Enterprise Cybersecurity Program Design Framework Essay
Order ID 53563633773 Type Essay Writer Level Masters Style APA Sources/References 4 Perfect Number of Pages to Order 5-10 Pages
Enterprise Cybersecurity Program Design Framework Essay
Project 4: Enterprise Cybersecurity Program Step 6: Design a Framework
Using notes from previous steps, design and describe an enterprise cybersecurity framework specific to your organization. You should create a comprehensive framework covering all aspects of the previous steps in both technology and policy. Fully explain the baseline framework and why it was selected, demonstrate a thorough knowledge of cybersecurity vulnerability that the framework addresses, and use the rankings to explain recommended enhancements to the framework.
In the next step, you will begin to compose your report on the framework.
The NIST Cybersecurity Framework (NIST CSF), produced by the Department of Commerce’s National Institute of Standards and Technology (NIST), provides a policy framework for private sector computer security.
Version 1.0 was published in 2014, originally aimed at specific operators of critical infrastructure. The next version is in the draft stage, with operators encouraged to comment on the proposed policy framework, which also addresses increased privacy and civil liberty concerns.
The upcoming NIST CSF 2.0 executive summary notes that cybersecurity threats to infrastructure systems can put the economy, public safety, and health at risk, and can affect “a company’s bottom line … [cybersecurity risk] can harm an organization’s ability to innovate and to gain and maintain customers” (NIST, 2017). The framework’s “core” provides guidance in the form of cybersecurity activities, outcomes, and it references “common across critical infrastructure sectors” (NIST, 2017). The 2.0 version continues to offer advice and guidance, based on the collaboration between the government and private sector.
ISO/IEC 27001:2013 is an information security standard by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). This information security standard is a specification for an information security management system (ISMS) with “requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization,” according to the ISO’s website. The standard also includes requirements for the assessment and treatment of information security risks (ISO, 2013). The goal is for organizations to meet this standard and securely pass a compliance “audit” by an independent accreditation body.
The standard places emphasis on organization “controls” to respond to security incidents. Such important controls include: information security policies; organization of information security; human resource security controls that are applied before, during, or after employment; asset management; access control; cryptography; physical and environmental security; operations security; communications security; system acquisition, development and maintenance; information security incident management; and compliance with internal requirements, such as policies, and with external requirements, such as laws (ISO, 2013).
International Organization for Standardization (ISO). (2013).ISO/IEC 27001:2013. Information technology — security techniques — information security management systems — requirements. https://www.iso.org/standard/54534.html
National Institute of Standards and Technology (NIST). (2017, January 10). Framework for improving critical infrastructure cybersecurity, draft version 1.1. https://www.nist.gov/sites/default/files/documents/2017/01/30/draft-cybersecurity-framework-v1.1.pdf
An old adage goes: “The only computer that is not in danger is a computer that is turned off.” Cybersecurity professionals must identify and explain the main vulnerabilities against a company’s critical infrastructure.
A cybersecurity vulnerability is any weakness that may compromise the CIA triad (confidentiality, integrity, and availability) of a product. A cybersecurity vulnerability can never be completely eliminated; therefore, countermeasures must be in place to mitigate the potential disaster to a business’s ability to operate after a potential attack.
The confidentiality, integrity, and availability (CIA) triad is at the core of information system security. Information system security professionals use the CIA triad as a mechanism for quantifying the key security considerations of an information system. When a system is under development, each of the CIA concepts must be considered as part of the system’s design objectives. Below is a model of the CIA triad.
Confidentiality, Integrity, Availability (CIA)
Source: Janet Zimmer
Confidentiality refers to the methods used to protect information from unauthorized disclosure. Protecting the confidentiality of proprietary or sensitive information is of vital importance.
Integrity refers to the processes that ensure accuracy of information.
Availability addresses the need of a system to provide continued, reliable access to information while maintaining an acceptable level of performance. Consider organizations with technology and services that must be nearly 100 percent available 24 hours a day, 365 days a year, such as financial institutions, emergency service providers, power providers, and communication providers. Every moment that these organizations cannot exchange information, there is the potential for serious financial loss, injury, or even death.
- Protect Your Information From Physical Threats
- Vulnerability Scanning With Metasploit Using Nessus
Project 4: Enterprise Cybersecurity Program Step 7: Compose the Framework Report
The Framework Report should be two to three pages, explaining the enhanced cybersecurity framework that will serve as the foundation for the final Enterprise Cybersecurity Program Report. Include your proposal for framework improvements and solutions as an appendix. Submit the completed Defense Framework Report for feedback before moving to the next step, in which you will design a simulation for employees.
Submission for Project 4: Cybersecurity Framework Report
QUALITY OF RESPONSE NO RESPONSE POOR / UNSATISFACTORY SATISFACTORY GOOD EXCELLENT Content (worth a maximum of 50% of the total points) Zero points: Student failed to submit the final paper. 20 points out of 50: The essay illustrates poor understanding of the relevant material by failing to address or incorrectly addressing the relevant content; failing to identify or inaccurately explaining/defining key concepts/ideas; ignoring or incorrectly explaining key points/claims and the reasoning behind them; and/or incorrectly or inappropriately using terminology; and elements of the response are lacking. 30 points out of 50: The essay illustrates a rudimentary understanding of the relevant material by mentioning but not full explaining the relevant content; identifying some of the key concepts/ideas though failing to fully or accurately explain many of them; using terminology, though sometimes inaccurately or inappropriately; and/or incorporating some key claims/points but failing to explain the reasoning behind them or doing so inaccurately. Elements of the required response may also be lacking. 40 points out of 50: The essay illustrates solid understanding of the relevant material by correctly addressing most of the relevant content; identifying and explaining most of the key concepts/ideas; using correct terminology; explaining the reasoning behind most of the key points/claims; and/or where necessary or useful, substantiating some points with accurate examples. The answer is complete. 50 points: The essay illustrates exemplary understanding of the relevant material by thoroughly and correctly addressing the relevant content; identifying and explaining all of the key concepts/ideas; using correct terminology explaining the reasoning behind key points/claims and substantiating, as necessary/useful, points with several accurate and illuminating examples. No aspects of the required answer are missing. Use of Sources (worth a maximum of 20% of the total points). Zero points: Student failed to include citations and/or references. Or the student failed to submit a final paper. 5 out 20 points: Sources are seldom cited to support statements and/or format of citations are not recognizable as APA 6th Edition format. There are major errors in the formation of the references and citations. And/or there is a major reliance on highly questionable. The Student fails to provide an adequate synthesis of research collected for the paper. 10 out 20 points: References to scholarly sources are occasionally given; many statements seem unsubstantiated. Frequent errors in APA 6th Edition format, leaving the reader confused about the source of the information. There are significant errors of the formation in the references and citations. And/or there is a significant use of highly questionable sources. 15 out 20 points: Credible Scholarly sources are used effectively support claims and are, for the most part, clear and fairly represented. APA 6th Edition is used with only a few minor errors. There are minor errors in reference and/or citations. And/or there is some use of questionable sources. 20 points: Credible scholarly sources are used to give compelling evidence to support claims and are clearly and fairly represented. APA 6th Edition format is used accurately and consistently. The student uses above the maximum required references in the development of the assignment. Grammar (worth maximum of 20% of total points) Zero points: Student failed to submit the final paper. 5 points out of 20: The paper does not communicate ideas/points clearly due to inappropriate use of terminology and vague language; thoughts and sentences are disjointed or incomprehensible; organization lacking; and/or numerous grammatical, spelling/punctuation errors 10 points out 20: The paper is often unclear and difficult to follow due to some inappropriate terminology and/or vague language; ideas may be fragmented, wandering and/or repetitive; poor organization; and/or some grammatical, spelling, punctuation errors 15 points out of 20: The paper is mostly clear as a result of appropriate use of terminology and minimal vagueness; no tangents and no repetition; fairly good organization; almost perfect grammar, spelling, punctuation, and word usage. 20 points: The paper is clear, concise, and a pleasure to read as a result of appropriate and precise use of terminology; total coherence of thoughts and presentation and logical organization; and the essay is error free. Structure of the Paper (worth 10% of total points) Zero points: Student failed to submit the final paper. 3 points out of 10: Student needs to develop better formatting skills. The paper omits significant structural elements required for and APA 6th edition paper. Formatting of the paper has major flaws. The paper does not conform to APA 6th edition requirements whatsoever. 5 points out of 10: Appearance of final paper demonstrates the student’s limited ability to format the paper. There are significant errors in formatting and/or the total omission of major components of an APA 6th edition paper. They can include the omission of the cover page, abstract, and page numbers. Additionally the page has major formatting issues with spacing or paragraph formation. Font size might not conform to size requirements. The student also significantly writes too large or too short of and paper 7 points out of 10: Research paper presents an above-average use of formatting skills. The paper has slight errors within the paper. This can include small errors or omissions with the cover page, abstract, page number, and headers. There could be also slight formatting issues with the document spacing or the font Additionally the paper might slightly exceed or undershoot the specific number of required written pages for the assignment. 10 points: Student provides a high-caliber, formatted paper. This includes an APA 6th edition cover page, abstract, page number, headers and is double spaced in 12’ Times Roman Font. Additionally, the paper conforms to the specific number of required written pages and neither goes over or under the specified length of the paper.
GET THIS PROJECT NOW BY CLICKING ON THIS LINK TO PLACE THE ORDER
Do You Have Any Other Essay/Assignment/Class Project/Homework Related to this? Click Here Now [CLICK ME] and Have It Done by Our PhD Qualified Writers!!