The overall strategy and role for the Chief Information Officer is to avail relevant information and platforms to aid in the development of cyber-security strategies and measures. The CIO does this by selecting the software policy to be followed, the backup RAID levels, databases security and the remote access policy among other aspects that influence the presence or the absence of information relevant to the Cyber Security Command (CSC) branch of the Department of Homeland Security (DHS). The CIO’s strategy could also entail coordinating and liaising the activities of other related officers such as the Chief Information Security Officer (CISO), the Chief Program Officer (CPO) among other officers in order to achieve the mandate of the whole team.
Categories changed by the CIO in the second round from the first round decisions were as follows:
- Backup- the RAID levels changed from 0 in the previous round to six (6) in the second round of decision-making. The remote backup spending also changed from $ 250,000 in the previous round to $500,000 in the second round. These changes were necessitated by a worm intrusion that threatened the security of the information and hence the increment of the RAID levels. With more RAID levels the security of the database is enhanced not only against mild worms but also more harmful viruses and malwares (Barlas, 2004). There was also an economic downturn which prompted an increment in the amount suggested for remote backup spending. Due to these changes, the capital cost changed from $125, 000 at 0 RAID levels to $437,500 for 6 RAID levels. The Operating cost also increased from $250,000 to $500,000 for the same changes in RAID levels. The changes in remote backup spending increased the capital costs from $250,000 to $500,000 in the second round while the operating cost of the system increased from $1,000,000 to $2,000,000.
- Data Security- all the other aspects in this category remained unchanged except the “control privileges” which changed from “Restricted” in the previous round to “Distributed” in this second round. This decision was made in order to allow for the control of the database security among a selected group of operators to ease the workload and allow room for access and consultations among the database administrators. The changes in decision in this category were also necessitated by a worm intrusion. This calls for more expertise and combined efforts by a team of database administrators to deal with the worm intrusion and maintain vigilance over the database. This change brought a change in the Capital cost from $250,000 to $125,000 while the operating cost changed from $2,250,000 to $4,500,000.
- The decisions made in the first round in all the other categories (Remote Access Policy, System Development Testing, Training, Training and Auditing, Training Incentives, Virtualization or Cloud Computing and Software Authorization Policy) remained unchanged. This is because these categories were not affected by the worm intrusion that was detected to have invaded the database. In addition, the economic downturn effect had the heaviest impact on the two categories due to increased demand of database security services and systems. The higher the demand of database backup systems as indicated in this case, the higher their cost from vendors and developers and the more they are impacted by economic policies in regard to cyber-security (Barlas, 2004)
- The higher the demand of database backup systems as indicated in this case, the higher their cost from vendors and developers and the more they are impacted by the economic policies in regard to cyber security. The total in capital cost in regard to these two categories (Backup and Data Security) before making the decisions amounted to $375,000. After the changes, the total capital cost for the decisions made amounted to $937,500. The total operating costs in regard to the two categories (Backup and Data Security) amounted to $ 1,250,000 before making the changes and later amounted to $ 2,500,000 after making the changes.
References
Barlas, S. (2004). “Mission: Critical”, Information Security, September 2004, retrieved July 18, 2013 from: http://infosecuritymag.techtarget.com/ss/0,295796,sid6_iss467_art974,00.html
