This assignment is your final project and is due on Day 7 of this module. The assignment consists of one deliverable in two parts: Part I: White Paper assignment You have been tasked to brief the mana

Do you need academic writing help with your homework? Let us write your papers.


Order a Similar Paper Order a Different Paper

This assignment is your final project and is due on Day 7 of this module. The assignment consists of one deliverable in two parts:

Part I: White Paper assignment

You have been tasked to brief the manager/CFO or CEO your company about the process you use to assess risk, authorize a system for operation, and monitor the system once it is in operation. Your goal is to explain how you will ensure that the system remains secure in light of:

Save your time - order a paper!

Get your paper written from scratch within the tight deadline. Our service is a reliable solution to all your troubles. Place an order on any task and we will take care of it. You won’t have to worry about the quality and deadlines

Order Paper Now

changes to personnel,

changes to the hardware/software/firmware, and/or

changes to the environment (imagine that your company is sharing an office with another organization or sharing the office with contractors).

Create a white paper (7-10 pages, not including title and reference pages) identifying all aspects of the Risk Management Framework, including a plan for continuous monitoring. In order to have an effective continuous monitoring program you have to have a process to get to that point in the process. Risk and threat assessments are not once and done evaluations. They need to be dynamic and they need to be re-done if anything relates to the system changes.

Your white paper must be double-spaced, use a standard 12-point font and standard margins. At least two APA formatted in-text citations are required plus appropriate references must be listed. (Note: No wiki or blog references are allowed).

Your document should be free of spelling and/or grammatical errors.

Part II: Information Systems Security Plan

Revisit your   Information Systems Security Plan Template Click for more options  and finish the last five sections (11-15). The answers/info will be based off of everything you have been doing in the modules for this course, for the company you have been reporting on. Keep in mind that your company is sharing the building with another organization.

Note: Working back and forth between this and the white paper will help provide the input needed for both of them.  You can refer back to this document (ISSP) once completed, in the white paper so as to reduce redundancy.

Your document should be free of spelling and/or grammatical errors.

To understand how your work will be assessed, view the assignment  scoring rubric Click for more options .

Attach the Information Systems Security Plan to the end of the White Paper and submit both as one document by clicking on the assignment title.

This assignment is your final project and is due on Day 7 of this module. The assignment consists of one deliverable in two parts: Part I: White Paper assignment You have been tasked to brief the mana
6 Assessing Security Controls Measures Student Name Institutional Affiliation Course Code Instructor’s Name Date of Submission Part 1 The security measures were associated with unreasonable risks of harm resulting from malfunctioning behaviors from the technological systems, which justified non-compliance to the security measures. These compliance issues would be solved by ensuring that compatible programs were installed on the computer, and also, the information technology teams should ensure that the programs used would be compatible with the hardware systems used in the organization. The incompliance and malfunctioning behaviors would have led to a cyber-breach affecting the information stored in the organization’s information systems. From the company’s security controls, a non-compliance threat was led by poor uses of technical controls. This is because there were no policies defined when working on protection measures, such as using strong encryption passwords, lack of updating the automation software and antivirus programs and also the networks of the company were not well protected by the technical teams. If the technical systems are not well protected, cyber intruders can brute force the passwords accessing the data, breaching policies associated with confidentiality and integrity of the data, which is a matter of the company’s national security. (Alias, 2019) Non-compliance risks were associated with security control of the company as there were no policies, procedures and guidelines set when accessing the administrative security controls of the computers. Implementing policies on administration use would allow effective procedures to be used when accessing the administrator’s level leading to security compliance. Different users would have access to the administrations of the computers and this posed a huge threat as they would use different programs where some of them were not secure enough to be used under administrator’s privileges. This incompliance threat led to many risks as different workers would try to use test codes programs which would lead to malicious codes in the system which would lead to threats such as remote access of the computers. In security organizations, phishing is among the non-compliance threats, thus making users submit their login credentials to fake websites, thus compromising their accounts. When using computers, it becomes tedious for users to check all the URL(s) to the web pages they visit. An organization can solve this threat by applying web filters, and firewalls that block phishing websites can be an appropriate way to prevent users from accessing the phishing websites. Furthermore, the risk would also be solved by creating and implementing policies to ensure that the users do not access phishing websites which would prevent security breaches from the company. (Nicho, 2018) Part 11 A POA&M that identifies the non-compliance security controls, remediation actions and long-term tasks that were discussed One of the non-compliance risks experienced was the unreasonable risk resulting from the malfunctioning behaviors of the technological systems. The most effective remediation action was monitoring the compliance of the software and hardware used in the computers. The long-term action for this non-compliance would be upgrading the computer hardware, thus facilitating compliance between computer hardware and computer software. (Young, 2014) The second non-compliance risk identified in the company was a lack of effective policies on technical controls. With effective policies, it can be challenging for intruders to get to the system, thus facilitating full-time protection of the files. This increased vulnerabilities as intruders can use different attacks to get to the system. The best remedy to prevent this type of attack is by introducing policies and implementing them to ensure that all the workers in the organization can adhere to the procedures stated. Non-compliance threats were identified when accessing administrator’s permissions as solid security measures were not set to protect the computers. If would be an effective approach if the information technology teams protected the computers to their bios level where intruders with physical permissions would not use live operating systems to use the computers if they had access to them. Most of the computers were protected with weak passwords, and it would be an easy process for intruders to bypass them and have access to the computers. Non-compliance threat could be identified as poor technical controls of the computers as the protection procedures set were not up to the required standards when using the computers. Technical aspects of the information technology, such as the networks, required strong encryptions where it would be hard for the intruders to get into the computers, thus ensuring no one outside the perimeters could access the network. Protecting the network would have a long-term implication as intruders would not be able to get to the system. Reference Alias, R. A. (2019). Information security policy compliance: Systematic literature review. Procedia Computer Science, 161, 1216-1224. Nicho, M. (2018). A process model for implementing information systems security governance. Information & Computer Security. Young, W., & Leveson, N. G. (2014). An integrated approach to safety and security based on systems theory. Communications of the ACM, 57(2), 31-35.
This assignment is your final project and is due on Day 7 of this module. The assignment consists of one deliverable in two parts: Part I: White Paper assignment You have been tasked to brief the mana
5 Risk Management Framework Student Name Institutional Affiliation Course Code Instructor’s Name Date of Submission Introduction In information systems, the risk management framework is a federal government guideline that is used in helping to secure the information systems by the national institute of standards and technology. One of the risks identified in the computers included malfunctioning behaviors from the technology systems, resulting from a lack of compliance between the hardware and the software used in the computers. If the computers portray malfunctioning behaviors, the computers are likely to begin to lag, affecting the tasks carried out in the organization. If programs and the hardware of the computers are not compatible, new vulnerabilities are likely to emerge, and intruders might exploit the vulnerabilities for their benefit, affecting the organization’s security. This security breach can be solved by ensuring that the software installed on the computers is compatible with the computer hardware used in the company. Furthermore, when the information technology specialists are making software updates, they should always ensure that they know the hardware requirements, and this will allow them to identify how easy the programs would run when installed on the computers. (Alias, 2019) With the new market trends, information technology is advancing rapidly, and organizations need to update computer hardware. In the past century, it was almost impossible to use biometric scanners as they were tough to set up as the technology was complex. With the development of technology, different systems such as biometric scanners can be used, making it hard for people without the authorized permissions to get to the organization. Regular information system updates are likely to enhance compatibility, thus leading to robust security. Poor use of the technical controls of the company was another non-compliance risk identified in the information security infrastructure. The technical controls of the company did not have guidelines on how the network was to be protected, thus leading to risks that the cybercriminals would exploit. Some of the technical systems that were poorly protected included poor network protection as the access points were protected using short phrases which would easily be brute forced by the intruders to the information systems. Another technical control issue would be seen in some computers used by different administrators as they encrypted the computers using passwords as their names, and the intruders would have an easy time when he was accessing the computers. If the computers are not well protected and in the network, intruders can access them remotely, affecting various tasks, including data integrity and data confidentiality and also they might alter the financial records of the company. The most effective approach to solve this would be implementing effective policies on how different workers would develop complex passwords, thus making it hard for intruders to access the computers. (Nicho, 2018) In the organization, users had access to all types of webpages as there were no filters that the company used to prevent users from visiting particular sites. This made the users and administrators visit phishing websites, sharing their credentials with people with malicious intentions. To prevent the company’s users from visiting phishing websites, web filters would be used, which would allow blocks to phishing websites to be blocked. Furthermore, if antivirus programs such as Kaspersky are installed and regularly updated, they can block users from accessing phishing links, thus enhancing the company’s security. Reference Alias, R. A. (2019). Information security policy compliance: Systematic literature review. Procedia Computer Science, 161, 1216-1224. Nicho, M. (2018). A process model for implementing information systems security governance. Information & Computer Security.

Our team of vetted writers in every subject is waiting to help you pass that class. With keen editors and a friendly customer support team, we guarantee custom-written, original, high-quality papers. Get top grades.


Order a Similar Paper Order a Different Paper