Question

In: Computer Science

For your organization/business, take the NIST Cybersecurity Framework controls and reduce them to system configuration requirements...

For your organization/business, take the NIST Cybersecurity Framework controls and reduce them to system configuration requirements and system test cases with pass/fail criteria. Refer to the "Framework for Improving Critical Infrastructure Cybersecurity," located within the Course Materials. Then, include the following in a report:(Hint..The professor wants us to use table 2 of the cybersecurity framework(CSF) to answer this question.I know the question has to do how some of the controls of the protect function of CSF cannot work for mobile devices like laptop, smartphone etc..My problem is I do not see how everything comes together)

  1. Describe when some controls cannot be implemented (such as on a personal laptop).
  2. Explain what is to be done in each case identified above to compensate for controls that cannot be implemented (e.g., create an identification authentication scheme).
  3. Demonstrate how compensating controls can ensure the non-compliant system can continue to operate within the secured and compliant environment.
  4. Discern the likelihood of a cybersecurity breach within the compliant environment and the impact it might have on the organization (make sure to consider emerging risks, threats, and vulnerability).

Solutions

Expert Solution

1) Description when some controls cannot be implemented (such as on a personal laptop).

One of the biggest threat basically comes from personal laptop is connections with networks. When the personal laptop connected to network, firewall provides protection. When there is only stand alone personal laptop then implementation of security control is easier, when laptop is connected to network in such case implementation of security control is very difficult.  

2) Explain what is to be done in each case identified above to compensate for controls that cannot be implemented (e.g., create an identification authentication scheme).

Creation of authentication essentially collects credentials that determine whether user is legitimate or not. while authentication, agents program interact and communicate with policy server(PS) in order to determine the proper credential about the particular user during requesting for a particular service.

Owners of data resources or network resources wishes to verify the correctness of the user, who is trying to access the resources that are stored in diverse location. Identifying a particular user which determines which parts of the resource user is trying to access. keep tracking unknown uniquely is vital because history is used to provide the details activities of the user.

3) Demonstrate how compensating controls can ensure the non-compliant system can continue to operate within the secured and compliant environment.

  • Identify divers locations of data stored and accordingly define compliance scope.
  • Gain visibility over data as well as control over sensitive and private data.
  • Periodically keep monitor system security control as well as compliance of the system.
  • Training and hands on session about security awareness to all the members working in particular organization.
  • Filling of questionnaires on compliance self-assessment is essential without validating some of the security controls.

4) Discern the likelihood of a cyber security breach within the compliant environment and the impact it might have on the organization (make sure to consider emerging risks, threats, and vulnerability).

Cyber Threats

Cyber threats is a cyber security event which causes harm inside the system. Some of the example of cyber threats are phishing attack which enable an attacker to install Trojan software and stealing private data from user's application, second one is when an system administrator leaving deliberately data which leads to data breach.

Vulnerabilities

Major weaknesses in a particular system is refer to as vulnerabilities. Vulnerabilities essentially, make threat which is very dangerous for the system. Any system must be exploited via a single vulnerability, take an example of single SQL Injection attack, which gives full control to attacker on private and sensitive data.

Risks

A cyber security risk is collection of threat probability and loss that can happen in a particular system. One example of the risk is private and sensitive information theft is biggest threats which SQL injection can enables.


Related Solutions

Explain what is to be done when cybersecurity framework controls (NIST SP 800-53) cannot be implemented.
Explain what is to be done when cybersecurity framework controls (NIST SP 800-53) cannot be implemented.
What is the NIST "Framework for Improving Critical Infrastructure Cybersecurity" and how does it relate to...
What is the NIST "Framework for Improving Critical Infrastructure Cybersecurity" and how does it relate to our Textbook Chapter 4 content? Also, provide an example of a NIST Guideline and an example of a NIST Best Practice; how could you apply those examples you identified to your use of the Internet? Your job is to read the Assignment Document Executive Summary Assignment Document: http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf See chapter 4 from This book security + guide to network security fundamentals
NIST cybersecurity framework. Summarize the purpose, approach, goals, and scope of this topic publication.( cite references)
NIST cybersecurity framework. Summarize the purpose, approach, goals, and scope of this topic publication.( cite references)
Describe when some cybersecurity framework controls cannot be implemented (such as on a personal laptop, IoT,...
Describe when some cybersecurity framework controls cannot be implemented (such as on a personal laptop, IoT, and other mobile devices).
Take any organization of your choice and explain the framework of IS/IT Strategy formulation and planning...
Take any organization of your choice and explain the framework of IS/IT Strategy formulation and planning process. Given below are the steps you may consider for explaining the framework of IS/IT Strategy. 1.Initiate Strategy Process 2.Understand the Current Situation and Interpret Business Needs 3.Determine the Business IS strategy 4.Define Information and  Systems Architecture 5.Deliverables
Adequate controls have to be implemented if an organization wants to reduce errors and fraud when...
Adequate controls have to be implemented if an organization wants to reduce errors and fraud when using computer technology. It is in the design stage of an information system that the appropriate controls are planned to ensure reliability of data. A good design can prevent both intentional and unintentional alteration and destruction of data. The data controls can be classified as input controls, process controls, and output controls. For each of these control categories, provide two specific controls, and state...
Select a system engineering organization, identify the entry level requirements for the organization, and develop a...
Select a system engineering organization, identify the entry level requirements for the organization, and develop a set of descriptions for an individual at each skill level: basic, intermediate, and supervisory.
a new idea of a system that can be applied to the organization requirements are: 1-define...
a new idea of a system that can be applied to the organization requirements are: 1-define the Idea 2- define problem 3- objectives of system 4-Requirement 5-Main challenges of system development Or Why system fail ? ( high cost , existness of digital devide ) 6- target population
In implementing Electronic document management system (EDMS), develop business requirements document (BRD) that details the requirements...
In implementing Electronic document management system (EDMS), develop business requirements document (BRD) that details the requirements and design for an enterprise EDMS. This should to address creating a new EDMS to be used by a company to store and track all e-documents. Also, • Identify the types of e-documents and other content that can be created • For each type of e-document, provide an example e-document • Define the key personnel within who require access to the EDMS.
Choose an organization of your choice, write a Software Engineering project proposal informing them about the benefits of upgrading/changing their system or implementing a new system.
Choose an organization of your choice, write a Software Engineering project proposal informing them about the benefits of upgrading/changing their system or implementing a new system. The proposal should be a brief out line (about five A-4 size pages or 1500 words is the maximum limit) of your future work. It should be done according to group. The proposal must have the following headings:Guidelines for SE Project Proposala) Title of the project (not more than 5-7 words)b) Introduction and Statement...
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT