SlideShare a Scribd company logo
Project 7: Organization Security Plan
Choose an organization from the choices provided and prepare a
security plan that provides security awareness policy using a
security policy framework outline and according the Critical
Infrastructure document which concentrates on the following
integral keywords to cover the necessary elements of an
organization security plan. These are: Identify, Protect, Detect,
Respond, and Recover. The plan is a capstone of the work that
you have accomplished in this course. You will use your outline
to guide the outcome of the plan in addition to the keywords.
The plan is an enterprise policy that includes the following
considerations, analysis approach, and protections for the
enterprise:
· Identify threats and vulnerabilities.
· Assign appropriate security controls to protect the
infrastructure of the organization.
· Prepare vulnerability scans and effective risk management
protocols to ensure protections remain current and effective and
detect any issues.
· Initiate an incident response plan for responding to problems.
· Develop a business continuity and disaster recovery plan to
recover from interruptions in business whether manmade or
geographical.
This plan must be completed and submitted in MS Word format.
Choose from one of the organizations below or request approval
from your instructor via email for an alternate organization:
• Department of Defense
• Department of Homeland Security
• General Dynamics Information Technology
• JC Penney’s Corporate Office
• University of Maryland
• ITT Technical Institute
• United States Marine Corp
From the Critical Infrastructure document, align your
organizational plan to reflect the intent of the document as
follows from an excerpt taken from the document and ensure
you read the document in its entirety:
“The Framework complements, and does not replace, an
organization’s risk management and cybersecurity program. The
organization can use its current processes and leverage the
Framework to identify opportunities to strengthen and
communicate its management of cybersecurity risk while
aligning with industry practices. Alternatively, an organization
without an existing cybersecurity program can use the
Framework as a reference to establish one.
Just as the Framework is not industry-specific, the common
taxonomy of standards, guidelines, and practices that it provides
also is not country-specific. Organizations outside the United
States may also use the Framework to strengthen their own
cybersecurity efforts, and the Framework can contribute to
developing a common language for international cooperation on
critical infrastructure cybersecurity.”
1.1 Overview of the Framework
The Framework is a risk-based approach to managing
cybersecurity risk, and is composed of three parts: the
Framework Core, the Framework Implementation Tiers, and the
Framework Profiles. Each Framework component reinforces the
connection between business drivers and cybersecurity
activities. These components are explained below.
• The Framework Core is a set of cybersecurity activities,
desired outcomes, and applicable references that are common
across critical infrastructure sectors. The Core presents industry
standards, guidelines, and practices in a manner that allows for
communication of cybersecurity activities and outcomes across
the organization from the executive level to the
implementation/operations level. The Framework Core consists
of five concurrent and continuous Functions—Identify, Protect,
Detect, Respond, Recover. When considered together, these
Functions provide a high-level, strategic view of the lifecycle of
an organization’s management of cybersecurity risk. The
Framework Core then identifies underlying key Categories and
Subcategories for each Function, and matches them with
example Informative References such as existing standards,
guidelines, and practices for each Subcategory.
· Framework Implementation Tiers (“Tiers”) provide context on
how an organization
views cybersecurity risk and the processes in place to manage
that risk. Tiers describe the degree to which an organization’s
cybersecurity risk management practices exhibit the
characteristics defined in the Framework (e.g., risk and threat
aware, repeatable, and adaptive). The Tiers characterize an
organization’s practices over a range, from Partial (Tier 1) to
Adaptive (Tier 4). These Tiers reflect a progression from
informal, reactive responses to approaches that are agile and
risk-informed. During the Tier selection process, an
organization should consider its current risk management
practices, threat environment, legal and regulatory
requirements, business/mission objectives, and organizational
constraints.
A Framework Profile (“Profile”) represents the outcomes based
on business needs that an organization has selected from the
Framework Categories and Subcategories. The Profile can be
characterized as the alignment of standards, guidelines, and
practices to the Framework Core in a particular implementation
scenario. Profiles can be used to identify opportunities for
improving cybersecurity posture by comparing a “Current”
Profile (the “as is” state) with a “Target” Profile (the “to be”
state). To develop a Profile, an organization can review all of
the Categories and Subcategories and, based on business drivers
and a risk assessment, determine which are most important; they
can add Categories and Subcategories as needed to address the
organization’s risks. The Current Profile can then be used to
support prioritization and measurement of progress toward the
Target Profile, while factoring in other business needs including
cost-effectiveness and innovation. Profiles can be used to
conduct self-assessments and communicate within an
organization or between organizations.
1.2 Risk Management and the Cybersecurity Framework
Risk management is the ongoing process of identifying,
assessing, and responding to risk. To manage risk, organizations
should understand the likelihood that an event will occur and
the resulting impact. With this information, organizations can
determine the acceptable level of risk for delivery of services
and can express this as their risk tolerance.
With an understanding of risk tolerance, organizations can
prioritize cybersecurity activities, enabling organizations to
make informed decisions about cybersecurity expenditures.
Implementation of risk management programs offers
organizations the ability to quantify and communicate
adjustments to their cybersecurity programs. Organizations may
choose to handle risk in different ways, including mitigating the
risk, transferring the risk, avoiding the risk, or accepting the
risk, depending on the potential impact to the delivery of
critical services.
The Framework uses risk management processes to enable
organizations to inform and prioritize decisions regarding
cybersecurity. It supports recurring risk assessments and
validation of business drivers to help organizations select target
states for cybersecurity activities that reflect desired outcomes.
Thus, the Framework gives organizations the ability to
dynamically select and direct improvement in cybersecurity risk
management for the IT and ICS environments.”
Your organization plan must be a comprehensive approach
identifying the framework for enabling organizations to
establish cybersecurity policy in the enterprise. Submit to your
assignment folder by the due date assigned in your syllabus
schedule.
Project 7 Organization Security PlanChoose an organization from.docx

More Related Content

Similar to Project 7 Organization Security PlanChoose an organization from.docx

For our discussion question, we focus on recent trends in security t.pdf
For our discussion question, we focus on recent trends in security t.pdfFor our discussion question, we focus on recent trends in security t.pdf
For our discussion question, we focus on recent trends in security t.pdf
alokkesh
 
Happiest Minds NIST CSF compliance Brochure
Happiest Minds NIST  CSF compliance BrochureHappiest Minds NIST  CSF compliance Brochure
Happiest Minds NIST CSF compliance Brochure
Suresh Kanniappan
 
Cyber Security Program Realization in the Mid Market - Executive Summary
Cyber Security Program Realization in the Mid Market - Executive SummaryCyber Security Program Realization in the Mid Market - Executive Summary
Cyber Security Program Realization in the Mid Market - Executive Summary
Steve Leventhal
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
harsh arora
 
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_NewsletterSTRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_NewsletterDion K Hamilton
 
Connection can help keep your business secure!
Connection can help keep your business secure!Connection can help keep your business secure!
Connection can help keep your business secure!
Heather Salmons Newswanger
 
Information Security Maturity Model
Information Security Maturity ModelInformation Security Maturity Model
Information Security Maturity Model
CSCJournals
 
NIST to CSF to ISO or EC 27002 2022 with NIST
NIST to CSF to ISO or EC 27002 2022 with NISTNIST to CSF to ISO or EC 27002 2022 with NIST
NIST to CSF to ISO or EC 27002 2022 with NIST
ebonyman0007
 
1chapter42BaseTech Principles of Computer Securit.docx
1chapter42BaseTech  Principles of  Computer Securit.docx1chapter42BaseTech  Principles of  Computer Securit.docx
1chapter42BaseTech Principles of Computer Securit.docx
durantheseldine
 
CHAPTER 5Risk Response and MitigationIn this chapter, you will
CHAPTER 5Risk Response and MitigationIn this chapter, you willCHAPTER 5Risk Response and MitigationIn this chapter, you will
CHAPTER 5Risk Response and MitigationIn this chapter, you will
JinElias52
 
CHAPTER 5Risk Response and MitigationIn this chapter, you will.docx
CHAPTER 5Risk Response and MitigationIn this chapter, you will.docxCHAPTER 5Risk Response and MitigationIn this chapter, you will.docx
CHAPTER 5Risk Response and MitigationIn this chapter, you will.docx
Abhinav816839
 
Management of risk introduction
Management of risk introductionManagement of risk introduction
Management of risk introduction
Spyros Ktenas
 
CompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxCompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptx
Infosectrain3
 
Toward a Trusted Supply Chain White Paper from Microsoft
Toward a Trusted Supply Chain White Paper from MicrosoftToward a Trusted Supply Chain White Paper from Microsoft
Toward a Trusted Supply Chain White Paper from MicrosoftDavid J Rosenthal
 
White paper pragmatic safety solutions
White paper pragmatic safety solutionsWhite paper pragmatic safety solutions
White paper pragmatic safety solutions
Craig Tappel
 
The Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk AssessmentThe Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk Assessment
Bradley Susser
 
Facilitated Risk Analysis Process - Tareq Hanaysha
Facilitated Risk Analysis Process - Tareq HanayshaFacilitated Risk Analysis Process - Tareq Hanaysha
Facilitated Risk Analysis Process - Tareq Hanaysha
Hanaysha
 
Lesson 3
Lesson 3Lesson 3

Similar to Project 7 Organization Security PlanChoose an organization from.docx (20)

Security-Brochure
Security-BrochureSecurity-Brochure
Security-Brochure
 
Security-Brochure
Security-BrochureSecurity-Brochure
Security-Brochure
 
For our discussion question, we focus on recent trends in security t.pdf
For our discussion question, we focus on recent trends in security t.pdfFor our discussion question, we focus on recent trends in security t.pdf
For our discussion question, we focus on recent trends in security t.pdf
 
Happiest Minds NIST CSF compliance Brochure
Happiest Minds NIST  CSF compliance BrochureHappiest Minds NIST  CSF compliance Brochure
Happiest Minds NIST CSF compliance Brochure
 
Cyber Security Program Realization in the Mid Market - Executive Summary
Cyber Security Program Realization in the Mid Market - Executive SummaryCyber Security Program Realization in the Mid Market - Executive Summary
Cyber Security Program Realization in the Mid Market - Executive Summary
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
 
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_NewsletterSTRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
 
Connection can help keep your business secure!
Connection can help keep your business secure!Connection can help keep your business secure!
Connection can help keep your business secure!
 
Information Security Maturity Model
Information Security Maturity ModelInformation Security Maturity Model
Information Security Maturity Model
 
NIST to CSF to ISO or EC 27002 2022 with NIST
NIST to CSF to ISO or EC 27002 2022 with NISTNIST to CSF to ISO or EC 27002 2022 with NIST
NIST to CSF to ISO or EC 27002 2022 with NIST
 
1chapter42BaseTech Principles of Computer Securit.docx
1chapter42BaseTech  Principles of  Computer Securit.docx1chapter42BaseTech  Principles of  Computer Securit.docx
1chapter42BaseTech Principles of Computer Securit.docx
 
CHAPTER 5Risk Response and MitigationIn this chapter, you will
CHAPTER 5Risk Response and MitigationIn this chapter, you willCHAPTER 5Risk Response and MitigationIn this chapter, you will
CHAPTER 5Risk Response and MitigationIn this chapter, you will
 
CHAPTER 5Risk Response and MitigationIn this chapter, you will.docx
CHAPTER 5Risk Response and MitigationIn this chapter, you will.docxCHAPTER 5Risk Response and MitigationIn this chapter, you will.docx
CHAPTER 5Risk Response and MitigationIn this chapter, you will.docx
 
Management of risk introduction
Management of risk introductionManagement of risk introduction
Management of risk introduction
 
CompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxCompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptx
 
Toward a Trusted Supply Chain White Paper from Microsoft
Toward a Trusted Supply Chain White Paper from MicrosoftToward a Trusted Supply Chain White Paper from Microsoft
Toward a Trusted Supply Chain White Paper from Microsoft
 
White paper pragmatic safety solutions
White paper pragmatic safety solutionsWhite paper pragmatic safety solutions
White paper pragmatic safety solutions
 
The Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk AssessmentThe Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk Assessment
 
Facilitated Risk Analysis Process - Tareq Hanaysha
Facilitated Risk Analysis Process - Tareq HanayshaFacilitated Risk Analysis Process - Tareq Hanaysha
Facilitated Risk Analysis Process - Tareq Hanaysha
 
Lesson 3
Lesson 3Lesson 3
Lesson 3
 

More from wkyra78

Melissa HinkhouseWeek 3-Original PostNURS 6050 Policy and A.docx
Melissa HinkhouseWeek 3-Original PostNURS 6050 Policy and A.docxMelissa HinkhouseWeek 3-Original PostNURS 6050 Policy and A.docx
Melissa HinkhouseWeek 3-Original PostNURS 6050 Policy and A.docx
wkyra78
 
Melissa HinkhouseAdvanced Pharmacology NURS-6521N-43Professo.docx
Melissa HinkhouseAdvanced Pharmacology NURS-6521N-43Professo.docxMelissa HinkhouseAdvanced Pharmacology NURS-6521N-43Professo.docx
Melissa HinkhouseAdvanced Pharmacology NURS-6521N-43Professo.docx
wkyra78
 
Meiner, S. E., & Yeager, J. J. (2019). Chapter 17Chap.docx
Meiner, S. E., & Yeager, J. J. (2019).    Chapter 17Chap.docxMeiner, S. E., & Yeager, J. J. (2019).    Chapter 17Chap.docx
Meiner, S. E., & Yeager, J. J. (2019). Chapter 17Chap.docx
wkyra78
 
member is a security software architect in a cloud service provider .docx
member is a security software architect in a cloud service provider .docxmember is a security software architect in a cloud service provider .docx
member is a security software architect in a cloud service provider .docx
wkyra78
 
Melissa ShortridgeWeek 6COLLAPSEMy own attitude has ch.docx
Melissa ShortridgeWeek 6COLLAPSEMy own attitude has ch.docxMelissa ShortridgeWeek 6COLLAPSEMy own attitude has ch.docx
Melissa ShortridgeWeek 6COLLAPSEMy own attitude has ch.docx
wkyra78
 
Melissa is a 15-year-old high school student. Over the last week.docx
Melissa is a 15-year-old high school student. Over the last week.docxMelissa is a 15-year-old high school student. Over the last week.docx
Melissa is a 15-year-old high school student. Over the last week.docx
wkyra78
 
Measurement  of  the  angle  θ          .docx
Measurement  of  the  angle  θ          .docxMeasurement  of  the  angle  θ          .docx
Measurement  of  the  angle  θ          .docx
wkyra78
 
Measurement of the angle θ For better understanding .docx
Measurement of the angle θ     For better understanding .docxMeasurement of the angle θ     For better understanding .docx
Measurement of the angle θ For better understanding .docx
wkyra78
 
Meaning-Making Forum 2 (Week 5)Meaning-Making Forums 1-4 are thi.docx
Meaning-Making Forum 2 (Week 5)Meaning-Making Forums 1-4 are thi.docxMeaning-Making Forum 2 (Week 5)Meaning-Making Forums 1-4 are thi.docx
Meaning-Making Forum 2 (Week 5)Meaning-Making Forums 1-4 are thi.docx
wkyra78
 
MBA6231 - 1.1 - project charter.docxProject Charter Pr.docx
MBA6231 - 1.1 - project charter.docxProject Charter Pr.docxMBA6231 - 1.1 - project charter.docxProject Charter Pr.docx
MBA6231 - 1.1 - project charter.docxProject Charter Pr.docx
wkyra78
 
Medication Errors Led to Disastrous Outcomes1. Search th.docx
Medication Errors Led to Disastrous Outcomes1. Search th.docxMedication Errors Led to Disastrous Outcomes1. Search th.docx
Medication Errors Led to Disastrous Outcomes1. Search th.docx
wkyra78
 
Meet, call, Skype or Zoom with a retired athlete and interview himh.docx
Meet, call, Skype or Zoom with a retired athlete and interview himh.docxMeet, call, Skype or Zoom with a retired athlete and interview himh.docx
Meet, call, Skype or Zoom with a retired athlete and interview himh.docx
wkyra78
 
Medication Administration Make a list of the most common med.docx
Medication Administration Make a list of the most common med.docxMedication Administration Make a list of the most common med.docx
Medication Administration Make a list of the most common med.docx
wkyra78
 
media portfolio”about chapter 1 to 15 from the book  Ci.docx
media portfolio”about chapter 1 to 15 from the book  Ci.docxmedia portfolio”about chapter 1 to 15 from the book  Ci.docx
media portfolio”about chapter 1 to 15 from the book  Ci.docx
wkyra78
 
MediationNameAMUDate.docx
MediationNameAMUDate.docxMediationNameAMUDate.docx
MediationNameAMUDate.docx
wkyra78
 
Media coverage influences the publics perception of the crimina.docx
Media coverage influences the publics perception of the crimina.docxMedia coverage influences the publics perception of the crimina.docx
Media coverage influences the publics perception of the crimina.docx
wkyra78
 
Media Content AnalysisPurpose Evaluate the quality and value of.docx
Media Content AnalysisPurpose Evaluate the quality and value of.docxMedia Content AnalysisPurpose Evaluate the quality and value of.docx
Media Content AnalysisPurpose Evaluate the quality and value of.docx
wkyra78
 
Mayan gods and goddesses are very much a part of this text.  Their i.docx
Mayan gods and goddesses are very much a part of this text.  Their i.docxMayan gods and goddesses are very much a part of this text.  Their i.docx
Mayan gods and goddesses are very much a part of this text.  Their i.docx
wkyra78
 
Media and SocietyIn 1,100 words, complete the followingAn.docx
Media and SocietyIn 1,100 words, complete the followingAn.docxMedia and SocietyIn 1,100 words, complete the followingAn.docx
Media and SocietyIn 1,100 words, complete the followingAn.docx
wkyra78
 
MBA 5110 – Business Organization and ManagementMidterm ExamAns.docx
MBA 5110 – Business Organization and ManagementMidterm ExamAns.docxMBA 5110 – Business Organization and ManagementMidterm ExamAns.docx
MBA 5110 – Business Organization and ManagementMidterm ExamAns.docx
wkyra78
 

More from wkyra78 (20)

Melissa HinkhouseWeek 3-Original PostNURS 6050 Policy and A.docx
Melissa HinkhouseWeek 3-Original PostNURS 6050 Policy and A.docxMelissa HinkhouseWeek 3-Original PostNURS 6050 Policy and A.docx
Melissa HinkhouseWeek 3-Original PostNURS 6050 Policy and A.docx
 
Melissa HinkhouseAdvanced Pharmacology NURS-6521N-43Professo.docx
Melissa HinkhouseAdvanced Pharmacology NURS-6521N-43Professo.docxMelissa HinkhouseAdvanced Pharmacology NURS-6521N-43Professo.docx
Melissa HinkhouseAdvanced Pharmacology NURS-6521N-43Professo.docx
 
Meiner, S. E., & Yeager, J. J. (2019). Chapter 17Chap.docx
Meiner, S. E., & Yeager, J. J. (2019).    Chapter 17Chap.docxMeiner, S. E., & Yeager, J. J. (2019).    Chapter 17Chap.docx
Meiner, S. E., & Yeager, J. J. (2019). Chapter 17Chap.docx
 
member is a security software architect in a cloud service provider .docx
member is a security software architect in a cloud service provider .docxmember is a security software architect in a cloud service provider .docx
member is a security software architect in a cloud service provider .docx
 
Melissa ShortridgeWeek 6COLLAPSEMy own attitude has ch.docx
Melissa ShortridgeWeek 6COLLAPSEMy own attitude has ch.docxMelissa ShortridgeWeek 6COLLAPSEMy own attitude has ch.docx
Melissa ShortridgeWeek 6COLLAPSEMy own attitude has ch.docx
 
Melissa is a 15-year-old high school student. Over the last week.docx
Melissa is a 15-year-old high school student. Over the last week.docxMelissa is a 15-year-old high school student. Over the last week.docx
Melissa is a 15-year-old high school student. Over the last week.docx
 
Measurement  of  the  angle  θ          .docx
Measurement  of  the  angle  θ          .docxMeasurement  of  the  angle  θ          .docx
Measurement  of  the  angle  θ          .docx
 
Measurement of the angle θ For better understanding .docx
Measurement of the angle θ     For better understanding .docxMeasurement of the angle θ     For better understanding .docx
Measurement of the angle θ For better understanding .docx
 
Meaning-Making Forum 2 (Week 5)Meaning-Making Forums 1-4 are thi.docx
Meaning-Making Forum 2 (Week 5)Meaning-Making Forums 1-4 are thi.docxMeaning-Making Forum 2 (Week 5)Meaning-Making Forums 1-4 are thi.docx
Meaning-Making Forum 2 (Week 5)Meaning-Making Forums 1-4 are thi.docx
 
MBA6231 - 1.1 - project charter.docxProject Charter Pr.docx
MBA6231 - 1.1 - project charter.docxProject Charter Pr.docxMBA6231 - 1.1 - project charter.docxProject Charter Pr.docx
MBA6231 - 1.1 - project charter.docxProject Charter Pr.docx
 
Medication Errors Led to Disastrous Outcomes1. Search th.docx
Medication Errors Led to Disastrous Outcomes1. Search th.docxMedication Errors Led to Disastrous Outcomes1. Search th.docx
Medication Errors Led to Disastrous Outcomes1. Search th.docx
 
Meet, call, Skype or Zoom with a retired athlete and interview himh.docx
Meet, call, Skype or Zoom with a retired athlete and interview himh.docxMeet, call, Skype or Zoom with a retired athlete and interview himh.docx
Meet, call, Skype or Zoom with a retired athlete and interview himh.docx
 
Medication Administration Make a list of the most common med.docx
Medication Administration Make a list of the most common med.docxMedication Administration Make a list of the most common med.docx
Medication Administration Make a list of the most common med.docx
 
media portfolio”about chapter 1 to 15 from the book  Ci.docx
media portfolio”about chapter 1 to 15 from the book  Ci.docxmedia portfolio”about chapter 1 to 15 from the book  Ci.docx
media portfolio”about chapter 1 to 15 from the book  Ci.docx
 
MediationNameAMUDate.docx
MediationNameAMUDate.docxMediationNameAMUDate.docx
MediationNameAMUDate.docx
 
Media coverage influences the publics perception of the crimina.docx
Media coverage influences the publics perception of the crimina.docxMedia coverage influences the publics perception of the crimina.docx
Media coverage influences the publics perception of the crimina.docx
 
Media Content AnalysisPurpose Evaluate the quality and value of.docx
Media Content AnalysisPurpose Evaluate the quality and value of.docxMedia Content AnalysisPurpose Evaluate the quality and value of.docx
Media Content AnalysisPurpose Evaluate the quality and value of.docx
 
Mayan gods and goddesses are very much a part of this text.  Their i.docx
Mayan gods and goddesses are very much a part of this text.  Their i.docxMayan gods and goddesses are very much a part of this text.  Their i.docx
Mayan gods and goddesses are very much a part of this text.  Their i.docx
 
Media and SocietyIn 1,100 words, complete the followingAn.docx
Media and SocietyIn 1,100 words, complete the followingAn.docxMedia and SocietyIn 1,100 words, complete the followingAn.docx
Media and SocietyIn 1,100 words, complete the followingAn.docx
 
MBA 5110 – Business Organization and ManagementMidterm ExamAns.docx
MBA 5110 – Business Organization and ManagementMidterm ExamAns.docxMBA 5110 – Business Organization and ManagementMidterm ExamAns.docx
MBA 5110 – Business Organization and ManagementMidterm ExamAns.docx
 

Recently uploaded

Adversarial Attention Modeling for Multi-dimensional Emotion Regression.pdf
Adversarial Attention Modeling for Multi-dimensional Emotion Regression.pdfAdversarial Attention Modeling for Multi-dimensional Emotion Regression.pdf
Adversarial Attention Modeling for Multi-dimensional Emotion Regression.pdf
Po-Chuan Chen
 
Model Attribute Check Company Auto Property
Model Attribute  Check Company Auto PropertyModel Attribute  Check Company Auto Property
Model Attribute Check Company Auto Property
Celine George
 
"Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe..."Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe...
SACHIN R KONDAGURI
 
Embracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic ImperativeEmbracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic Imperative
Peter Windle
 
Honest Reviews of Tim Han LMA Course Program.pptx
Honest Reviews of Tim Han LMA Course Program.pptxHonest Reviews of Tim Han LMA Course Program.pptx
Honest Reviews of Tim Han LMA Course Program.pptx
timhan337
 
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXXPhrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
MIRIAMSALINAS13
 
Introduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp NetworkIntroduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp Network
TechSoup
 
Guidance_and_Counselling.pdf B.Ed. 4th Semester
Guidance_and_Counselling.pdf B.Ed. 4th SemesterGuidance_and_Counselling.pdf B.Ed. 4th Semester
Guidance_and_Counselling.pdf B.Ed. 4th Semester
Atul Kumar Singh
 
How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17
Celine George
 
special B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdfspecial B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdf
Special education needs
 
Digital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and ResearchDigital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and Research
Vikramjit Singh
 
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptxSynthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
Pavel ( NSTU)
 
Francesca Gottschalk - How can education support child empowerment.pptx
Francesca Gottschalk - How can education support child empowerment.pptxFrancesca Gottschalk - How can education support child empowerment.pptx
Francesca Gottschalk - How can education support child empowerment.pptx
EduSkills OECD
 
