Purpose
The purpose of this assignment is twofold.
First, I want you to get familiar with reading official documents related to information security. Security professionals need to be able to read documents like the NIST Security Publications to understand best practices. They also provide weight to recommendations when talking with executives about security decision making.
Second, I want you to be able to teach yourself new things. You may read about things in NIST 800-53 that you don’t already know about. Take time to do some research and learn more. Google is your friend.
Instructions
Look at NIST SP 800-53 (Links to an external site.), Appendix F: Security Control Catalog
Identify one family of controls you would like to learn more about
Review controls within that family
Identify 2 controls you will research
GRAD STUDENTS: 2 families, 2 controls per family.
For the 2 controls you choose: write at least 800 words (total), grad students 1500 words.
List control titles
Describe what the control entails
Describe at least one way an organization could implement that control (each control)
Do some research and include at least one external source per control (properly cited) to support what you say
You don’t have to cite NIST SP 800-53 unless you are quoting directly, but cite any external sources
Very basic (and short) example
I chose the family Identification and Authentication (starts on page F-90), and the controls IA-1, IA-3, and IA-5.
IA-1 Identification and Authentication Policy and Procedures
Identification and Authentication policy and procedures refers to an organization’s need to have specified policies related to these two important concepts. The policy needs to address who should be authenticated, and what types of activities require authentication. The policy can also outline how authentication will work across organizations, for example, how contractors can obtain authentication credentials for their work on internal systems. A good authentication policy will define the scope of the policy, too.
One good component of an authentication policy is the Acceptable Use policy. Requiring that all users accept some terms and conditions before accessing a network can be set as a prerequisite (Jackson Hole, n.d.).
The IA-1 requirement also specifies that the organization should review and update the policies and procedures on a regular basis. Such reviews could be a part of the policy itself, and should be carried out regularly to ensure that they are (a) being followed, and (b) serving the needs of the business.
Sources:
Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.
Read moreEach paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.
Read moreThanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.
Read moreYour email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.
Read moreBy sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.
Read more