SlideShare a Scribd company logo

Project 7 Organization Security PlanChoose an organization from.docx

Download as DOCX, PDF
W
wkyra78

Project 7: Organization Security Plan Choose an organization from the choices provided and prepare a security plan that provides security awareness policy using a security policy framework outline and according the Critical Infrastructure document which concentrates on the following integral keywords to cover the necessary elements of an organization security plan. These are: Identify, Protect, Detect, Respond, and Recover. The plan is a capstone of the work that you have accomplished in this course. You will use your outline to guide the outcome of the plan in addition to the keywords. The plan is an enterprise policy that includes the following considerations, analysis approach, and protections for the enterprise: · Identify threats and vulnerabilities. · Assign appropriate security controls to protect the infrastructure of the organization. · Prepare vulnerability scans and effective risk management protocols to ensure protections remain current and effective and detect any issues. · Initiate an incident response plan for responding to problems. · Develop a business continuity and disaster recovery plan to recover from interruptions in business whether manmade or geographical. This plan must be completed and submitted in MS Word format. Choose from one of the organizations below or request approval from your instructor via email for an alternate organization: • Department of Defense • Department of Homeland Security • General Dynamics Information Technology • JC Penney’s Corporate Office • University of Maryland • ITT Technical Institute • United States Marine Corp From the Critical Infrastructure document, align your organizational plan to reflect the intent of the document as follows from an excerpt taken from the document and ensure you read the document in its entirety: “The Framework complements, and does not replace, an organization’s risk management and cybersecurity program. The organization can use its current processes and leverage the Framework to identify opportunities to strengthen and communicate its management of cybersecurity risk while aligning with industry practices. Alternatively, an organization without an existing cybersecurity program can use the Framework as a reference to establish one. Just as the Framework is not industry-specific, the common taxonomy of standards, guidelines, and practices that it provides also is not country-specific. Organizations outside the United States may also use the Framework to strengthen their own cybersecurity efforts, and the Framework can contribute to developing a common language for international cooperation on critical infrastructure cybersecurity.” 1.1 Overview of the Framework The Framework is a risk-based approach to managing cybersecurity risk, and is composed of three parts: the Framework Core, the Framework Implementation Tiers, and the Framework Profiles. Each Framework component reinforces the connection between business drivers and cybersecurity activities. The ...

Education
1 of 5
Project 7: Organization Security Plan Choose an organization from the choices provided and prepare a security plan that provides security awareness policy using a security policy framework outline and according the Critical Infrastructure document which concentrates on the following integral keywords to cover the necessary elements of an organization security plan. These are: Identify, Protect, Detect, Respond, and Recover. The plan is a capstone of the work that you have accomplished in this course. You will use your outline to guide the outcome of the plan in addition to the keywords. The plan is an enterprise policy that includes the following considerations, analysis approach, and protections for the enterprise: · Identify threats and vulnerabilities. · Assign appropriate security controls to protect the infrastructure of the organization. · Prepare vulnerability scans and effective risk management protocols to ensure protections remain current and effective and detect any issues. · Initiate an incident response plan for responding to problems. · Develop a business continuity and disaster recovery plan to recover from interruptions in business whether manmade or geographical. This plan must be completed and submitted in MS Word format. Choose from one of the organizations below or request approval from your instructor via email for an alternate organization: • Department of Defense • Department of Homeland Security • General Dynamics Information Technology • JC Penney’s Corporate Office • University of Maryland • ITT Technical Institute • United States Marine Corp From the Critical Infrastructure document, align your
organizational plan to reflect the intent of the document as follows from an excerpt taken from the document and ensure you read the document in its entirety: “The Framework complements, and does not replace, an organization’s risk management and cybersecurity program. The organization can use its current processes and leverage the Framework to identify opportunities to strengthen and communicate its management of cybersecurity risk while aligning with industry practices. Alternatively, an organization without an existing cybersecurity program can use the Framework as a reference to establish one. Just as the Framework is not industry-specific, the common taxonomy of standards, guidelines, and practices that it provides also is not country-specific. Organizations outside the United States may also use the Framework to strengthen their own cybersecurity efforts, and the Framework can contribute to developing a common language for international cooperation on critical infrastructure cybersecurity.” 1.1 Overview of the Framework The Framework is a risk-based approach to managing cybersecurity risk, and is composed of three parts: the Framework Core, the Framework Implementation Tiers, and the Framework Profiles. Each Framework component reinforces the connection between business drivers and cybersecurity activities. These components are explained below. • The Framework Core is a set of cybersecurity activities, desired outcomes, and applicable references that are common across critical infrastructure sectors. The Core presents industry standards, guidelines, and practices in a manner that allows for communication of cybersecurity activities and outcomes across the organization from the executive level to the implementation/operations level. The Framework Core consists of five concurrent and continuous Functions—Identify, Protect, Detect, Respond, Recover. When considered together, these Functions provide a high-level, strategic view of the lifecycle of an organization’s management of cybersecurity risk. The
Framework Core then identifies underlying key Categories and Subcategories for each Function, and matches them with example Informative References such as existing standards, guidelines, and practices for each Subcategory. · Framework Implementation Tiers (“Tiers”) provide context on how an organization views cybersecurity risk and the processes in place to manage that risk. Tiers describe the degree to which an organization’s cybersecurity risk management practices exhibit the characteristics defined in the Framework (e.g., risk and threat aware, repeatable, and adaptive). The Tiers characterize an organization’s practices over a range, from Partial (Tier 1) to Adaptive (Tier 4). These Tiers reflect a progression from informal, reactive responses to approaches that are agile and risk-informed. During the Tier selection process, an organization should consider its current risk management practices, threat environment, legal and regulatory requirements, business/mission objectives, and organizational constraints. A Framework Profile (“Profile”) represents the outcomes based on business needs that an organization has selected from the Framework Categories and Subcategories. The Profile can be characterized as the alignment of standards, guidelines, and practices to the Framework Core in a particular implementation scenario. Profiles can be used to identify opportunities for improving cybersecurity posture by comparing a “Current” Profile (the “as is” state) with a “Target” Profile (the “to be” state). To develop a Profile, an organization can review all of the Categories and Subcategories and, based on business drivers and a risk assessment, determine which are most important; they can add Categories and Subcategories as needed to address the organization’s risks. The Current Profile can then be used to support prioritization and measurement of progress toward the Target Profile, while factoring in other business needs including
cost-effectiveness and innovation. Profiles can be used to conduct self-assessments and communicate within an organization or between organizations. 1.2 Risk Management and the Cybersecurity Framework Risk management is the ongoing process of identifying, assessing, and responding to risk. To manage risk, organizations should understand the likelihood that an event will occur and the resulting impact. With this information, organizations can determine the acceptable level of risk for delivery of services and can express this as their risk tolerance. With an understanding of risk tolerance, organizations can prioritize cybersecurity activities, enabling organizations to make informed decisions about cybersecurity expenditures. Implementation of risk management programs offers organizations the ability to quantify and communicate adjustments to their cybersecurity programs. Organizations may choose to handle risk in different ways, including mitigating the risk, transferring the risk, avoiding the risk, or accepting the risk, depending on the potential impact to the delivery of critical services. The Framework uses risk management processes to enable organizations to inform and prioritize decisions regarding cybersecurity. It supports recurring risk assessments and validation of business drivers to help organizations select target states for cybersecurity activities that reflect desired outcomes. Thus, the Framework gives organizations the ability to dynamically select and direct improvement in cybersecurity risk management for the IT and ICS environments.” Your organization plan must be a comprehensive approach identifying the framework for enabling organizations to establish cybersecurity policy in the enterprise. Submit to your assignment folder by the due date assigned in your syllabus schedule.
Project 7 Organization Security PlanChoose an organization from.docx

Recommended

Project 7 - Organization Security PlanChoose an organization fro.docx
Project 7 - Organization Security PlanChoose an organization fro.docxProject 7 - Organization Security PlanChoose an organization fro.docx
Project 7 - Organization Security PlanChoose an organization fro.docxanitramcroberts
 
Improving Cyber Readiness with the NIST Cybersecurity Framework
Improving Cyber Readiness with the NIST Cybersecurity FrameworkImproving Cyber Readiness with the NIST Cybersecurity Framework
Improving Cyber Readiness with the NIST Cybersecurity FrameworkWilliam McBorrough
 
D e c e m b e r 2 0 1 4 J O U R N A L O F I N T E R N E T
D e c e m b e r 2 0 1 4 J O U R N A L O F I N T E R N E T D e c e m b e r 2 0 1 4 J O U R N A L O F I N T E R N E T
D e c e m b e r 2 0 1 4 J O U R N A L O F I N T E R N E T OllieShoresna
 
The security risk management guide
The security risk management guideThe security risk management guide
The security risk management guideSergey Erohin
 
The security risk management guide
The security risk management guideThe security risk management guide
The security risk management guideSergey Erohin
 
