1) 1)DISCUSSION BOARD (200 WORDS) As the CCISO, senior executives would like to know what security...

Question

1)
1)DISCUSSION BOARD (200 WORDS)

As the CCISO, senior executives would like to know what security control mechanisms to put in place to mitigate risk and protect the confidentiality, integrity, and availability (CIA) of CB Drifter Technologies assets. They have provided some initial questions and need to discuss them. In this week's discussion provide a 2-3 paragraph total response to the following questions based on NIST control classes:

What are administrative controls and why are they considered soft controls?

What is the control class that provides hardware and software functionality, and what are some examples of its functions?

How does the physical control class protect people, assets, and facilities against physical threats?

2)
2)INDIVIDUAL PROJECT (800 WORDS)

NIST SP 800-53, Security and Privacy Controls for Federal Information Systems and Organizations is a well-known NIST publication consisting of a catalog of security and privacy controls used to assist US federal government agencies in meeting the requirements of FISMA and serves as a best practice framework for other, non-federal entities.

NIST controls are organized into 18 different control families, and as the new CCISO you will need to explain at least 9 of these to the CEO and CTO on their meaning, and examples of their implementation in a 12–15-page slide presentation in MS PowerPoint. On the last technical slide, a summary of the NIST Risk Management Framework Please use the following format for the presentation:

Title Slide

Topics of Discussion Slide

Control ID/Family 1

Control ID/Family 2

Control ID/Family 3

Control ID/Family 4

Control ID/Family 5

Control ID/Family 6

Control ID/Family 7

Control ID/Family 8

Control ID/Family 9

RMF XXXXXXXXXXstep life cycle with the additional "prepare" component

Note: Include detailed text in the "notes" section to include APA references.

Shubham · Accepted Answer

Discussion Board
Administrative controls include procedures, training, policy and shift design. It can help in improving the safety in the workplace by putting in place rules and policies for reducing the occupational risk faced by workers. It is considered a soft skill because it can help in emphasizing on implementation of policies, procedures and practices for ensuring safety management. 
The control class includes use of system software that is designed for running the hardware along with software and it can help in serving the interface between application software, hardware and user. It includes the function of the system along with allocation of system resources, storing files and managing storage space. It includes use of control for coordinating with computer hardware devices and it can help in running software and applications on computer. 
Physical security can help in keeping facilities, employees and assets safe from the threats in the real-world. Threats can arise from external or internal intruders that can question the data security (Roy, 2020). Physical security can help in preventing unauthorized people from accessing the premise, assets and information. It can help in maintaining the confidence and trust of organizations and people. 
Individual Report
Introduction
The NIST risk management framework includes guidelines and standards and it operates a federal information system that suits the NIST risk management. It is developed for implementation of the risk based approach for managing the information security risk. It can help in providing flexibility for managing privacy and security risk for supporting risk management programs. 
Access Control
The access control includes the security requirement that can help in providing the detailed system login information. It includes the way for accessing reporting capabilities and assets like system privileges, remote access logging and account management (Gordon, Loeb & Zhou, 2020). Remote accessing can help in determining users that can gain access to the system and it also helps in defining the level of access. It provides security for regulating and using resources in the computing environment. 
Audit and Accountability
The control family consists of the security controls that are related with the audit capabilities of the organization.

1) 1)DISCUSSION BOARD (200 WORDS) As the CCISO, senior executives would like to know what security control mechanisms to put in place to mitigate risk and protect the confidentiality, integrity, and...

Solution

Answer To This Question Is Available To Download

Related Questions & Answers

Submit New Assignment