the cyberattack. If you were the owner of Colonial Pipeline, think about how technical, administrative, and physical controls are applied in an organization to help ensure data confidentiality, integrity, and availability.

Watch the following video to review the three categories of information security controls: https://www.youtube.com/watch?v=SupdvOnkVi4

To learn more about disaster recovery tactics, you may review this unit’s Intellipath® lesson: Developing Disaster Recovery Plans.

Based on your review of the video, the Intellipath lesson, and the pipeline scenario, discuss the following:

These are the 2 questions that need to be answered:

Which information security control would you implement first as a disaster recovery tactic to try and prevent the problem in this scenario? Why?

In your opinion, why is each control is specifically important to ensure the security of companies such as Colonial Pipeline as a component of disaster recovery?