The approach at University of Liverpool.pptx
The approach at University of Liverpool.pptxThe approach at University of Liverpool.pptx
The approach at University of Liverpool.pptx
Jisc
 
The basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptxThe basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptx
heathfieldcps1
 
The Roman Empire A Historical Colossus.pdf
The Roman Empire A Historical Colossus.pdfThe Roman Empire A Historical Colossus.pdf
The Roman Empire A Historical Colossus.pdf
kaushalkr1407
 
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
Nguyen Thanh Tu Collection
 
CACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdfCACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdf
camakaiclarkmusic
 
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER  FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...TESDA TM1 REVIEWER  FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
EugeneSaldivar
 
Palestine last event orientationfvgnh .pptx
Palestine last event orientationfvgnh .pptxPalestine last event orientationfvgnh .pptx
Palestine last event orientationfvgnh .pptx
RaedMohamed3
 

Recently uploaded (20)

Adversarial Attention Modeling for Multi-dimensional Emotion Regression.pdf
Adversarial Attention Modeling for Multi-dimensional Emotion Regression.pdfAdversarial Attention Modeling for Multi-dimensional Emotion Regression.pdf
Adversarial Attention Modeling for Multi-dimensional Emotion Regression.pdf
 
Model Attribute Check Company Auto Property
Model Attribute  Check Company Auto PropertyModel Attribute  Check Company Auto Property
Model Attribute Check Company Auto Property
 
"Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe..."Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe...
 
Embracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic ImperativeEmbracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic Imperative
 
Honest Reviews of Tim Han LMA Course Program.pptx
Honest Reviews of Tim Han LMA Course Program.pptxHonest Reviews of Tim Han LMA Course Program.pptx
Honest Reviews of Tim Han LMA Course Program.pptx
 
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXXPhrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
 
Introduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp NetworkIntroduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp Network
 
Guidance_and_Counselling.pdf B.Ed. 4th Semester
Guidance_and_Counselling.pdf B.Ed. 4th SemesterGuidance_and_Counselling.pdf B.Ed. 4th Semester
Guidance_and_Counselling.pdf B.Ed. 4th Semester
 
How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17
 
special B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdfspecial B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdf
 
Digital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and ResearchDigital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and Research
 
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptxSynthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
 
Francesca Gottschalk - How can education support child empowerment.pptx
Francesca Gottschalk - How can education support child empowerment.pptxFrancesca Gottschalk - How can education support child empowerment.pptx
Francesca Gottschalk - How can education support child empowerment.pptx
 
The approach at University of Liverpool.pptx
The approach at University of Liverpool.pptxThe approach at University of Liverpool.pptx
The approach at University of Liverpool.pptx
 
The basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptxThe basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptx
 
The Roman Empire A Historical Colossus.pdf
The Roman Empire A Historical Colossus.pdfThe Roman Empire A Historical Colossus.pdf
The Roman Empire A Historical Colossus.pdf
 
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
 
CACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdfCACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdf
 
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER  FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...TESDA TM1 REVIEWER  FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
 
Palestine last event orientationfvgnh .pptx
Palestine last event orientationfvgnh .pptxPalestine last event orientationfvgnh .pptx
Palestine last event orientationfvgnh .pptx
 

Project 7 Organization Security PlanChoose an organization from.docx

  • 1. Project 7: Organization Security Plan Choose an organization from the choices provided and prepare a security plan that provides security awareness policy using a security policy framework outline and according the Critical Infrastructure document which concentrates on the following integral keywords to cover the necessary elements of an organization security plan. These are: Identify, Protect, Detect, Respond, and Recover. The plan is a capstone of the work that you have accomplished in this course. You will use your outline to guide the outcome of the plan in addition to the keywords. The plan is an enterprise policy that includes the following considerations, analysis approach, and protections for the enterprise: · Identify threats and vulnerabilities. · Assign appropriate security controls to protect the infrastructure of the organization. · Prepare vulnerability scans and effective risk management protocols to ensure protections remain current and effective and detect any issues. · Initiate an incident response plan for responding to problems. · Develop a business continuity and disaster recovery plan to recover from interruptions in business whether manmade or geographical. This plan must be completed and submitted in MS Word format. Choose from one of the organizations below or request approval from your instructor via email for an alternate organization: • Department of Defense • Department of Homeland Security • General Dynamics Information Technology • JC Penney’s Corporate Office • University of Maryland • ITT Technical Institute • United States Marine Corp From the Critical Infrastructure document, align your
  • 2. organizational plan to reflect the intent of the document as follows from an excerpt taken from the document and ensure you read the document in its entirety: “The Framework complements, and does not replace, an organization’s risk management and cybersecurity program. The organization can use its current processes and leverage the Framework to identify opportunities to strengthen and communicate its management of cybersecurity risk while aligning with industry practices. Alternatively, an organization without an existing cybersecurity program can use the Framework as a reference to establish one. Just as the Framework is not industry-specific, the common taxonomy of standards, guidelines, and practices that it provides also is not country-specific. Organizations outside the United States may also use the Framework to strengthen their own cybersecurity efforts, and the Framework can contribute to developing a common language for international cooperation on critical infrastructure cybersecurity.” 1.1 Overview of the Framework The Framework is a risk-based approach to managing cybersecurity risk, and is composed of three parts: the Framework Core, the Framework Implementation Tiers, and the Framework Profiles. Each Framework component reinforces the connection between business drivers and cybersecurity activities. These components are explained below. • The Framework Core is a set of cybersecurity activities, desired outcomes, and applicable references that are common across critical infrastructure sectors. The Core presents industry standards, guidelines, and practices in a manner that allows for communication of cybersecurity activities and outcomes across the organization from the executive level to the implementation/operations level. The Framework Core consists of five concurrent and continuous Functions—Identify, Protect, Detect, Respond, Recover. When considered together, these Functions provide a high-level, strategic view of the lifecycle of an organization’s management of cybersecurity risk. The
  • 3. Framework Core then identifies underlying key Categories and Subcategories for each Function, and matches them with example Informative References such as existing standards, guidelines, and practices for each Subcategory. · Framework Implementation Tiers (“Tiers”) provide context on how an organization views cybersecurity risk and the processes in place to manage that risk. Tiers describe the degree to which an organization’s cybersecurity risk management practices exhibit the characteristics defined in the Framework (e.g., risk and threat aware, repeatable, and adaptive). The Tiers characterize an organization’s practices over a range, from Partial (Tier 1) to Adaptive (Tier 4). These Tiers reflect a progression from informal, reactive responses to approaches that are agile and risk-informed. During the Tier selection process, an organization should consider its current risk management practices, threat environment, legal and regulatory requirements, business/mission objectives, and organizational constraints. A Framework Profile (“Profile”) represents the outcomes based on business needs that an organization has selected from the Framework Categories and Subcategories. The Profile can be characterized as the alignment of standards, guidelines, and practices to the Framework Core in a particular implementation scenario. Profiles can be used to identify opportunities for improving cybersecurity posture by comparing a “Current” Profile (the “as is” state) with a “Target” Profile (the “to be” state). To develop a Profile, an organization can review all of the Categories and Subcategories and, based on business drivers and a risk assessment, determine which are most important; they can add Categories and Subcategories as needed to address the organization’s risks. The Current Profile can then be used to support prioritization and measurement of progress toward the Target Profile, while factoring in other business needs including
  • 4. cost-effectiveness and innovation. Profiles can be used to conduct self-assessments and communicate within an organization or between organizations. 1.2 Risk Management and the Cybersecurity Framework Risk management is the ongoing process of identifying, assessing, and responding to risk. To manage risk, organizations should understand the likelihood that an event will occur and the resulting impact. With this information, organizations can determine the acceptable level of risk for delivery of services and can express this as their risk tolerance. With an understanding of risk tolerance, organizations can prioritize cybersecurity activities, enabling organizations to make informed decisions about cybersecurity expenditures. Implementation of risk management programs offers organizations the ability to quantify and communicate adjustments to their cybersecurity programs. Organizations may choose to handle risk in different ways, including mitigating the risk, transferring the risk, avoiding the risk, or accepting the risk, depending on the potential impact to the delivery of critical services. The Framework uses risk management processes to enable organizations to inform and prioritize decisions regarding cybersecurity. It supports recurring risk assessments and validation of business drivers to help organizations select target states for cybersecurity activities that reflect desired outcomes. Thus, the Framework gives organizations the ability to dynamically select and direct improvement in cybersecurity risk management for the IT and ICS environments.” Your organization plan must be a comprehensive approach identifying the framework for enabling organizations to establish cybersecurity policy in the enterprise. Submit to your assignment folder by the due date assigned in your syllabus schedule.