User Account

All Pages

Reply to science red clay renovations discussion

Assignment Help Science
Reference no: EM133196645

Assignment - Reply to Science Red Clay Renovations Discussion

Red Clay Renovations is an internationally recognized, awarding winning firm that specializes in the renovation and rehabilitation of residential buildings and dwellings. The company specializes in updating homes using "smart home" and "Internet of Things" technologies while maintaining period correct architectural characteristic.

With  all the recent cybersecurity attacks and considering the speed  technologies are evolving and the security risks related to the type of technologies  (IoT, smart devices) used by the company , it will be important to reconsider Some of Red clay's IT security practices. As a first step, a risk assessment was performed on Red Clay Renovation's IT systems and infrastructure; according to the findings it was recommended for the company to formalize the security measures required to protect information, information systems, and the information infrastructures for the company's headquarters and field offices. So this briefing paper will help propose a plan of action which will help develop system security plans including Security Control Classes and Security Control Families related to Red Clay risks.

When talking about system security plans for companies such as Red clay, we immediately touch bases with concepts such as Security Control Classes and Security Control Families. Security controls are safeguards or countermeasures to avoid, detect, counteract, or minimize security risks to physical property, information, computer systems, or other assets. According to recent studies, they are 3 well known classes of security control classes (Lord, 2018):

-Management controls: The security controls that focus on the management of risk and the management of information system security.

-Operational controls: The security controls that are primarily implemented and executed by people (as opposed to systems).

-Technical controls: The security controls that are primarily implemented and executed by the system through the system's hardware, software, or firmware.

All these 3 classes of controls are necessary for robust security. For example, a security policy implemented at the Wilmington, DE Offices (Red Clay's Headquarters) (Bring Your Own Device policy) is a management control, but its security requirements are implemented by people (operational controls) and systems (technical controls) within the company. Think of phishing attacks, Red Clay Renovation may have implemented   an acceptable use policy that specifies the conduct of users, including not visiting malicious websites. Security controls to help thwart phishing, besides the management control of the acceptable use policy itself, include operational controls, such as training employees and users from all the fields  not to fall for phishing scams, and technical controls that monitor emails and web site usage for signs of phishing activity (MDNDocs, 2019).

According to the NIST Special Publication SP 800-53, there is a total of 18 security control families. But on this paper, we will focus on the following security control families (NIST, 2013):

Planning (management control class): this control addresses the establishment of policy and procedures for the effective implementation of selected security controls and control enhancements in the PL family. This family contains subfamilies such as PL4 Rules of Behavior (Establishes and makes readily available to individuals requiring access to the information system, the rules that describe their responsibilities and expected behavior with regard to information and information system usage) and PL-8 information security architecture (addresses actions taken by organizations in the design and development of information systems).

Identification & Authentication (Technical control class): the information system uniquely identifies and authenticates organizational users (or processes acting on behalf of organizational users). This control applies to all accesses other than: (i) accesses that are explicitly identified and documented in AC-14; and (ii) accesses that occur through authorized use of group authenticators without individual authentication. This family contains subfamilies such as IA-3 device authentication and identification (Organizational devices requiring unique device-to-device identification and authentication may be defined by type, by device, or by a combination of type/device) and IA-7 cryptographic module authentication (The information system implements mechanisms for authentication to a cryptographic module that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication).

Incident Response (Operational control access): This control addresses the establishment of policy and procedures for the effective implementation of selected security controls and control enhancements in the IR family. Policy and procedures reflect applicable federal laws, Executive Orders, directives, regulations, policies, standards, and guidance. This family contains subfamilies such as IR-2 incidence response training (the organization provides incident response training to information system users consistent with assigned roles and responsibilities) and IR-3 incidence response testing (the organization employs automated mechanisms to more thoroughly and effectively test the incident response capability).

Reference no: EM133196645

Questions Cloud

How is the world understood differently in new institutional : How is the world understood differently in new institutionalist approaches compared to International or Global ones?
Critique post - selecting & implementing security controls : Critique post - Selecting & Implementing Security Controls Discussion - Security control classes define and shape the security planning for an organization
Natural history and physical characteristics of thylacine : Describe the natural history and unique physical characteristics of the thylacine. What it ate, where it lived, and what did it look like?
Identify unique problems or considerations : Identify unique problems or considerations that apply to pregnant women. Compare and contrast your pregnant women to the overall U.S. population.
Reply to science red clay renovations discussion : Reply to Science Red Clay Renovations Discussion - According to the NIST Special Publication SP 800-53, there is a total of 18 security control families
Argue - do rich people bear responsibility on climate change : Do rich people rather than rich countries bear the greatest responsibility for climate change? Argue on this statement.
How your understanding been affected by social sciences lens : How has your understanding been affected by the social sciences lens? How does the social sciences lens support the lens you previously used?
Reply to science cybersecurity loopholes discussion : Reply to Science Cybersecurity Loopholes Discussion - The purpose of this briefing is to address the results of a recent risk assessment analysis conducted
Prepare dissertation on emed- all about health : Prepare Dissertation on eMED- All About Health - Research Methods and Dissertation Preparation

Reviews

Write a Review

Science Questions & Answers

  Cloud computing-discusses how sarbanes-oxley affects

Discusses how Sarbanes-Oxley affects those organizations with a cloud presence and what areas they need to be cognizant of to ensure compliance with the law.

  Compare and contrast the relationship between race

Compare and contrast the relationship between race, color, and class in late nineteenth and early twentieth century Mexico and Brazil. What was the role of whiteness in the project of nation making in these two nations?

  Describe the negative social consequences of informal

Describe the action proposal presented in your report for how the negative consequences associated with informal labor may be resolved.

  Digital age and education and humanities

Why the humanities still matter even in digital age and Education and Humanities

  What health topics do you find meaningful or of interest

As you prepare to formulate questions that can be translated into research designs, what health topics do you find meaningful or of interest, and why?

  Criminal justice systems

Now that you have had a brief exposure to the American Criminal Justice system, what do you think of our system compared to others? What would you change if you had the power to change any part (or all) of it? Why? Finally, what do you see, or hope t..

  Create hypothetical scenario

Create a hypothetical scenario for your primary post that demonstrates one of the theories you studied from any of your previous human service courses.

  Describe your blast results providing accession number

Are there nucleotide sequence/s which correspond to your cDNA (ie derived from the same gene/same organism) in the NCBI database?

  Proactive approach to risk management

Prevention through design (PtD) is a proactive approach to risk management often used within the safety and health field.

  Electronic health care records

Explain the differences between electronic health record implementation, adoption, and optimization.

  What is community bio medical waste treatment plant

What is Community Bio medical waste treatment plant (CBWTF)? What are the conditions to plant a CBWTF? What kind of treatment facilities should a common CBWTF have?

  Review the history of continental drift

You will review the history of continental drift and plate tectonics, and you complete the worksheet found here.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd