User Account

All Pages

Reply to science cybersecurity loopholes discussion

Assignment Help Science
Reference no: EM133196642

Assignment - Reply to Science Cybersecurity Loopholes Discussion

The purpose of this briefing is to address the results of a recent risk assessment analysis conducted by Red Clay Renovations.  The assessment reveals many cybersecurity loopholes within the company field offices, information systems, and the overall IT infrastructure of the company.  As a result, the PII data of customers and the use of smart devices and technologies in remote field offices are vulnerable to cyberattacks.  In an effort to deter cyberattacks and mitigate risk to the company information systems, various security controls are required to be implemented.  These security controls will be implemented to protect the company's cybersecurity objective of integrity, confidentiality, and availability of systems and resources.  Moreover, the controls will remediate the potential impact on Red Clay information systems based on the FIPS 199 categorization.  According to NIST, "risk-related considerations are supported by the agency assessment of risk, and it does not affect the security-relevant information within the company information systems" (2006).  Therefore, the families of security controls selected must amend the risks identified in the Red Clay risk assessment and take additional steps when applying security controls to mitigate system vulnerabilities.

They are three different types of security control classes (managerial, operation, and technical), which are further grouped into families and identifiers.  The family group correlates with one of the three classes based on the characteristics of that security control family.  It is important to note that the security controls can also be linked to more than one of the three security control classes.  The identifier is a two-letter, abbreviation of the actual control family.  For example, RA is the identifier for "Risk Assessment" in the risk assessment family of controls, which includes RA-1,2,3,5 and falls under the "managerial class of security controls."  Moreover, it can also be linked to the operational class for contingency planning with the identifier of CP.  By definition, a managerial security control class "focuses on the management of the information system and the management of risk for a system" (NIST, 2006).  The operation control class address security based on the mechanism that people operate or implement; it does not focus on IT systems.  Technical security control will primarily focus on computer systems that execute various security controls.

Based on the risk analysis assessment conducted by Red Clay, these controls can be implemented in concert with each other to protect the company information systems, the company data, and grant access to company resources to only authorized employees.  Furthermore, these controls can be implemented to enable Red Clay to remain in compliance with IT governance standards and regulations pertaining to information security in the state of Delaware.  These three classes of security controls can work together to fix systems vulnerabilities, and enable the company to assess, monitor, and recover from cyber-attacks.  In addition, it will help to create a security baseline for the company and grant controlled access to products and services, which can be particularly beneficial for the company field offices.  To protect the IT infrastructure of Red Clay, one control family can be selected from the three security control classes to create a defense-in-depth posture for the company information systems and mitigate additional risks to the business in tier three to the company infrastructure.  According to NIST (2013), "tier three identifies risks to information systems and utilized the risk management framework (RMF) to mitigate these risks."

Red Clay CISO (Mr. Eric Carpenter), can benefit tremendously from selecting one control family from each of the three security control classes to remediate the company assessed risks.  The financial controls for the company are based on the risk of information security for the company's financial services, like credit card transactions.  It covers six different control types "detective, preventive, corrective, administrative, technical, and physical" (FFIEC, 2016), from the perspective of the business process for Red Clay.  These measures are aimed at addressing risk from only one aspect of the company.  The control classes and control families mitigate risks to the entire architecture of the company.  Moreover, three family controls from the control classes that the company can implement to meet the needs of information and systems security are i) risk assessment, ii) systems and communications protection, and iii) awareness and training.

The family control "Risk Assessment" (RA) is used to identify all the potential risks the company faces during the lifecycle of the business.  It determines the probability of a risk occurring and the impact of the risk to Red Clay.  This security will be used to address the current and future risks facing the company.  It will identify the financial impact, as well as, the loss of reputation Red Clay will face in the event of a security breach to the company data, or from a natural disaster.  In addition, it will help to identify valuable company assets such as customers PII and technology commodities.  This risk assessment will further be used to prioritize the risk base on the levels of low, medium, or high impact on the company's daily operations.

The control family "systems and communication protections" (SC), is used to protect information systems boundaries both externally and internally.   In addition, this family of controls will be used to protect access to the company's remote sites.  It will enable the company to implement controls for the availability of resources and provide security for the confidentiality and integrity of the company information systems.  The awareness and training controls (AT), is used to train new users on the information systems and to address any changes made to the company systems.  More specifically, this control family will ensure that users are following the proper procedures when accessing systems resources and are trained on how not to introduce malware to the systems through user negligence.  It will give users a general understanding of how to protect Red Clay digital commodities and customer PII data.

Two sub-family controls for risk assessment are RA-1(risk assessment policy) and RA-5 (vulnerability scanning).  These sub controls will be used to ensure that the appropriate policies and procedures are developed to protect the company from unauthorized access to systems and resources emanating from cyberattacks, or malicious insider threats.  The company will also conduct periodic vulnerability scans on the networks to identify and mitigate risks.  The sub-family controls for awareness and training (AT) includes AT-2 and AT-3 (security awareness and role-based training).  These controls will be used to help employees identify malicious system activities, analyze emails containing spam, and identify possible threats to the company's physical infrastructure.  The role-based security training will be aim at contractors and third-party vendors accessing the company networks.  Also, it will address the roles of Red Clay management and the technical roles of staff members.  Two of the SC controls subfamilies are SC-7 (boundary protection) and SC-28 (protecting data at rest).  These sub-families will enable Red Clay to mitigate risk to their internal and external networks by implement DMZs and firewalls to safeguard systems from cyber-attacks.  It will also ensure that data at rest is protected by creating the requirements for encrypting data and performing continuous backups.

Reference no: EM133196642

Questions Cloud

Identify unique problems or considerations : Identify unique problems or considerations that apply to pregnant women. Compare and contrast your pregnant women to the overall U.S. population.
Reply to science red clay renovations discussion : Reply to Science Red Clay Renovations Discussion - According to the NIST Special Publication SP 800-53, there is a total of 18 security control families
Argue - do rich people bear responsibility on climate change : Do rich people rather than rich countries bear the greatest responsibility for climate change? Argue on this statement.
How your understanding been affected by social sciences lens : How has your understanding been affected by the social sciences lens? How does the social sciences lens support the lens you previously used?
Reply to science cybersecurity loopholes discussion : Reply to Science Cybersecurity Loopholes Discussion - The purpose of this briefing is to address the results of a recent risk assessment analysis conducted
Prepare dissertation on emed- all about health : Prepare Dissertation on eMED- All About Health - Research Methods and Dissertation Preparation
Identify major greenhouse gasses other than carbon dioxide : Identify two major greenhouse gasses other than carbon dioxide. Explain difference between Dry Adiabatic Lapse Rate (DALR) and Wet Adiabatic Lapse Rate (WALR).
Creating a presentation for the community on the benefits : You and members of your workgroup have been tasked with creating a presentation for the community on the benefits and risks
What is cost-effectiveness analysis : What is cost-effectiveness analysis? What is the motivation for using cost-effectiveness analysis to prioritize healthcare services?

Reviews

Write a Review

Science Questions & Answers

  Rotter''s social-learning theory

Rotter's social-learning theory states that over time, a behavior and a reinforcer (a consequence) become so closely associated that a person can come to reasonably expect what will happen if they behave in a certain way.

  Difference between carbon neutral and carbon negative

George Washington University - What's the difference between carbon neutral and carbon negative? Give examples.

  Describe the plant life animal life and geology

Describe the plant life, animal life, and geology of the ecosystem in the area in which you live. You can discuss the city, the state or even the country that you live in.What populations and communities are present - in terms of natural flora, fauna..

  Project for this class is a community action plan

Your Portfolio Project for this class is a community action plan designed to alleviate or correct a public-health issue in your community. Your community can be your business, school, neighborhood, town or city of residence or birth, or county.

  Employee standardization and specialization

Which of the following leadership mindset emphasizes tight top-down control, employee standardization and specialization, and management by impersonal measurement and analysis?

  Digital preservation

Digital preservation can be defined as the long-term, error-free storage of digital information, with means for retrieval and interpretation,

  Essential components of emergency action plan

Describe the essential components of an emergency action plan.

  How does life experience change neural connections

How does life experience change neural connections?

  Epicurus theory of justice

Epicurus theory of Justice

  Some of the automotive technology faculty members

One of the chemistry professors working with some of the automotive technology faculty members, invents a new nonflammable compound

  Entity cybersecurity risk management program

Need solution for Drafting Management's Description Of The Entity's Cybersecurity Risk Management Program assignment.

  Identify three types of conflict that groups experience

Identify three types of conflict that groups experience. Of these, which type of conflict do you think is the most destructive to the group? Why?

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd