User Account

All Pages

Main elements addressing risk management framework

Assignment Help Basic Computer Science
Reference no: EM13829621

Problem:

The National Institute of Standards and Technology (NIST) replaced the former NIST Special Publication 800-37, Guide for the Security Certification and Accreditation of Federal Information Systems with NIST Special Publication 800-37 Revision 1, Guide for Applying Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach. The NIST document changed from a certification and accreditation framework to a risk management framework because information security management systems should be regularly reviewed, updated, and maintained. It makes more sense to follow a security life cycle approach (continuous monitoring) versus a single one-time static certification/accreditation approach.

For this task, you will be using NIST Special Publication 800-37 Revision 1, Guide for Applying Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach and the attached "Healthy Body Wellness Center Risk Assessment" case study.

You have been hired to apply the NIST's risk management framework to the Healthy Body Wellness Center's information systems. You know that the organization has recently had a risk assessment completed that includes recommendations for implementing security controls and mitigating risks. In your new role, a team of people will be assigned to help you with the task. The first job you are tasked with is creating a to-do list for the specific tasks outlined in each of the six steps in the risk management framework (RMF).

Task:

A. Discuss key elements that need to be addressed as part of the risk management framework by completing the attached "RMF To-Do List."

B. Create a white paper that compares the ISO 27002, COBIT, NIST, and ITIL frameworks by doing the following:

1. Discuss how each framework is most commonly used.
2. Analyze the purpose of each framework design.
3. Evaluate the strengths of each framework.
4. Evaluate the weaknesses of each framework.
5. Discuss the certification and accreditation process for the frameworks.
6. Discuss when you would choose to use each framework (e.g., ISO 27002 versus COBIT, NIST, or ITIL).

C. When you use sources, include all in-text citations and references in APA format.

Additional Information:

This question is from Computer Science and it explains about the main elements addressing risk management framework for ISO 27002, COBIT, NIST and ITIL frameworks.

Total Word Limit: 2642 Words

Reference no: EM13829621

Questions Cloud

Importance of information security : To help prepare for the upcoming installation of computers in the dormitory buildings, the university president has asked you to provide more information on the importance of information security and the possible information in need of protection...
Statement review practices a social tyranny more formidable : practices a social tyranny more formidable
What is market value of the company without the new project : ABC Corporation is investing $500 million in production facilities. The present value of all future cash flows is estimated to be $700 million. Assume that all cash flows are aftertax. ABC has 180 million outstanding shares with a current market pric..
Calculate the velocity using displacement data : Calculate the velocity using displacement data and calculate the velocity using acceleration data - Plot the data and find the best curve fit for displacement and for acceleration.
Main elements addressing risk management framework : The National Institute of Standards and Technology (NIST) replaced the former NIST Special Publication 800-37, Guide for the Security Certification and Accreditation of Federal Information Systems with NIST Special Publication 800-37 Revision 1, G..
Assuming reasonable debt levels and good credit : Common stock financing is often considered the safest form of financing, as the issuing firm is under no obligation to pay dividends. Owners of common shares assume this uncertainty in the hope of favorable returns. Debt financing, assuming reasonabl..
How many justices does it take : How many justices does it take to grant a writ of certiorari
Statement review labour produces for the rich wondrous thing : labour produces for the rich wondrous thing
What are the projects payback and discounted payback periods : (Payback period, net present value, profitability index, and internal rate of return calculations) You are considering a project with an initial cash outlay of $80,000 and expected cash flows of $20,000 at the end of each year for six years. The disc..

Reviews

Write a Review

Basic Computer Science Questions & Answers

  Problems of understanding natural languages

Briefly discussed the problems of understanding natural languages as opposed to formal programming languages and describe how the problem of traveling from one city to another could be framed as a production system. What are the states? What are the..

  Analyze the major threats to mobile devices

Analyze the major threats to mobile devices, and suggest at least two (2) methods to mitigate the concerns and make the devices more secure from an organizational standpoint. Justify your response.

  Service level agreements

Write a short paper on Service Level Agreements. Pick a topic, do the research, use references, be careful about plagiarism, and have fun. Select a specific topic within SLAs, not a general definition.

  Create your own function that accepts one input parameter

Using Pseudocode, create your own function that accepts one input parameter and returns a float number. You decide the theme.

  What is the running time of your method

should handle at least one of the following common misspelling types: swapping two adjacent characters, inserting an extra character, deleting a single character, and replacing a character for another. What is the running time of your method?

  Identify people to interview to learn new training activity

Draft a project scope statement for the TIMS system and describe the constraints. She said be specific. Need to identify the people want to interview to learn more about the new training activity, and prepare a list of the questions I will ask.

  Data for applications built with modern technologies

1. Provide an example of a software component and another example of a software service. Explain what these examples have in common and how they differ. 2. Consider a legacy system and explain how services could be used to implement wrappers to provi..

  Compute pressure if temperature and number of moles produces

A container with the ideal gas, temperature, and number of moles produces what pressure? What occurs if source voltage is restored to 12 V, but resistors change?

  Specific role an information system

What is a specific role an information system can play in an organization? What are three components of this system? How do they work in the enterprise?

  Design and implement an application that computes and prints

Design and implement an application that computes and prints the mean and standard deviation of a list of integers x1 through xn. Read the value of n, as well as the integers, from the user.

  Use regression analysis definition

Problem 3.  For the following set of points, calculate the value of 'r' and infer how are the points correlated. Use regression analysis definition or 'r' using covariance (x, y), var(x) and var(y).

  Research how media providers use cloud services

(1) Research How Media Providers Use Cloud Services

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd