430 W6 DQ2 UG
Briefly describe tools, technologies, or software a company can use to implement a framework throughout their enterprise? Can frameworks be automated? If not, why? If so, how?
Reply to responses.
Please read before replying to responses. 100-150 words.
Reminder, each response must be a paragraph which is seven sentences. In addition, I am reminding all students not to lose points moving forward, that the responses for participation need to follow the ABC method. Acknowledge what your classmate has said, build on the content (do not just state, I agree with how you said this, or I like how you said that), and close with a question (an open-ended question). You may send me a message in the private forum with any questions. You must have supporting in-text citations and references to support your discussions posts. Blessings with wisdom and academic growth! Cheers, Professor Ligon Blessings and prayers…
Good evening Professor Ligon and class,
Different strategies that support the digital transformation of an IT department and allow for IT growth and modernizing of the IT department are known as Enterprise Architecture (EA). “Enterprise architecture is the process by which organizations standardize and organize IT infrastructure to align with business goals” (White, 2018). This allows companies to analyze, plan, design, and implement enterprise analysis to perform business strategies. Businesses need something to plan and allow for long-term strategies to support the rapid growth of technology and this remains the same in today’s world. 4 main methodologies help effectively implement this process, they are The Open Group Architectural Framework (TOGAF), The Zachman Framework for Enterprise Architecture, Federal Enterprise Architecture Framework (FEAF), and Gartner. A couple of basic tools used are Excel and PowerPoint and some third-party tools such as Orbus Software and Sparx Systems. Yes, frameworks can be automated and are used in testing applications. Test automation framework handles the reuse of different codes in different scenarios as well as assists the teams in recording the test scripts to a standard form. “Test automation framework is helpful when you need to execute the same test scripts multiple times with different builds to examine the application and validate output” (Bhavar, n.d.). With every good thing, though there is a bad, you would not want to use automated testing for functionality.
Hello Professor Ligon and Class,
After doing research and looking into the tool and techniques of implementing a framework throughout an enterprise, I found many websites that were able to outline and guide an organization through the implementation of these frameworks. One tool that I found is from a website that outlined how an organization can Identify, Protect, Detect, Respond and Recover threats. These techniques are used for the implementation of the NIST Cybersecurity Framework. Other than this kind of tool, I also found automated tool frameworks that may automatically help out with abiding by certain security frameworks. One tool that I found was from Cyber Saint Security. Their software is able to automate the manual aspect of the NIST Framework and is also able to provide optimized remediation plans that are tailored to certain needs. Automated tools make this entire process a whole lot easier for organizations to implement security frameworks.
There are tools and technologies or even software that an organization can implement in order to establish and maintain a framework throughout the organization. The National Institute for Standards and Technology (NIST) does provide guidance for the federal government on ways to implement a framework. The Department of Defense (DoD) has another layer of requirements which is promoted by the Defense Information Systems Agency (DISA). DISA does provide requirements and tools for validating and implementation of the security requirements. One of the tools that I came across is made by SolardWinds is called the Network Configuration Manager (NCM) which is designed to automate the compliance of the network configuration and is able to integrate with the National Vulnerability Database to help identify and steps to eliminate these known vulnerabilities (SolarWinds, 2022). Another tool that I came across is made by Telesis and is called OpenFISMA which automates the requirements of the framework of the Federal Information Security Management (FISMA), NIST, RMF, ISO, so forth.
D Cody again.
Hello Professor Ligon and Class,
Common Criteria is a method for stringently assessing the security of Information Technologies. Different technologies may be tested for how secure they are, such as databases, servers, operating systems, etc. Each of these IT systems can be tested and given a EAL, or Evaluation Assurance Level rating, based on how secure the system or product is. There are 7 EAL Levels that a product may receive. A product with a level 5 EAL rating means that the product passed all security tests listed for EAL level 5 but failed the tests in EAL level 6.
An organization may apply the Common Criteria through making sure all IT and security products that they purchase are Common Criteria rated and rated to a certain EAL Level. This insures a certain level of protection throughout the entire organization’s IT Infrastructure. Also, if a company has created a product, such as software or hardware, they may allow a third party to test this product through the methods of Common Criteria to receive an EAL level. The use of Common Criteria is helpful for any company, even public companies. A public company can assure that they have a certain level of security if they make sure their IT products have their correct protection profile, or PP. If all products meet the Protection Profile needs than they may better protect their information.