User Account

All Pages

Choices provided and prepare a security plan

Assignment Help Basic Computer Science
Reference no: EM13924815

Project 7: Organization Security Plan

Choose an organization from the choices provided and prepare a security plan that provides security awareness policy using a security policy framework outline and according the Critical Infrastructure document which concentrates on the following integral keywords to cover the necessary elements of an organization security plan. These are: Identify, Protect, Detect, Respond, and Recover. The plan is a capstone of the work that you have accomplished in this course. You will use your outline to guide the outcome of the plan in addition to the keywords. The plan is an enterprise policy that includes the following considerations, analysis approach, and protections for the enterprise:

Identify threats and vulnerabilities.

Assign appropriate security controls to protect the infrastructure of the organization.
Prepare vulnerability scans and effective risk management protocols to ensure protections remain current and effective and detect any issues.

Initiate an incident response plan for responding to problems.
Develop a business continuity and disaster recovery plan to recover from interruptions in business whether manmade or geographical.
This plan must be completed and submitted in MS Word format. Choose from one of the organizations below or request approval from

your instructor via email for an alternate organization:

• Department of Defense
• Department of Homeland Security
• General Dynamics Information Technology
• JC Penney's Corporate Office
• University of Maryland
• ITT Technical Institute
• United States Marine Corp

From the Critical Infrastructure document, align your organizational plan to reflect the intent of the document as follows from an excerpt taken from the document and ensure you read the document in its entirety:

"The Framework complements, and does not replace, an organization's risk management and cybersecurity program. The organization can use its current processes and leverage the Framework to identify opportunities to strengthen and communicate its management of cybersecurity risk while aligning with industry practices. Alternatively, an organization without an existing cybersecurity program can use the Framework as a reference to establish one.

Just as the Framework is not industry-specific, the common taxonomy of standards, guidelines, and practices that it provides also is not country-specific. Organizations outside the United States may also use the Framework to strengthen their own cybersecurity efforts, and the Framework can contribute to developing a common language for international cooperation on critical infrastructure cybersecurity."

1.1 Overview of the Framework

The Framework is a risk-based approach to managing cybersecurity risk, and is composed of three parts: the Framework Core, the Framework Implementation Tiers, and the Framework Profiles. Each Framework component reinforces the connection between business drivers and cybersecurity activities. These components are explained below.

• The Framework Core is a set of cybersecurity activities, desired outcomes, and applicable references that are common across critical infrastructure sectors. The Core presents industry standards, guidelines, and practices in a manner that allows for communication of cybersecurity activities and outcomes across the organization from the executive level to the implementation/operations level. The Framework Core consists of five concurrent and continuous Functions-Identify, Protect, Detect, Respond, Recover. When considered together, these Functions provide a high-level, strategic view of the lifecycle of an organization's management of cybersecurity risk. The Framework Core then identifies underlying key Categories and Subcategories for each Function, and matches them with example Informative References such as existing standards, guidelines, and practices for each Subcategory.

Framework Implementation Tiers ("Tiers") provide context on how an organization

views cybersecurity risk and the processes in place to manage that risk. Tiers describe the degree to which an organization's cybersecurity risk management practices exhibit the characteristics defined in the Framework (e.g., risk and threat aware, repeatable, and adaptive). The Tiers characterize an organization's practices over a range, from Partial (Tier 1) to Adaptive (Tier 4). These Tiers reflect a progression from informal, reactive responses to approaches that are agile and risk-informed. During the Tier selection process, an organization should consider its current risk management practices, threat environment, legal and regulatory requirements, business/mission objectives, and organizational constraints.

A Framework Profile ("Profile") represents the outcomes based on business needs that an organization has selected from the Framework Categories and Subcategories. The Profile can be characterized as the alignment of standards, guidelines, and practices to the Framework Core in a particular implementation scenario. Profiles can be used to identify opportunities for improving cybersecurity posture by comparing a "Current" Profile (the "as is" state) with a "Target" Profile (the "to be" state). To develop a Profile, an organization can review all of the Categories and Subcategories and, based on business drivers and a risk assessment, determine which are most important; they can add Categories and Subcategories as needed to address the organization's risks. The Current Profile can then be used to support prioritization and measurement of progress toward the Target Profile, while factoring in other business needs including cost-effectiveness and innovation. Profiles can be used to conduct self-assessments and communicate within an organization or between organizations.

1.2 Risk Management and the Cybersecurity Framework
Risk management is the ongoing process of identifying, assessing, and responding to risk. To manage risk, organizations should understand the likelihood that an event will occur and the resulting impact. With this information, organizations can determine the acceptable level of risk for delivery of services and can express this as their risk tolerance.
With an understanding of risk tolerance, organizations can prioritize cybersecurity activities, enabling organizations to make informed decisions about cybersecurity expenditures. Implementation of risk management programs offers organizations the ability to quantify and communicate adjustments to their cybersecurity programs. Organizations may choose to handle risk in different ways, including mitigating the risk, transferring the risk, avoiding the risk, or accepting the risk, depending on the potential impact to the delivery of critical services.

The Framework uses risk management processes to enable organizations to inform and prioritize decisions regarding cybersecurity. It supports recurring risk assessments and validation of business drivers to help organizations select target states for cybersecurity activities that reflect desired outcomes. Thus, the Framework gives organizations the ability to dynamically select and direct improvement in cybersecurity risk management for the IT and ICS environments."

Reference no: EM13924815

Questions Cloud

How did erasmus use humanism to shape christian ideas : How did Erasmus use humanism to shape Christian ideas? How did he use religious works to spread the ideas of humanism
What is trs and explain its advantages and disadvantages : What is TRS? Explain its advantages and disadvantages. Explain the difference between the credit option and the credit spread option.
American culture and expansion : Identify the innovator from 1815-1860 you feel had the most significant impact on American culture and expansion, including which innovation(s) and why.
America identify significant writings : Defend which reform movement you feel was most successful in this antebellum America  identify significant writings, leaders, methods, and obstacles faced when working towards this goal.
Choices provided and prepare a security plan : Choose an organization from the choices provided and prepare a security plan that provides security awareness policy using a security policy framework outline and according the Critical Infrastructure document which concentrates on the following i..
Explain the importance of credit risk pricing : Explain the importance of credit risk pricing. What are the various factors influencing credit risk pricing? Explain how the credit risk pricing factors in different underlying PDs.
Explain and plan server deployments and images : Explain and plan server deployments and images. Compare and contrast deployment strategies among different application servers and server roles.
Jay mills started a business by issuing a face value : What is the principal balance on January 1, 2014?
American culture and expansion : Identify the innovator from 1815-1860 you feel had the most significant impact on American culture and expansion, including which innovation(s) and why.

Reviews

Write a Review

Basic Computer Science Questions & Answers

  Identifies the cost of computer

identifies the cost of computer components to configure a computer system (including all peripheral devices where needed) for use in one of the following four situations:

  Input devices

Compare how the gestures data is generated and represented for interpretation in each of the following input devices. In your comparison, consider the data formats (radio waves, electrical signal, sound, etc.), device drivers, operating systems suppo..

  Cores on computer systems

Assignment : Cores on Computer Systems:  Differentiate between multiprocessor systems and many-core systems in terms of power efficiency, cost benefit analysis, instructions processing efficiency, and packaging form factors.

  Prepare an annual budget in an excel spreadsheet

Prepare working solutions in Excel that will manage the annual budget

  Write a research paper in relation to a software design

Research paper in relation to a Software Design related topic

  Describe the forest, domain, ou, and trust configuration

Describe the forest, domain, OU, and trust configuration for Bluesky. Include a chart or diagram of the current configuration. Currently Bluesky has a single domain and default OU structure.

  Construct a truth table for the boolean expression

Construct a truth table for the Boolean expressions ABC + A'B'C' ABC + AB'C' + A'B'C' A(BC' + B'C)

  Evaluate the cost of materials

Evaluate the cost of materials

  The marie simulator

Depending on how comfortable you are with using the MARIE simulator after reading

  What is the main advantage of using master pages

What is the main advantage of using master pages. Explain the purpose and advantage of using styles.

  Describe the three fundamental models of distributed systems

Explain the two approaches to packet delivery by the network layer in Distributed Systems. Describe the three fundamental models of Distributed Systems

  Distinguish between caching and buffering

Distinguish between caching and buffering The failure model defines the ways in which failure may occur in order to provide an understanding of the effects of failure. Give one type of failure with a brief description of the failure

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd