A
recent risk assessment highlighted the need for Red Clay to formalize
the secu
A
recent risk assessment highlighted the need for Red Clay to formalize
the security measures required to protect information, information
systems, and the information infrastructures for the company’s
headquarters and field offices. The CISO has proposed a plan of action
which includes developing system security plans using guidance from NIST
SP-800-18 Guide for Developing Security Plans for Federal Information
Systems.
The
CISO asked you to prepare a two page, draft briefing paper (5-7
paragraphs) for the IT Governance Board and Red Clay Renovations Board
of Directors that introduces Security Control Classes and Security
Control Families related to Red Clay risks. This audience is familiar
with financial controls but has not yet been introduced to the use of
controls in the context of IT security. You should leverage their
knowledge in your explanations of the control classes and families. If
necessary, research “financial controls” as well as IT security controls
before writing this briefing paper.
Your draft briefing paper should include the following items:
An introduction telling the IT Governance Board and the Red Clay Board of Directors the purpose of the draft briefing paper.
A
description of each control class (managerial, operation, and
technical). THEN, write a descriptive paragraph explaining how three
these specific control classes will work together to protect the Red
Clay Renovations IT Infrastructure for the Wilmington, DE Offices
(Headquarters).
From the below table, choose one family control from each of the management, operational, and technical control classes.
Write
a description of each family control, THEN write a descriptive
paragraph explaining how each family control will work to protect Red
Clay’s IT infrastructure.
Select
two sub-family controls (i.e., AC1 and AC6) from each family control.
THEN, write a descriptive example of how this sub-family-control will
protect the Red Clay infrastructure. Your examples should relate to the
Red Clay case study.
Family Control
Family Control
Family Control
Control Class – Management
Planning
Risk Assessment
Program Management
Control Class – Technical Control
Access Controls
Identification & Authentication
System & Communication Protections
Control Class – Operational Control
Awareness & Training
Contingency Planning
Incident Response
Provide in-text citations and references for 3 or more authoritative sources. Put the reference list at the end of your posting.
Leave a Reply