User Account

All Pages

Organization security plan

Assignment Help Computer Network Security
Reference no: EM13819707

Organization Security Plan

Choose an organization from the choices provided and prepare a security plan that provides security awareness policy using a security policy framework outline and according the Critical Infrastructure document which concentrates on the following integral keywords to cover the necessary elements of an organization security plan. These are: Identify, Protect, Detect, Respond, and Recover. The plan is a capstone of the work that you have accomplished in this course. You will use your outline to guide the outcome of the plan in addition to the keywords. The plan is an enterprise policy that includes the following considerations, analysis approach, and protections for the enterprise:

· Identify threats and vulnerabilities.
· Assign appropriate security controls to protect the infrastructure of the organization.

· Prepare vulnerability scans and effective risk management protocols to ensure protections remain current and effective and detect any

issues.

· Initiate an incident response plan for responding to problems.

· Develop a business continuity and disaster recovery plan to recover from interruptions in business whether manmade or geographical.

This plan must be completed and submitted in MS Word format. Choose from one of the organizations below or request approval from your instructor via email for an alternate organization:

· Department of Defense

· Department of Homeland Security

· General Dynamics Information Technology

· JC Penney's Corporate Office

· University of Maryland

· ITT Technical Institute

· United States Marine Corp


From the Critical Infrastructure document, align your organizational plan to reflect the intent of the document as follows from an excerpt taken from the document and ensure you read the document in its entirety:

"The Framework complements, and does not replace, an organization's risk management and cybersecurity program. The organization can use its current processes and leverage the Framework to identify opportunities to strengthen and communicate its management of cybersecurity risk while aligning with industry practices. Alternatively, an organization without an existing cybersecurity program can use the Framework as a reference to establish one.

Just as the Framework is not industry-specific, the common taxonomy of standards, guidelines, and practices that it provides also is not country-specific. Organizations outside the United States may also use the Framework to strengthen their own cybersecurity efforts, and the Framework can contribute to developing a common language for international cooperation on critical infrastructure cybersecurity."

1.1 Overview of the Framework

The Framework is a risk-based approach to managing cybersecurity risk, and is composed of three parts: the Framework Core, the Framework Implementation Tiers, and the Framework Profiles. Each Framework component reinforces the connection between business drivers and cybersecurity activities. These components are explained below.

The Framework Core is a set of cybersecurity activities, desired outcomes, and applicable references that are common across critical infrastructure sectors. The Core presents industry standards, guidelines, and practices in a manner that allows for communication of cybersecurity activities and outcomes across the organization from the executive level to the implementation/operations level. The Framework Core consists of five concurrent and continuous Functions-Identify, Protect, Detect, Respond, Recover. When considered together, these Functions provide a high-level, strategic view of the lifecycle of an organization's management of cybersecurity risk. The Framework Core then identifies underlying key Categories and Subcategories for each Function, and matches them with example Informative References such as existing standards, guidelines, and practices for each Subcategory.

Framework Implementation Tiers ("Tiers") provide context on how an organization views cybersecurity risk and the processes in place to manage that risk. Tiers describe the degree to which an organization's cybersecurity risk management practices exhibit the characteristics defined in the Framework (e.g., risk and threat aware, repeatable, and adaptive). The Tiers characterize an organization's practices over a range, from Partial (Tier 1) to Adaptive (Tier 4). These Tiers reflect a progression from informal, reactive responses to approaches that are agile and risk-informed. During the Tier selection process, an organization should consider its current risk management practices, threat environment, legal and regulatory requirements, business/mission objectives, and organizational constraints.

A Framework Profile ("Profile") represents the outcomes based on business needs that an organization has selected from the Framework Categories and Subcategories. The Profile can be characterized as the alignment of standards, guidelines, and practices to the Framework Core in a particular implementation scenario. Profiles can be used to identify opportunities for improving cybersecurity posture by comparing a "Current" Profile (the "as is" state) with a "Target" Profile (the "to be" state). To develop a Profile, an organization can review all of the Categories and Subcategories and, based on business drivers and a risk assessment, determine which are most important; they can add Categories and Subcategories as needed to address the organization's risks.

The Current Profile can then be used to support prioritization and measurement of progress toward the Target Profile, while factoring in other business needs including cost-effectiveness and innovation. Profiles can be used to conduct self-assessments and communicate within an organization or between organizations.

