Challenge 3 – Risk Mitigation Strategy
Description
For this mission, you will leverage your research from Challenge #1 and prognosis from Challenge #2 to impact a possibility mitigation draw to your chosen company. If considerable, you can well alter your Information Usage Profile or your Risk Profile the utilize of suggestions from your trainer and additional data from your readings and research. The deliverable for this mission will be a Risk Mitigation Strategy that entails a Security Controls Profile basically based mostly upon the protection and privateness controls catalog from NIST SP 800-53 Revision 5 and the protection capabilities and identifiers from the NIST Cybersecurity Framework (CSF) Model 1.1.
● NIST SP 800-53 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5.pdf
● NIST CSF https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf
Ticket: Table 2 Framework Core in Appendix A of the NIST Cybersecurity Framework offers a crude-reference for every purpose/class/sub-class to the protection and privateness controls from NIST SP 800-53.
Overview Guidance for Information Security Capabilities & Controls
1. Overview the NIST Cybersecurity Framework with a explicit focal point on the Capabilities, Classes, and Sub-Classes. Keep in suggestions how these capabilities could well well also be employed to mitigate the hazards you identified and documented in Challenge #2.
2. Overview Chapter 2 in Security and Privateness Controls for Information Methods and Organizations (NIST SP 800-53). Pay special attention to half 2.2 Preserve watch over Structure and Group.
3. Overview Appendix A in the NIST CSF to establish security Capabilities/Classes/Sub-Classes which specifies possibility mitigations which could well well be applied to diminish or get rid of every possibility listed to your Risk Mitigation Strategy Controls Profile (Table 2).
Originate and Doc Your Security Controls Profile
1. Overview the pattern security controls profile offered in Tables 1 & 2 on the conclude of this file. Expend this pattern to handbook your security controls prognosis and the formatting of your Risk Mitigation Strategy Security Controls Profile. The pattern entry in Table 2 changed into derived from the entry confirmed beneath (supply: NIST CSF Appendix A Table 2 Framework Core).
2. Replica your Risk Profile (Table 1) from Challenge #2 valid into a brand recent file (to your project submission). Then reproduction the Risk Mitigation Strategy Security Controls Profile (Table #2) from this project file into your mission submission file (put it after Table #1). Delete the pattern textual recount from Table #2.
3. Switch the RISK ID and RISK TITLE columns from Table 1 into Table 2. Right here is how you will hyperlink your Risk Profile to your Risk Mitigation Strategy. You ought to dangle 15 or more dangers related to the corporate’s commercial operations, utilize of the Web, the corporate’s IT programs and infrastructures (including “applied sciences in utilize”), and the forms and collections of data odd by the corporate.
4. For every row to your Table 2 (Risk Mitigation Strategy Security Controls Profile), desire a security purpose from the NIST CSF which could well well be applied to mitigate the identified possibility. Then, evaluation the Category and Sub-Category data for that purpose. Resolve quite so a lot of sub-classes and enter these into your table in the CSF Category ID column.
5. The usage of the Informative References offered in the NIST CSF Appendix A Table 2: Framework Core, establish 2 or 3 security controls which, if applied, will support to mitigate the explicit possibility listed to your possibility profile.
6. Write a temporary myth description of the chance mitigation draw to your identified possibility. This draw ought to rep from your selected security purpose and controls. Expend the ABC hallmark for writing for govt audiences: accuracy, brevity, and clarity.
Originate Your Risk Mitigation Strategy
1. Overview Chapter 1: The Industrial Case for Resolution Assurance and Information Security in the (ISC)2 SSCP Methods Security Certified Practitioner Official Gaze E book (the direction textbook).
This useful resource will enable you desire what data to embody as segment of your Risk Mitigation Technique to your selected company. One more essential useful resource for determining what data ought to be included to your draw is: https://www.workfront.com/mission-management/lifestyles-cycle/initiation/commercial-case
Ticket: this project does no longer require a tubby commercial case. You are no longer required to supply financial data, implementation plans, and many others. Your presentation of your draw ought to focal point on these sections of a commercial case: o Industrial diagram back or quite so a lot of
o Benefits o Risk o Technical Solutions o Timescale o Affect on Operations
2. Title biggest practices for data security and reasons / justifications for allocating sources (folks, money, applied sciences) to put in force security controls. That it’s probably you’ll well obtain related biggest practices and justifications listed in the Govt Summaries and opening chapters of NIST SP 800-30, NIST SP 800-37, NIST SP 800-53, and the NIST Cybersecurity Framework. That it’s probably you’ll well luxuriate in to chat about your solutions by manner of timeframe for implementation: instantaneous, near-term (6 months?), medium term (12-18 months), within the next two years, and many others. Judge that there could well well ought to be tradeoffs between time and money.
3. Rep up your solutions to formulate your Risk Mitigation Strategy. At a minimum, this half ought to embody a summary of the commercial diagram back (decrease dangers related to data and IT programs and infrastructures), the advantages of enforcing security controls, the general forms of dangers to be mitigated (focal point on the CIA triad), and the policy, processes, and technical choices being instructed.
Write
1. An introduction half which gives a temporary introduction to the corporate and the guidelines
/ data abilities dangers that it faces (you can well well reuse just a few of your myth from Challenge #1 and/or Challenge #2). Your introduction ought to embody a temporary overview of the corporate’s commercial operations. Snort this with a description of the cause and contents of this Risk Mitigation Strategy deliverable.
2. A separate prognosis half in which you sleek your Risk Profile. Initiate with a summary of your Risk Profile. That it’s probably you’ll well reuse your introductory paragraph from Challenge #2 (revise if considerable) where you explained your possibility profile (what data is contained in the table and what sources were odd to impact this data). Consist of a description of the job and documents odd to put the Risk Profile. Expose the advantages of the utilize of a possibility profile to wait on address possibility. The citations and named documents in this paragraph will support as citations and attributions for the contents of Table #1 (bring Table #1 Risk Profile ahead from Challenge #2 and update if wished). Rep Table #1 on the conclude of this half.
3. A separate prognosis half (Security Controls Profile) in which you sleek your Security Controls Profile. Provide an introductory paragraph that explains the protection controls profile, e.g., what data is contained in the table and what sources were odd to impact this data. Picture the job and documents odd to put the Security Controls Profile.
4. A separate half (Risk Mitigation Strategy) in which you sleek a high-level draw for enforcing the chance mitigations (security controls) offered earlier in this deliverable. This half ought to embody a summary of the commercial diagram back (decrease dangers related to data and IT programs and infrastructures), the general forms of dangers to be mitigated (focal point on the CIA triad and summarize the hazards you beforehand identified), the advantages of enforcing security controls listed to your Security Controls Profile, and the policy, processes, and technical choices being instructed for implementation (aligned to your Security Controls Profile).
5. A separate Solutions and Conclusions half which gives a summary of the guidelines contained in this deliverable and affords your concluding statements regarding the commercial need and commercial advantages which enhance enforcing your Risk Mitigation Strategy and the allocation of sources by the corporate.
Post Your Work for Grading and Feedback
Earlier than you put up your work, test the rubric (displayed in the Assignment Folder entry) to impact particular that you will dangle lined all required recount including citations and references.
Post your work in MS Notice structure (.docx or .doc file) the utilize of the Challenge #3 Assignment to your project folder. (Set the file.)
Further Information
1. Your 8 to 10 net page deliverable ought to be legitimate in look with fixed utilize of fonts, font sizes, colors, margins, and many others. You ought to utilize headings and sub-headings to prepare your paper. Expend headings which correspond to the recount rows in the rubric – this could well impact it more uncomplicated to your trainer to obtain required recount parts and could well well enable you impact particular that you will dangle lined all required sections and recount to your paper.
2. The talked about net page length is a advice basically based mostly upon the recount requirements of the project. All pages submitted will be graded however, for the wonderful grades, your work ought to be determined, concise, and factual. Exceeding the instructed length is no longer going to basically consequence in a increased grade. Shorter submissions could well well no longer fully meet the recount requirements leading to a decrease grade.
3. The INFA program requires that graduate students discover popular APA style steering for every formatting and citing/reference sources. Your file submission ought to be in MS Notice structure (.docx). PDF, ODF, and other forms of data are no longer acceptable.
4. It be considerable to embody a conceal net page with the direction, the project title, your name, your trainer’s name, and the due date. Your reference list ought to be on a separate net page on the conclude of your file. These pages enact no longer count in the direction of the project’s minimum net page count.
5. You are anticipated to write grammatically simply English in every project that you put up for grading. Attain no longer flip in any work without (a) the utilize of spell test, (b) the utilize of grammar test, (c) verifying that your punctuation is barely and (d) reviewing your work for simply observe usage and accurately structured sentences and paragraphs.
6. You are anticipated to credit ranking your sources the utilize of in-textual recount citations and reference list entries. Each your citations and your reference list entries ought to discover APA Style steering. Expend of required readings from the direction as sources is anticipated and inspired. Where odd, you could cite and present references for these readings.
7. When the utilize of Security and Privateness controls from NIST SP 800-53, you could make utilize of the genuine numbering and names (titles) when regarding these controls. This data does no longer ought to be handled as quotations. That it’s probably you’ll well paraphrase or quote from the descriptions of the controls offered that you because it can well well also be designate copied textual recount (if any) and put a citation for every quoted and paraphrased data.
8. Consult the grading rubric for pronounce recount and formatting requirements for this project.
9. All work submitted to the Assignment Folder will be scanned by the Turn It In carrier. We utilize this carrier to wait on establish areas for development in pupil writing.
Table 1. Risk Profile for [company]
|
Risk ID |
Risk Title |
Description |
Risk Category |
Affect Level |
|
001 |
Unauthorized disclosure of buyer data. |
Disclosure of or derive admission to to buyer data ought to be restricted to authorized people with a ought to know. Unauthorized disclosure or derive admission to could well well consequence in wound to customers and financial liabilities for the corporate. |
Individuals |
Medium |
|
002 |
|
|
|
|
|
003 |
|
|
|
|
|
004 |
|
|
|
|
|
005 |
|
|
|
|
|
006 |
|
|
|
|
|
007 |
|
|
|
|
|
008 |
|
|
|
|
|
009 |
|
|
|
|
|
010 |
|
|
|
|
|
011 |
|
|
|
|
|
012 |
|
|
|
|
|
013 |
|
|
|
|
|
014 |
|
|
|
|
|
015 |
|
|
|
|
Table 2. Risk Mitigation Strategy Security Controls Profile
- WE OFFER THE BEST CUSTOM PAPER WRITING SERVICES. WE HAVE DONE THIS QUESTION BEFORE, WE CAN ALSO DO IT FOR YOU.
- Assignment status: Already Solved By Our Experts
- (USA, AUS, UK & CA PhD. Writers)
- CLICK HERE TO GET A PROFESSIONAL WRITER TO WORK ON THIS PAPER AND OTHER SIMILAR PAPERS, GET A NON PLAGIARIZED PAPER FROM OUR EXPERTS
QUALITY: 100% ORIGINAL PAPER – NO ChatGPT.NO PLAGIARISM – CUSTOM PAPER
Looking for unparalleled custom paper writing services? Our team of experienced professionals at AcademicWritersBay.com is here to provide you with top-notch assistance that caters to your unique needs.
We understand the importance of producing original, high-quality papers that reflect your personal voice and meet the rigorous standards of academia. That’s why we assure you that our work is completely plagiarism-free—we craft bespoke solutions tailored exclusively for you.
Why Choose AcademicWritersBay.com?
- Our papers are 100% original, custom-written from scratch.
- We’re here to support you around the clock, any day of the year.
- You’ll find our prices competitive and reasonable.
- We handle papers across all subjects, regardless of urgency or difficulty.
- Need a paper urgently? We can deliver within 6 hours!
- Relax with our on-time delivery commitment.
- We offer money-back and privacy guarantees to ensure your satisfaction and confidentiality.
- Benefit from unlimited amendments upon request to get the paper you envisioned.
- We pledge our dedication to meeting your expectations and achieving the grade you deserve.
Our Process: Getting started with us is as simple as can be. Here’s how to do it:
- Click on the “Place Your Order” tab at the top or the “Order Now” button at the bottom. You’ll be directed to our order form.
- Provide the specifics of your paper in the “PAPER DETAILS” section.
- Select your academic level, the deadline, and the required number of pages.
- Click on “CREATE ACCOUNT & SIGN IN” to provide your registration details, then “PROCEED TO CHECKOUT.”
- Follow the simple payment instructions and soon, our writers will be hard at work on your paper.
AcademicWritersBay.com is dedicated to expediting the writing process without compromising on quality. Our roster of writers boasts individuals with advanced degrees—Masters and PhDs—in a myriad of disciplines, ensuring that no matter the complexity or field of your assignment, we have the expertise to tackle it with finesse. Our quick turnover doesn’t mean rushed work; it means efficiency and priority handling, ensuring your deadlines are met with the excellence your academics demand.
