reply to discussion below


Red Clay Renovation’s CIO reported that the CISO is working with the IT Governance Board to restart the company’s security education, training, and awareness (SETA) program. SETA activities had fallen into disuse due to a perceived lack of quality and lack of timeliness (out of date materials). The CISO has also determined that the System Security Plans for the field offices are out of date and lacking in important security controls. These plans have been scheduled for update soon to ensure that the company’s risk management strategy for cybersecurity risks is fully implemented (King, 2019).

When it comes to Red Clay Renovations risk, their many from potential data leaks, cyber vulnerabilities, insider threat, and natural disaster. The key to better protecting the company is being aware of which type of financial investment category needs attention which could be people, process, or technology. One risk comes to mind is allowing employees to bring and use their own devices grant it these are require performing their duties. These devices A Bring Your Own Device (BYOD) policy has recently been drafted as part of the RCR Employee Handbook to inform and educate our employees about the proper use of BYOD on our corporate network, and the disciplinary actions that are taken if the policy is not followed.

To address the risk of many field office employees, including “Reality Media Services” staff, being authorized to work from home, or an alternate work location (“telework site”), one or more days per week, RCR focused on a technical financial investment by implementing a Virtual Private Network (VPN) connection for these employees to connect to protect the confidentiality and integrity of information transmitted and received. Our company receives, processes, stores, and transmits Protected Health Information (PHI) generated by medical practitioners, or as provided by the customer. We can mitigate the risks of working with sensitive data by utilizing processes as a financial investment (Davis, Libicki, Johnson, Kumar, Watson, & Karode, 2019).

Implementing the strategy of neutralizing cyber-attacks successfully will assist our planning by focusing our company’s effort on working to reduce the number of cyber-attacks our company could face. Several methods in neutralizing cyber-attacks are addressing insider threat, having a robust incident response program, developing mitigations for specific known threats, and blocking cyber-attacks as they occur. Understanding where to focus our cybersecurity efforts will also complement our information security budget by recognizing what solutions to invest for implementing technical, operational, and management controls to protect our company’s data and IT resources (Davis, Libicki, Johnson, Kumar, Watson, & Karode, 2019).


King, V. J (2018). Red Clay Renovations Company Profile. Retrieved from

Davis, J. S., Libicki, M. C., Johnson, S. E., Kumar, J., Watson, M., & Karode, A. (2016). A framework for programming and budgeting for cybersecurity (Rand TL-168). Retrieved from