1.2 Risk Management and the Cybersecurity Framework

Risk management is the ongoing process of identifying, assessing, and responding to risk. To manage risk, organizations should understand the likelihood that an event will occur and the resulting impact. With this information, organizations can determine the acceptable level of risk for delivery of services and can express this as their risk tolerance.

With an understanding of risk tolerance, organizations can prioritize cybersecurity activities, enabling organizations to make informed decisions about cybersecurity expenditures. Implementation of risk management programs offers organizations the ability to quantify and communicate adjustments to their cybersecurity programs. Organizations may choose to handle risk in different ways, including mitigating the risk, transferring the risk, avoiding the risk, or accepting the risk, depending on the potential impact to the delivery of critical services.

The Framework uses risk management processes to enable organizations to inform and prioritize decisions regarding cybersecurity. It supports recurring risk assessments and validation of business drivers to help organizations select target states for cybersecurity activities that reflect desired outcomes. Thus, the Framework gives organizations the ability to dynamically select and direct improvement in cybersecurity risk management for the IT and ICS environments."

Your organization plan must be a comprehensive approach identifying the framework for enabling organizations to establish cybersecurity policy in the enterprise. Submit to your assignment folder by the due date assigned in your syllabus schedule.

Reference no: EM13819707

Questions Cloud

Developing the project plan and determining critical path : Assignment: Project Planning - Developing the Project Plan and Determining Critical Path Using the excel sheet provided, create a project plan for the District 4 Warehouse Move project
Describe the scope and analyze how to control the scope : Describe the scope and analyze how to control the scope
Review the brownfield vs daniel freeman marina case summary : Read the assigned article, "Informed Consent for Emergency Contraception: Variability in Hospital Care of Rape Victims." Review the Brownfield v. Daniel Freeman Marina Hospital case summary.
Intellectual property and global intellectual property right : Determine whether or not existing "fair use" exceptions strike an appropriate balance between creators and users of the material. Provide two (2) specific examples to support your response.
Organization security plan : Organization Security Plan
Write an essay on illusions of yourself : Write an essay on illusions of yourself and what other people think.
Behavior of people from a particular country : Question 1: ____ is the set of shared values and beliefs that affects the perceptions, decisions, and behavior of people from a particular country.
Assignment on elastic and inelastic traffic : Elastic and Inelastic Traffic
What are critical common components to all religions : What are critical common components to all religions/beliefs in regards to healing, such as prayer, meditation, belief, etc.? Explain.

Reviews

Write a Review

Computer Network Security Questions & Answers

  Is data hiding a valuable security consideration

Explain the term data hiding, which is used in object-oriented programming. Is data hiding a valuable security consideration. Why or why not

  Discuss your rationale for choosing the specific firewall

From the first e-Activity, discuss your rationale for choosing the specific firewall in question, and determine the primary way in which a company could incorporate it into an enterprise network in order to enhance security

  Describe how the national security telecommunications and

discuss how the national security telecommunications and information systems security policy nstissp national policies

  Assignment on network security policy plan

Research and discuss the items that you would place in such a plan, and justify your reasoning for the items that you have decided to include.

  Rsa public key cryptography standards

Choose one of the standards that you have interest and describe what it does, if possible have some discussion on it. You may usehttp://www.sis.uncc.edu/~yonwang/papers/pkcs.pdf as a reference.

  Consider the information stored on your personal computer

information security1. look up the paper that started the study of computer security. prepare a summary of the

  What rc4 key value will completely invert s

What RC4 key value will completely invert S after the initial permutation (so that S[0] = 255, S[1] = 254, ..., S[254] = 1, S[255] = 0)?  Show your work. (Explain how you got this.)

  Your job is to prepare a risk-management policy which

you have just been hired as an information security engineer for a large multi-international corporation. unfortunately

  Selecting a programming language to develop secure software

The personnel manager asks you to follow up with a short paper to her briefly going over the topics you discussed. She would like the document as a memo, highlighting the subject areas you thought worthy enough to bring to her attention during the di..

  Cyber terrorism

competitive intelligenc, information safekeeping governance, administration, ISO/IEC 27002, Conceptual Framework

  Explaining wtls does not give message integrity protection

An earlier version of WTLS supported a 40-bit XOR MAC and also supported RC4 stream encryption. Show that this scheme doesn't give message integrity protection.

  Describe how use of equipment software and multiplexing

write a 4-7 page paper including the followingmiddot analyze the current options available for use of tcpip and

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd