Risk management framework that requires agencies

Assignment Help Computer Engineering

Reference no: EM133483147

Case: FIPS 200 is a federal standard that specifies minimum security requirements for information and information systems supporting executive agencies. It is part of a risk management framework that requires agencies to assess the security risks and categorize the systems using FIPS 199. FIPS 200 also provides a risk-based process for selecting security controls from several categories, such as access control, audit and accountability, certification, accreditation, and security assessments.

One of the control families described in FIPS 200 is Access Control. A security policy addressing this control family would define the rules and requirements for accessing information and information systems. The policy would include the following components:

Purpose: The purpose of the policy is to establish the rules for accessing information and information systems.

Scope: The policy applies to all users of information and information systems, including employees, contractors, and third-party service providers.

Roles and Responsibilities: The policy defines the roles and responsibilities of different stakeholders, such as system owners, system administrators, and users.

Access Control Requirements: The policy specifies the requirements for accessing information and information systems, such as authentication, authorization, and access control mechanisms.

Enforcement: The policy defines the consequences of non-compliance with the access control requirements.

The primary components of the security policy with respect to the security requirements described within the Access Control family would include defining who is authorized to access which resources under what conditions. This would involve specifying authentication methods, authorization processes, and access control mechanisms. Additionally, the policy would outline procedures for granting, revoking, and reviewing access privileges. It would also specify how access control violations are detected, reported, and addressed.

Reference no: EM133483147

Questions Cloud

Describe the security issues of various network hardware : Examine the TCP/IP protocol suite, well-known ports, and the three-way handshake and Describe the security issues of various network hardware components

Do ethics influence the leadership style of the nurse leader : How does one communicate the characteristics of a role model with this provision? Do ethics influence the leadership style of the nurse leader?

Find assisted living facility on the web : Find an assisted living facility on the web and describe the facility, the services, the pluses and the minuses.

Analyze impact the treatment of tuberculosis worldwide : Analyze current healthcare policies that impact the treatment of tuberculosis worldwide.

Risk management framework that requires agencies : Risk management framework that requires agencies to assess the security risks and categorize the systems using FIPS 199

Where is this study on the levels of evidence pyramid : This should be clearly stated. Where is this study on the Levels of Evidence Pyramid? What are the advantages and disadvantages of this research design?

Improve readmission rates : Can you give an example of using technology to improve outcomes of patients that you have used in the past to improve readmission rates?

Describe the steps for data gathering and analysis : Describe the steps for data gathering and analysis. Be specific about the techniques and algorithms relevant to your chosen operational model

Knowledge and ability to deal with accidents : You are required to complete an incident report (actual or simulated) to provide evidence of your skills, knowledge and ability to deal with accidents

User Account

All Pages