User Account

All Pages

Evaluate the weaknesses of each framework

Assignment Help Management Information Sys
Reference no: EM13761231

The National Institute of Standards and Technology (NIST) replaced the former NIST Special Publication 800-37, Guide for the Security Certification and Accreditation of Federal Information Systems with NIST Special Publication 800-37 Revision 1, Guide for Applying Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach. The NIST document changed from a certification and accreditation framework to a risk management framework because information security management systems should be regularly reviewed, updated, and maintained. It makes more sense to follow a security life cycle approach (continuous monitoring) versus a single one-time static certification/accreditation approach.

For this task, you will be using NIST Special Publication 800-37 Revision 1, Guide for Applying Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach and the attached "Healthy Body Wellness Center Risk Assessment" case study.

You have been hired to apply the NIST's risk management framework to the Healthy Body Wellness Center's information systems. You know that the organization has recently had a risk assessment completed that includes recommendations for implementing security controls and mitigating risks. In your new role, a team of people will be assigned to help you with the task. The first job you are tasked with is creating a to-do list for the specific tasks outlined in each of the six steps in the risk management framework (RMF).

Task:

A. Discuss key elements that need to be addressed as part of the risk management framework by completing the attached "RMF To-Do List."

B. Create a white paper that compares the ISO 27002, COBIT, NIST, and ITIL frameworks by doing the following:

1. Discuss how each framework is most commonly used.

2. Analyze the purpose of each framework design.

3. Evaluate the strengths of each framework.

4. Evaluate the weaknesses of each framework.

5. Discuss the certification and accreditation process for the frameworks.

6. Discuss when you would choose to use each framework (e.g., ISO 27002 versus COBIT, NIST, or ITIL).

C. When you use sources, include all in-text citations and references in APA format.

Reference no: EM13761231

Questions Cloud

Describe some of the purposes for doing a data mining : Describe some of the purposes for doing a data mining? Provide some advantages of Data mining with relevant examples
Design a knowledge application system : Design a knowledge application system to support your business needs. Describe the type of system and the foundation technologies that you would use to develop such system. What are some of the intelligent technologies that enable those systems?
What are the key elements of luluemons strategies : What are the key elements of luluemon's strategies? what features of luluemon's strategy stand out as being different from that of other makers of sports apparel (e.g. Nike and Under Armour)?
Market for performance-based yoga and fitness apparel : How strong are the competitive forces confronting lululemon in the market for performance-based yoga and fitness apparel? Use a five-forces analysis to support your answer? What does your strategic group map of the performance sports apparel industry..
Evaluate the weaknesses of each framework : Discuss how each framework is most commonly used. Analyze the purpose of each framework design. Evaluate the strengths of each framework. Evaluate the weaknesses of each framework
Significant challenges associated with facial reconstruction : The bones of the face, or skull as it is sometimes referred to, are there for the purpose of protecting and supporting the entrance to the digestive system and the respiratory system.
Remainder of the outstanding bonds : The remainder of the outstanding bonds is reacquired by exercising the bonds' call feature. In the final analysis, how much was the gain or loss experienced by Hurst in reacquiring its 8% bonds? (Assume the firm used straight-line amortization.) S..
Computer-based training : Computer-based training is more widely used today by both organizations and educational institutions. Discuss the differences between CBT and eLearning in both environments.
Explain marketing communications : Answer the following questions: Explain Marketing Communications in your own words.

Reviews

Write a Review

Management Information Sys Questions & Answers

  Analytical procedures used in an audit engagement

How are the analytical procedures used in an audit engagement? What premise underlies the use of analytical procedures in auditing? What sources of information can an auditor use to develop expectations? Please provide examples.

  Licensing proprietary technology to foreign

licensing proprietary technology to foreign competitorsdiscuss this statement licensing proprietary technology to

  What would the pros and cons be of dedicated private fleet

What would the pros and cons be of using each technique listed below, Distribution center, Public warehouse, Third-party logistics

  Explain some of the issues that a company may face

Briefly explain some of the issues that a company may face as it experiences growth and begins to address the proper use of its information systems

  Explain the nonfunctional requirements for abs

Explain the design principles and the steps for the design process if ABS has global audience. Explain the nonfunctional requirements for ABS and document those requirements in the requirement document

  Types of health care information systems

Health care information systems - Explain two types of health care information systems

  Description of data miningdata mining is a two edged sword

description of data miningdata mining is a two edged sword. decide whether you think is it good or bad and give several

  Develop a logical work breakdown structure

Develop a logical work breakdown structure (WBS) showing the items of work necessary to accomplish this project. You will need to create some summary tasks to define a structure for your project work in addition to describing the work activities t..

  Explain about project management and risk management

Project Management and Risk Management - The supply chain decisions that are made have risk involved like any other project decision.

  Description of the purpose of prototyping

A description of the purpose of prototyping within the example in the chosen article CSU requires that students use the APA style for papers and projects. Therefore, the APA rules for formatting, quoting, paraphrasing, citing, and listing of sourc..

  Important information about human resources assistance

important information about human resources assistance planhow the human resources assistance plan and aids you have

  Discuss reaction to technology at usa today and impact on

discuss reaction to technology at usa today and impact on business.harvard business case9-402-010september 19

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd