User Account

All Pages

Organization security plan

Assignment Help Computer Networking
Reference no: EM13781293

Organization Security Plan

Choose an organization from the choices provided and prepare a security plan that provides security awareness policy using a security policy framework outline and according the Critical Infrastructure document which concentrates on the following integral keywords to cover the necessary elements of an organization security plan. These are: Identify, Protect, Detect, Respond, and Recover. The plan is a capstone of the work that you have accomplished in this course. You will use your outline to guide the outcome of the plan in addition to the keywords. The plan is an enterprise policy that includes the following considerations, analysis approach, and protections for the enterprise:

• Identify threats and vulnerabilities.

• Assign appropriate security controls to protect the infrastructure of the organization.

• Prepare vulnerability scans and effective risk management protocols to ensure protections remain current and effective and detect any issues.

• Initiate an incident response plan for responding to problems.

• Develop a business continuity and disaster recovery plan to recover from interruptions in business whether manmade or geographical.
This plan must be completed and submitted in MS Word format. Choose from one of the organizations below or request approval from your instructor via email for an alternate organization:

• Department of Defense

• Department of Homeland Security

• General Dynamics Information Technology

• JC Penney's Corporate Office

• University of Maryland

• ITT Technical Institute

• United States Marine Corp

From the Critical Infrastructure document, align your organizational plan to reflect the intent of the document as follows from an excerpt taken from the document and ensure you read the document in its entirety:
"The Framework complements, and does not replace, an organization's risk management and cybersecurity program. The organization can use its current processes and leverage the Framework to identify opportunities to strengthen and communicate its management of cybersecurity risk while aligning with industry practices.

Alternatively, an organization without an existing cybersecurity program can use the Framework as a reference to establish one.
Just as the Framework is not industry-specific, the common taxonomy of standards, guidelines, and practices that it provides also is not country-specific. Organizations outside the United States may also use the Framework to strengthen their own cybersecurity efforts, and the Framework can contribute to developing a common language for international cooperation on critical infrastructure cybersecurity."

1.1 Overview of the Framework

The Framework is a risk-based approach to managing cybersecurity risk, and is composed of three parts: the Framework Core, the Framework Implementation Tiers, and the Framework Profiles. Each Framework component reinforces the connection between business drivers and cybersecurity activities. These components are explained below.

• The Framework Core is a set of cybersecurity activities, desired outcomes, and applicable references that are common across critical infrastructure sectors. The Core presents industry standards, guidelines, and practices in a manner that allows for communication of cybersecurity activities and outcomes across the organization from the executive level to the implementation/operations level. The Framework Core consists of five concurrent and continuous Functions-Identify, Protect, Detect, Respond, Recover. When considered together, these Functions provide a high-level, strategic view of the lifecycle of an organization's management of cybersecurity risk. The Framework Core then identifies underlying key Categories and Subcategories for each Function, and matches them with example Informative References such as existing standards, guidelines, and practices for each Subcategory.

• Framework Implementation Tiers ("Tiers") provide context on how an organization
views cybersecurity risk and the processes in place to manage that risk. Tiers describe the degree to which an organization's cybersecurity risk management practices exhibit the characteristics defined in the Framework (e.g., risk and threat aware, repeatable, and adaptive). The Tiers characterize an organization's practices over a range, from Partial (Tier 1) to Adaptive (Tier 4). These Tiers reflect a progression from informal, reactive responses to approaches that are agile and risk-informed. During the Tier selection process, an organization should consider its current risk management practices, threat environment, legal and regulatory requirements, business/mission objectives, and organizational constraints.

A Framework Profile ("Profile") represents the outcomes based on business needs that an organization has selected from the Framework Categories and Subcategories. The Profile can be characterized as the alignment of standards, guidelines, and practices to the Framework Core in a particular implementation scenario.

Profiles can be used to identify opportunities for improving cybersecurity posture by comparing a "Current" Profile (the "as is" state) with a "Target" Profile (the "to be" state). To develop a Profile, an organization can review all of the Categories and Subcategories and, based on business drivers and a risk assessment, determine which are most important; they can add Categories and Subcategories as needed to address the organization's risks. The Current Profile can then be used to support prioritization and measurement of progress toward the Target Profile, while factoring in other business needs including cost-effectiveness and innovation. Profiles can be used to conduct self-assessments and communicate within an organization or between organizations.

1.2 Risk Management and the Cybersecurity Framework

Risk management is the ongoing process of identifying, assessing, and responding to risk. To manage risk, organizations should understand the likelihood that an event will occur and the resulting impact. With this information, organizations can determine the acceptable level of risk for delivery of services and can express this as their risk tolerance.

With an understanding of risk tolerance, organizations can prioritize cybersecurity activities, enabling organizations to make informed decisions about cybersecurity expenditures. Implementation of risk management programs offers organizations the ability to quantify and communicate adjustments to their cybersecurity programs. Organizations may choose to handle risk in different ways, including mitigating the risk, transferring the risk, avoiding the risk, or accepting the risk, depending on the potential impact to the delivery of critical services.

The Framework uses risk management processes to enable organizations to inform and prioritize decisions regarding cybersecurity. It supports recurring risk assessments and validation of business drivers to help organizations select target states for cybersecurity activities that reflect desired outcomes. Thus, the Framework gives organizations the ability to dynamically select and direct improvement in cybersecurity risk management for the IT and ICS environments."

Reference no: EM13781293

Questions Cloud

Critically assessing situations-critical thinking process : Define free will, truth, knowledge, and opinion. Explain how we use them to form thoughts. What role does each play in critically assessing situations?
Write a paper on what i look forward to spring break : Write a paper on WHAT I LOOK FORWARD TO SPRING BREAK.
What changes will be necessary for shift to a economy : It has been argued that the United States' economy is shifting from a manufacturing base to a "knowledge economy". What is a knowledge economy?
Details for school or program presented on individual pages : Details for each school or program presented on individual pages. A summary of why the school or program is innovative and/or unique.
Organization security plan : Identify threats and vulnerabilities.
Theoretical perspective influences approaches : As you have learned in your readings, Piaget, Erikson, Skinner, and Vygotsky took different approaches to child development. One's theoretical perspective influences approaches to child development. The Jacksons are a young couple living in Center..
Explain the concepts of reactivity and inertia : Explain the concepts of reactivity and inertia as well as how each concept acts as a barrier to change in criminal justice organizations.
Four types of crimes : Generate a chart or table that lists a variety of crime types. Your chart should include at least four types of crimes and should include violent crimes and economic crimes as two of the types.
Buddha practices the middle path/ way of life : Buddha practices the middle path/ way of life. It's called the eightfold path which are the principles to live by (right view, right intention, etc.) you should look that up. The 8 steps are the path to enlightenment. He also believes in the four nob..

Reviews

Write a Review

Computer Networking Questions & Answers

  What is the type of block of the abbreviated ipv6 address

list the networking and communication devices required, including the IP addresses, product numbers, the cost of each and the approximate total cost.

  Evaluate whether you prefer a laptop or desktop elaborate

questionspersonal computers and networks please respond to the followingbullfrom the e-activity determine whether you

  Why do internet telephony protocols run on top

Why do Internet telephony protocols run on top of UDP rather than on TCP - UDP is use because a connection is not needed to be maintained by some internet telephony applications.

  Network engineer for abc company

You are the network engineer for ABC company. Business is booming, a lot of new staff has been hired recently, and the company is running out of office space. A new larger building has been purchased and you have been asked to design the network f..

  Security concerns that a web designer

What are the security concerns that a web designer must address and be aware of? How much of the responsibility for securing the site lies with the host, and how much lies with the designer? How can you, as a web designer, implement good security ..

  Illustrate the nature of digital signals binary and other

write a 200- to 300-word response to the each following questionsquestion 1 what is the nature of digital signals

  What network hardware needed for networking project

You are to network a ten story building capable of supporting 100 computers on each floor. What network hardware will be needed to accomplish the networking project?

  Case study - networks and switching

Prepare a report - Discussion of your subnetting approach, your calculations for each subnet, why particular subnet masks were chosen and how you allocated the subnets to individual networks - TNE10006/TNE60006 - Networks and Switching

  Architecture the new payroll application should use and why

Explain what type of architecture the new payroll application should use and why. Identify what types of technology will be involved in the architecture and explain the purpose of each technology

  Set up an intranet web server

If you had an enterprise organization of 1000 users, and had to set up an intranet web server, which web server would you use? Please describe your answer. I just need one good paragraph.

  Processor execute between receipt of message

Assume that we are working on a workstation with an instruction rate of 500 MIPS. How many instructions can the processor execute between the receipt of each individual bit of the message?

  Write down 400-600 words which respond to the given

write 400-600 words that respond to the following questions with your thoughts ideas and comments. use the library and

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd