1)
1)DISCUSSION BOARD (200 WORDS)
As the CCISO, senior executives would like to know what security control mechanisms to put in place to mitigate risk and protect the confidentiality, integrity, and availability (CIA) of CB Drifter Technologies assets. They have provided some initial questions and need to discuss them. In this week's discussion provide a 2-3 paragraph total response to the following questions based on NIST control classes:
- What are administrative controls and why are they considered soft controls?
- What is the control class that provides hardware and software functionality, and what are some examples of its functions?
- How does the physical control class protect people, assets, and facilities against physical threats?
2)
2)INDIVIDUAL PROJECT (800 WORDS)
NIST SP 800-53, Security and Privacy Controls for Federal Information Systems and Organizations is a well-known NIST publication consisting of a catalog of security and privacy controls used to assist US federal government agencies in meeting the requirements of FISMA and serves as a best practice framework for other, non-federal entities.
NIST controls are organized into 18 different control families, and as the new CCISO you will need to explain at least 9 of these to the CEO and CTO on their meaning, and examples of their implementation in a 12–15-page slide presentation in MS PowerPoint. On the last technical slide, a summary of the NIST Risk Management Framework Please use the following format for the presentation:
- Title Slide
- Topics of Discussion Slide
- Control ID/Family 1
- Control ID/Family 2
- Control ID/Family 3
- Control ID/Family 4
- Control ID/Family 5
- Control ID/Family 6
- Control ID/Family 7
- Control ID/Family 8
- Control ID/Family 9
- RMF 6-step life cycle with the additional "prepare" component
Note: Include detailed text in the "notes" section to include APA references.