Organization security plan

Assignment Help Computer Networking
Reference no: EM13781293

Organization Security Plan

Choose an organization from the choices provided and prepare a security plan that provides security awareness policy using a security policy framework outline and according the Critical Infrastructure document which concentrates on the following integral keywords to cover the necessary elements of an organization security plan. These are: Identify, Protect, Detect, Respond, and Recover. The plan is a capstone of the work that you have accomplished in this course. You will use your outline to guide the outcome of the plan in addition to the keywords. The plan is an enterprise policy that includes the following considerations, analysis approach, and protections for the enterprise:

• Identify threats and vulnerabilities.

• Assign appropriate security controls to protect the infrastructure of the organization.

• Prepare vulnerability scans and effective risk management protocols to ensure protections remain current and effective and detect any issues.

• Initiate an incident response plan for responding to problems.

• Develop a business continuity and disaster recovery plan to recover from interruptions in business whether manmade or geographical.
This plan must be completed and submitted in MS Word format. Choose from one of the organizations below or request approval from your instructor via email for an alternate organization:

• Department of Defense

• Department of Homeland Security

• General Dynamics Information Technology

• JC Penney's Corporate Office

• University of Maryland

• ITT Technical Institute

• United States Marine Corp

From the Critical Infrastructure document, align your organizational plan to reflect the intent of the document as follows from an excerpt taken from the document and ensure you read the document in its entirety:
"The Framework complements, and does not replace, an organization's risk management and cybersecurity program. The organization can use its current processes and leverage the Framework to identify opportunities to strengthen and communicate its management of cybersecurity risk while aligning with industry practices.

Alternatively, an organization without an existing cybersecurity program can use the Framework as a reference to establish one.
Just as the Framework is not industry-specific, the common taxonomy of standards, guidelines, and practices that it provides also is not country-specific. Organizations outside the United States may also use the Framework to strengthen their own cybersecurity efforts, and the Framework can contribute to developing a common language for international cooperation on critical infrastructure cybersecurity."

1.1 Overview of the Framework

The Framework is a risk-based approach to managing cybersecurity risk, and is composed of three parts: the Framework Core, the Framework Implementation Tiers, and the Framework Profiles. Each Framework component reinforces the connection between business drivers and cybersecurity activities. These components are explained below.

• The Framework Core is a set of cybersecurity activities, desired outcomes, and applicable references that are common across critical infrastructure sectors. The Core presents industry standards, guidelines, and practices in a manner that allows for communication of cybersecurity activities and outcomes across the organization from the executive level to the implementation/operations level. The Framework Core consists of five concurrent and continuous Functions-Identify, Protect, Detect, Respond, Recover. When considered together, these Functions provide a high-level, strategic view of the lifecycle of an organization's management of cybersecurity risk. The Framework Core then identifies underlying key Categories and Subcategories for each Function, and matches them with example Informative References such as existing standards, guidelines, and practices for each Subcategory.

• Framework Implementation Tiers ("Tiers") provide context on how an organization
views cybersecurity risk and the processes in place to manage that risk. Tiers describe the degree to which an organization's cybersecurity risk management practices exhibit the characteristics defined in the Framework (e.g., risk and threat aware, repeatable, and adaptive). The Tiers characterize an organization's practices over a range, from Partial (Tier 1) to Adaptive (Tier 4). These Tiers reflect a progression from informal, reactive responses to approaches that are agile and risk-informed. During the Tier selection process, an organization should consider its current risk management practices, threat environment, legal and regulatory requirements, business/mission objectives, and organizational constraints.

A Framework Profile ("Profile") represents the outcomes based on business needs that an organization has selected from the Framework Categories and Subcategories. The Profile can be characterized as the alignment of standards, guidelines, and practices to the Framework Core in a particular implementation scenario.

Profiles can be used to identify opportunities for improving cybersecurity posture by comparing a "Current" Profile (the "as is" state) with a "Target" Profile (the "to be" state). To develop a Profile, an organization can review all of the Categories and Subcategories and, based on business drivers and a risk assessment, determine which are most important; they can add Categories and Subcategories as needed to address the organization's risks. The Current Profile can then be used to support prioritization and measurement of progress toward the Target Profile, while factoring in other business needs including cost-effectiveness and innovation. Profiles can be used to conduct self-assessments and communicate within an organization or between organizations.

1.2 Risk Management and the Cybersecurity Framework

Risk management is the ongoing process of identifying, assessing, and responding to risk. To manage risk, organizations should understand the likelihood that an event will occur and the resulting impact. With this information, organizations can determine the acceptable level of risk for delivery of services and can express this as their risk tolerance.

With an understanding of risk tolerance, organizations can prioritize cybersecurity activities, enabling organizations to make informed decisions about cybersecurity expenditures. Implementation of risk management programs offers organizations the ability to quantify and communicate adjustments to their cybersecurity programs. Organizations may choose to handle risk in different ways, including mitigating the risk, transferring the risk, avoiding the risk, or accepting the risk, depending on the potential impact to the delivery of critical services.

The Framework uses risk management processes to enable organizations to inform and prioritize decisions regarding cybersecurity. It supports recurring risk assessments and validation of business drivers to help organizations select target states for cybersecurity activities that reflect desired outcomes. Thus, the Framework gives organizations the ability to dynamically select and direct improvement in cybersecurity risk management for the IT and ICS environments."

Reference no: EM13781293

Questions Cloud

Critically assessing situations-critical thinking process : Define free will, truth, knowledge, and opinion. Explain how we use them to form thoughts. What role does each play in critically assessing situations?
Write a paper on what i look forward to spring break : Write a paper on WHAT I LOOK FORWARD TO SPRING BREAK.
What changes will be necessary for shift to a economy : It has been argued that the United States' economy is shifting from a manufacturing base to a "knowledge economy". What is a knowledge economy?
Details for school or program presented on individual pages : Details for each school or program presented on individual pages. A summary of why the school or program is innovative and/or unique.
Organization security plan : Identify threats and vulnerabilities.
Theoretical perspective influences approaches : As you have learned in your readings, Piaget, Erikson, Skinner, and Vygotsky took different approaches to child development. One's theoretical perspective influences approaches to child development. The Jacksons are a young couple living in Center..
Explain the concepts of reactivity and inertia : Explain the concepts of reactivity and inertia as well as how each concept acts as a barrier to change in criminal justice organizations.
Four types of crimes : Generate a chart or table that lists a variety of crime types. Your chart should include at least four types of crimes and should include violent crimes and economic crimes as two of the types.
Buddha practices the middle path/ way of life : Buddha practices the middle path/ way of life. It's called the eightfold path which are the principles to live by (right view, right intention, etc.) you should look that up. The 8 steps are the path to enlightenment. He also believes in the four nob..

Reviews

Write a Review

Computer Networking Questions & Answers

  Creating controller for new satellite

You are allocated to work on project to create controller for new satellite. To save money, manager evaluates you could reuse about 90% of the software.

  Determine different subnets exist in ip network-subnet mask

Write all IP addresses on same subnet as this one. Determine maximum number of hosts in this subnet? How many different subnets exist in IP network by using this subnet mask.

  Calculate the voip traffic load

Calculate the VoIP traffic load in access trunks to the Internet. What is the number of call-attempts during the busy hour at the company's location

  Makes built-in kitchen ovens

The whirlpool factory in Oxford, Mississippi, makes built-in kitchen ovens.3 In the 1990s, this plant re-engineered its processes to become JIT/lean. One of the parts of a particular oven, Part A, is processed by two 600 ton presses (in series), and ..

  Authentication factor utilized by authentication server

which authentication factor is being utilized by authentication server which respond to login request by creating a random number or code.

  Configure a site-to-site ipsec vpn on the dallas router

Configure a Site-to-Site IPSec VPN on the Dallas Router, Which IKE (isakmp) policy would have the highest priority

  Write a movie reviwe about the japanese movie samurai

Write a movie reviwe about the japanese movie "samurai".

  What was the reason for your piracy act

What was the reason for your piracy act. After reading this article, would you still perform piracy. Be honest. What effect do you think would affect the Saudi society if piracy laws are enforced more to the public

  Intercept message and generates alternative message

Computed hash value for the message. Alice is able to intercept message, and generates alternative message that has a hash value that collides with Bob's original hash value. Show.

  What subnet mask would you use

What subnet mask would you use with having the max amount of hosts at each site 1000?

  Factors for moving wireless nics into more dominant role

Explain whether this is still true today, and write down factors are moving wireless NICs into more dominant role, if any.

  Find the rfc which defines ftp protocol

Find the RFC that defines the FTP protocol. Take any non text file (e.g. word document, mpg, excel or any application centric file) Segmentation of a file and forming FTP datagrams: Read first 'x' number of bytes and use them as part of payload sect..

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd