Information Assurance

In: Computers and Technology

Submitted By rehana
Words 723
Pages 3
Risk Management Framework
Computer Security Division Information Technology Laboratory

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY

1

Managing Enterprise Risk
Key activities in managing enterprise-level risk—risk resulting from the operation of an information system: Categorize the information system Select set of minimum (baseline) security controls Refine the security control set based on risk assessment Document security controls in system security plan Implement the security controls in the information system Assess the security controls Determine agency-level risk and risk acceptability Authorize information system operation Monitor security controls on a continuous basis
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY

2

Risk Management Framework
Starting Point

CATEGORIZE
Information System
Define criticality/sensitivity of information system according to potential worst-case, adverse impact to mission/business.

MONITOR
Security State
Continuously track changes to the information system that may affect security controls and reassess control effectiveness.

SELECT
Security Controls
Select baseline security controls; apply tailoring guidance and supplement controls as needed based on risk assessment.

Security Life Cycle

AUTHORIZE
Information System
Determine risk to organizational operations and assets, individuals, other organizations, and the Nation; if acceptable, authorize operation.

IMPLEMENT
Security Controls
Implement security controls within enterprise architecture using sound systems engineering practices; apply security configuration settings.

ASSESS
Security Controls
Determine security control effectiveness (i.e., controls implemented correctly, operating as intended, meeting security requirements for information system).

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY

3

Key Standards and…...

Similar Documents

Foundations of Information Assurance Assignment 5

...Administrative Center, and view or manage the directory information for those domains or domain controllers  Filter Active Directory data by using query-building search Below is an example of domain control using Active directory administrator Above figure shows the hierarchy in that particular domain Above example shows a list of users in a sub – domain. As shown by examples above, Active directory administrator can be very efficiently used to configure and manage access control thus achieving CIA for departmental LANs, departmental folders, data, etc. Source: http://www.trainsignal.com/blog/videos/windows-server-2008-r2-active-directoryadministrative-center 5. Would it be a good practice to include the account or user name in the password? Why or why not? >> It is not a good idea to have a user name in the password, because it easy for people can try to hack or decode the password. Passwords can be cracked in a variety of different ways. The most simple is the use of a word list or dictionary program to break the password by brute force. These programs compare lists of words or character combination against password until they find a match. One can build a list of probable letters used and the length of the passwords which can now be used to perform a brute force attack. Initially, attacker usually creates a word list involving the usernames, first and last names, and other related personal information to cover the weak password category before even trying......

Words: 1095 - Pages: 5

Cmgt 400 Intro to Information Assurance & Security

...Introduction These past few years have been distinct by several malicious applications that have increasingly targeted online activities. As the number of online activities continues to grow strong, ease of Internet use and increasing use base has perfected the criminal targets. Therefore, attacks on numerous users can be achieved at a single click. The methods utilized in breaching Internet security vary. However, these methods have increasingly become complicated and sophisticated over time. With the increase in threat levels, stronger legislations are being increasingly issued to prevent further attacks. Most of these measures have been aimed at increasing the security of Internet information. Among these methods, the most prominent approach is security authentication and protection. This paper comprehensively evaluates the security authentication process. The paper also introduces security systems that help provide resistance against common attacks. Security Authentication Process Authentication is the process that has increasingly been utilized in verification of the entity or person. Therefore, this is the process utilized in determining whether something or someone is what it is declared to be (LaRoche, 2008). Authentication hence acts as part of numerous online applications. Before accessing an email account, the authentication process is incorporated in identification of the foreign program. Therefore, the most common authentication application is done through......

Words: 1123 - Pages: 5

Cmgt 400 - Intro to Information Assurance & Security

...Assignment (Individual) - Risky Situations CMGT 400 Week 1 Assignment (Team) - Kudler Fine Foods IT Security Report -Kudler System Review CMGT 400 Week 1 Discussion Question # 1- How can information be an asset in a company? Discuss three different examples of information that should be protected by a company and not exposed. Include several examples of what management could do to protect each example. CMGT 400 Week 1 Discussion Question # 2- What is the mindset required to properly protect information? What role does reasoned paranoia play in the minded and how can an individual keep the proper balance between protecting information and enabling business? CMGT 400 WEEK 2 CMGT 400 Week 2 Assignment (Individual) - Common Information Security Threats CMGT 400 Week 2 Assignment (Learning Team) - Kudler Fine Foods IT Security Report -Top Threats CMGT 400 Week 2 Discussion Question # 1- Which of the threats from social networking in the Horn (2010) article also apply to other businesses? Which do not? Why do you think so? CMGT 400 Week 2 Discussion Question # 2- Why do you think one of the methods in the Heimerl (2010) article would be the most effective way for an organization to save money? CMGT 400 WEEK 3 CMGT 400 Week 3 Assignment (Individual) - Disaster Securing and Protecting Information CMGT 400 Week 3 Assignment (Learning Team) - Kudler Fine Foods IT Security Report - Security Considerations CMGT 400 Week 3 Discussion Question # 1- How can a company......

Words: 627 - Pages: 3

Cmgt 400 (Intro to Information Assurance & Security) Entire Class

...CMGT 400 (Intro to Information Assurance & Security) Entire Class All Individual and Team Assignments, DQs Download` http://www.homework-aid.com/CMGT-400-Intro-to-Information-Assurance-Security-Entire-Class-089.htm?categoryId=-1 CMGT 400 Week 1 Week 1 Individual Assignment Risky Situation Complete the UniversityMaterial: Risky Situations table found on your student website. List three types of sensitive information involved with each situation. Identify three ways each information item could be misused or harmed.Answer the questions at the end of the table. Week 1 Team Assignment Kudler Fine Foods IT Security Report - System Review Kudler Fine Foods is in the process of developing a customer loyalty program and related system to give rewards to their customers based on their purchases and other relevant information. Your team has been asked to direct the development team in what they must do to ensure the system is developed in a secure manner and that it properly protects company and customer information at all stages of development Each week, the team prepares different portions of the final paper and presentation, which recommends exactly what the development team should do at each step of the development process including any related policy, training, and ongoing IT audit elements. Review the material for Kudler Fine Foods in the Virtual Organizations. Familiarize yourself with the company and its systems, and identify the specific systems or......

Words: 1405 - Pages: 6

Cmgt 400 (Intro to Information Assurance & Security) Entire Class

...CMGT 400 (Intro to Information Assurance & Security) Entire Class All Individual and Team Assignments, DQs Download` http://www.homework-aid.com/CMGT-400-Intro-to-Information-Assurance-Security-Entire-Class-089.htm?categoryId=-1 CMGT 400 Week 1 Week 1 Individual Assignment Risky Situation Complete the UniversityMaterial: Risky Situations table found on your student website. List three types of sensitive information involved with each situation. Identify three ways each information item could be misused or harmed.Answer the questions at the end of the table. Week 1 Team Assignment Kudler Fine Foods IT Security Report - System Review Kudler Fine Foods is in the process of developing a customer loyalty program and related system to give rewards to their customers based on their purchases and other relevant information. Your team has been asked to direct the development team in what they must do to ensure the system is developed in a secure manner and that it properly protects company and customer information at all stages of development Each week, the team prepares different portions of the final paper and presentation, which recommends exactly what the development team should do at each step of the development process including any related policy, training, and ongoing IT audit elements. Review the material for Kudler Fine Foods in the Virtual Organizations. Familiarize yourself with the company and its systems, and identify the specific systems or......

Words: 1405 - Pages: 6

Ites in Information Assurance

...MGS 555 Final Project TEAM RAKSHA Information Assurance, Security and Privacy Services Table of Contents SL NO | CONTENTS | PAGE NUMBERS | 1 | Introduction | 3 | 2 | Summary | 4 | 3 | Application of IT enabled services | 5 | 4 | Technologies involved | 6 | 5 | Challenges | 7 | 6 | Threat to management | 9 | 7 | Conclusion | 10 | Introduction Information Technology that enables the business by improving the quality of service is IT enabled services. ITES is the acronym for the term “IT Enabled services”. It is one of the fastest growing segments of international trade. ITES is a form of outsourced service which has emerged due to involvement of IT in various fields such as banking and finance, telecommunications, insurance, etc. It also involves the contracting of the operations and responsibilities of a specific business process to a third-party service provider. ITES sector includes services ranging from call centers, claims processing, eg. Insurance. Office operations such as accounting, data processing, data mining. Billing and collection, eg. Telephone bills. Internal audit and pay roll, eg. Salary bills on monthly basis, Cash and investment management, eg. Routine jobs given to a third party and giving importance to core business. Summary The most important aspect is the Value addition of IT enabled service. The value addition could be in the form of - Customer relationship management, improved database, improved look and feel, etc.......

Words: 941 - Pages: 4

Cmgt 400 (Intro to Information Assurance & Security)Entire Class

...CMGT 400 (Intro to Information Assurance & Security)Entire Class Purchase here http://chosecourses.com/cmgt-400-intro-to-information-assurance-amp-securityentire-class Product Description CMGT 400 Week 1 Week 1 Individual Assignment Risky Situation Complete the UniversityMaterial: Risky Situations table found on your student website. List three types of sensitive information involved with each situation. Identify three ways each information item could be misused or harmed.Answer the questions at the end of the table. CMGT 400 Week 1 Team Assignment Kudler Fine Foods IT Security Report - System Review Kudler Fine Foods is in the process of developing a customer loyalty program and related system to give rewards to their customers based on their purchases and other relevant information. Your team has been asked to direct the development team in what they must do to ensure the system is developed in a secure manner and that it properly protects company and customer information at all stages of development Each week, the team prepares different portions of the final paper and presentation, which recommends exactly what the development team should do at each step of the development process including any related policy, training, and ongoing IT audit elements. Review the material for Kudler Fine Foods in the Virtual Organizations. Familiarize yourself with the company and its systems, and identify the specific systems or areas......

Words: 1414 - Pages: 6

Cmgt 400 (Intro to Information Assurance & Security)Entire Class

...CMGT 400 (Intro to Information Assurance & Security)Entire Class Purchase here http://chosecourses.com/cmgt-400-intro-to-information-assurance-amp-securityentire-class Product Description CMGT 400 Week 1 Week 1 Individual Assignment Risky Situation Complete the UniversityMaterial: Risky Situations table found on your student website. List three types of sensitive information involved with each situation. Identify three ways each information item could be misused or harmed.Answer the questions at the end of the table. CMGT 400 Week 1 Team Assignment Kudler Fine Foods IT Security Report - System Review Kudler Fine Foods is in the process of developing a customer loyalty program and related system to give rewards to their customers based on their purchases and other relevant information. Your team has been asked to direct the development team in what they must do to ensure the system is developed in a secure manner and that it properly protects company and customer information at all stages of development Each week, the team prepares different portions of the final paper and presentation, which recommends exactly what the development team should do at each step of the development process including any related policy, training, and ongoing IT audit elements. Review the material for Kudler Fine Foods in the Virtual Organizations. Familiarize yourself with the company and its systems, and identify the specific systems or areas......

Words: 1414 - Pages: 6

Cmgt 400 (Intro to Information Assurance & Security)Entire Class

...CMGT 400 (Intro to Information Assurance & Security)Entire Class Purchase here http://chosecourses.com/cmgt-400-intro-to-information-assurance-amp-securityentire-class Product Description CMGT 400 Week 1 Week 1 Individual Assignment Risky Situation Complete the UniversityMaterial: Risky Situations table found on your student website. List three types of sensitive information involved with each situation. Identify three ways each information item could be misused or harmed.Answer the questions at the end of the table. CMGT 400 Week 1 Team Assignment Kudler Fine Foods IT Security Report - System Review Kudler Fine Foods is in the process of developing a customer loyalty program and related system to give rewards to their customers based on their purchases and other relevant information. Your team has been asked to direct the development team in what they must do to ensure the system is developed in a secure manner and that it properly protects company and customer information at all stages of development Each week, the team prepares different portions of the final paper and presentation, which recommends exactly what the development team should do at each step of the development process including any related policy, training, and ongoing IT audit elements. Review the material for Kudler Fine Foods in the Virtual Organizations. Familiarize yourself with the company and its systems, and identify the specific systems or areas......

Words: 1414 - Pages: 6

Cmgt 400 (Intro to Information Assurance & Security)Entire Class

...CMGT 400 (Intro to Information Assurance & Security)Entire Class Purchase here http://chosecourses.com/cmgt-400-intro-to-information-assurance-amp-securityentire-class Product Description CMGT 400 Week 1 Week 1 Individual Assignment Risky Situation Complete the UniversityMaterial: Risky Situations table found on your student website. List three types of sensitive information involved with each situation. Identify three ways each information item could be misused or harmed.Answer the questions at the end of the table. CMGT 400 Week 1 Team Assignment Kudler Fine Foods IT Security Report - System Review Kudler Fine Foods is in the process of developing a customer loyalty program and related system to give rewards to their customers based on their purchases and other relevant information. Your team has been asked to direct the development team in what they must do to ensure the system is developed in a secure manner and that it properly protects company and customer information at all stages of development Each week, the team prepares different portions of the final paper and presentation, which recommends exactly what the development team should do at each step of the development process including any related policy, training, and ongoing IT audit elements. Review the material for Kudler Fine Foods in the Virtual Organizations. Familiarize yourself with the company and its systems, and identify the specific systems or areas......

Words: 358 - Pages: 2

Cmgt 400 (Intro to Information Assurance & Security)Entire Class

...CMGT 400 (Intro to Information Assurance & Security)Entire Class Purchase here http://homeworkonestop.com/cmgt-400-intro-to-information-assurance-amp-securityentire-class Product Description CMGT 400 Week 1 Week 1 Individual Assignment Risky Situation Complete the UniversityMaterial: Risky Situations table found on your student website. List three types of sensitive information involved with each situation. Identify three ways each information item could be misused or harmed.Answer the questions at the end of the table. CMGT 400 Week 1 Team Assignment Kudler Fine Foods IT Security Report - System Review Kudler Fine Foods is in the process of developing a customer loyalty program and related system to give rewards to their customers based on their purchases and other relevant information. Your team has been asked to direct the development team in what they must do to ensure the system is developed in a secure manner and that it properly protects company and customer information at all stages of development Each week, the team prepares different portions of the final paper and presentation, which recommends exactly what the development team should do at each step of the development process including any related policy, training, and ongoing IT audit elements. Review the material for Kudler Fine Foods in the Virtual Organizations. Familiarize yourself with the company and its systems, and identify the specific systems or......

Words: 1414 - Pages: 6

Cmgt 400 (Intro to Information Assurance & Security)Entire Class

...CMGT 400 (Intro to Information Assurance & Security)Entire Class Purchase here http://homeworkonestop.com/cmgt-400-intro-to-information-assurance-amp-securityentire-class Product Description CMGT 400 Week 1 Week 1 Individual Assignment Risky Situation Complete the UniversityMaterial: Risky Situations table found on your student website. List three types of sensitive information involved with each situation. Identify three ways each information item could be misused or harmed.Answer the questions at the end of the table. CMGT 400 Week 1 Team Assignment Kudler Fine Foods IT Security Report - System Review Kudler Fine Foods is in the process of developing a customer loyalty program and related system to give rewards to their customers based on their purchases and other relevant information. Your team has been asked to direct the development team in what they must do to ensure the system is developed in a secure manner and that it properly protects company and customer information at all stages of development Each week, the team prepares different portions of the final paper and presentation, which recommends exactly what the development team should do at each step of the development process including any related policy, training, and ongoing IT audit elements. Review the material for Kudler Fine Foods in the Virtual Organizations. Familiarize yourself with the company and its systems, and identify the specific systems or......

Words: 7066 - Pages: 29

Cmgt 400 Intro to Information Assurance & Security

...CMGT 400 Intro To Information Assurance & Security Purchase Here: http://www.homeworkprinciples.com/downloads/cmgt-400-intro-to-information-assurance-security/ CMGT 400 Week 1 DQ 1 Post a 150-200-word response to the following discussion question by clicking on Reply. What is the mindset required to properly protect information? What role does reasoned paranoia play in the minded and how can an individual keep the proper balance between protecting information and enabling business? CMGT 400 Week 1 DQ 2 How can information be an asset in a company? Discuss three different examples of information that should be protected by a company and not exposed. Include several examples of what management could do to protect each example. CMGT 400 Week 1 Kudler Fine Foods IT Security Report & Presentation-Kudler System Review, CMGT 400 Week 1-Ind. Assignment Risky Situations CMGT 400 Week 2 CMGT 400 Week 2 DQ 1 Post a 150-200-word response to the following discussion question by clicking on Reply. Why do you think one of the methods in the Heimerl (2010) article would be the most effective way for an organization to save money? CMGT 400 Week 2 DQ 2 Which of the threats from social networking in the Horn (2010) article also apply to other businesses? Which do not? Why do you think so? CMGT 400 Week 2 Assignment-Kudler Fine Foods IT Security Report & Presentation-Top Threats CMGT 400 Week 2 Individual Assignment-Common Information Security Threats (1100+......

Words: 624 - Pages: 3

Cmgt 400 (Intro to Information Assurance & Security)Entire Class

...CMGT 400 (Intro to Information Assurance & Security)Entire Class Purchase here http://chosecourses.com/cmgt-400-intro-to-information-assurance-amp-securityentire-class Product Description CMGT 400 Week 1 Week 1 Individual Assignment Risky Situation Complete the UniversityMaterial: Risky Situations table found on your student website. List three types of sensitive information involved with each situation. Identify three ways each information item could be misused or harmed.Answer the questions at the end of the table. CMGT 400 Week 1 Team Assignment Kudler Fine Foods IT Security Report - System Review Kudler Fine Foods is in the process of developing a customer loyalty program and related system to give rewards to their customers based on their purchases and other relevant information. Your team has been asked to direct the development team in what they must do to ensure the system is developed in a secure manner and that it properly protects company and customer information at all stages of development Each week, the team prepares different portions of the final paper and presentation, which recommends exactly what the development team should do at each step of the development process including any related policy, training, and ongoing IT audit elements. Review the material for Kudler Fine Foods in the Virtual Organizations. Familiarize yourself with the company and its systems, and identify the specific systems or areas......

Words: 1414 - Pages: 6

Information Assurance

...topic: Information Assurance http://dodcio.defense.gov/policy/infoassurance.shtml This site is near to my area of expertise, as an employee of the DoD, i am constantly reminded that each and every day we defend American in an ever-changing information rich environment. This site talks about the DoDs Chief Information Officer, Teri Takai and here responsibilities, her vision for the organization and the mission he is charged with carrying out. This link only looks at a small topic, yet hugely important to the health of the DoD network and that is assured communications across services, missions and thousands of miles. The main focus of this tab is, the statutory regulations under which the Dod must operate computer and information systems, how contractors can bid and develop products for the DoD information systems and other similarly related topics. This site is a tremendous resource for both governments and businesses because it discusses minimally what can be done to mitigate many issues with obtaining, storing and using sensitive data. http://www.viasat.com/government-communications/information-assurance This site is from a company ViaSAT, Inc. that provides resources and capabilities to the US government through strategic products and services related to Information Security and Cybersecurity. ViaSAT creates digital communication products for both commercial and Government Markets. One of the main focuses for the DoD, is making sure there is secure information......

Words: 574 - Pages: 3

American Woman (2018 - ongoing) RATING 6.1 / 10 QUALITY | Colección de Minerales en bruto de 50 piezas en cartón grande | FormatFactory