Chapter 1The International Information Systems Security Certifi.docx
Chapter 1The International Information Systems Security Certifi.docxChapter 1The International Information Systems Security Certifi.docx
Chapter 1The International Information Systems Security Certifi.docxcravennichole326
 
Risk Assessment Famework
Risk Assessment FameworkRisk Assessment Famework
Risk Assessment Fameworklneut03
 
Ffiec cat may_2017
Ffiec cat may_2017Ffiec cat may_2017
Ffiec cat may_2017Josef Sulca Cueva
 

Recommended

Project 7 - Organization Security PlanChoose an organization fro.docx
Project 7 - Organization Security PlanChoose an organization fro.docxProject 7 - Organization Security PlanChoose an organization fro.docx
Project 7 - Organization Security PlanChoose an organization fro.docxanitramcroberts
 
Improving Cyber Readiness with the NIST Cybersecurity Framework
Improving Cyber Readiness with the NIST Cybersecurity FrameworkImproving Cyber Readiness with the NIST Cybersecurity Framework
Improving Cyber Readiness with the NIST Cybersecurity FrameworkWilliam McBorrough
 
D e c e m b e r 2 0 1 4 J O U R N A L O F I N T E R N E T
D e c e m b e r 2 0 1 4 J O U R N A L O F I N T E R N E T D e c e m b e r 2 0 1 4 J O U R N A L O F I N T E R N E T
D e c e m b e r 2 0 1 4 J O U R N A L O F I N T E R N E T OllieShoresna
 
The security risk management guide
The security risk management guideThe security risk management guide
The security risk management guideSergey Erohin
 
The security risk management guide
The security risk management guideThe security risk management guide
The security risk management guideSergey Erohin
 
Chapter 1The International Information Systems Security Certifi.docx
Chapter 1The International Information Systems Security Certifi.docxChapter 1The International Information Systems Security Certifi.docx
Chapter 1The International Information Systems Security Certifi.docxcravennichole326
 
Risk Assessment Famework
Risk Assessment FameworkRisk Assessment Famework
Risk Assessment Fameworklneut03
 
Ffiec cat may_2017
Ffiec cat may_2017Ffiec cat may_2017
Ffiec cat may_2017Josef Sulca Cueva
 
Security-Brochure
Security-BrochureSecurity-Brochure
Security-BrochurePrahlad Reddy
 
Security-Brochure
Security-BrochureSecurity-Brochure
Security-BrochureTyler Carlson
 
For our discussion question, we focus on recent trends in security t.pdf
For our discussion question, we focus on recent trends in security t.pdfFor our discussion question, we focus on recent trends in security t.pdf
For our discussion question, we focus on recent trends in security t.pdfalokkesh
 
Happiest Minds NIST CSF compliance Brochure
Happiest Minds NIST CSF compliance BrochureHappiest Minds NIST CSF compliance Brochure
Happiest Minds NIST CSF compliance BrochureSuresh Kanniappan
 
Cyber Security Program Realization in the Mid Market - Executive Summary
Cyber Security Program Realization in the Mid Market - Executive SummaryCyber Security Program Realization in the Mid Market - Executive Summary
Cyber Security Program Realization in the Mid Market - Executive SummarySteve Leventhal
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITYharsh arora
 
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_NewsletterSTRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_NewsletterDion K Hamilton
 
Connection can help keep your business secure!
Connection can help keep your business secure!Connection can help keep your business secure!
Connection can help keep your business secure!Heather Salmons Newswanger
 
Information Security Maturity Model
Information Security Maturity ModelInformation Security Maturity Model
Information Security Maturity ModelCSCJournals
 
NIST to CSF to ISO or EC 27002 2022 with NIST
NIST to CSF to ISO or EC 27002 2022 with NISTNIST to CSF to ISO or EC 27002 2022 with NIST
NIST to CSF to ISO or EC 27002 2022 with NISTebonyman0007
 
1chapter42BaseTech Principles of Computer Securit.docx
1chapter42BaseTech Principles of Computer Securit.docx1chapter42BaseTech Principles of Computer Securit.docx
1chapter42BaseTech Principles of Computer Securit.docxdurantheseldine
 
CHAPTER 5Risk Response and MitigationIn this chapter, you will
CHAPTER 5Risk Response and MitigationIn this chapter, you willCHAPTER 5Risk Response and MitigationIn this chapter, you will
CHAPTER 5Risk Response and MitigationIn this chapter, you willJinElias52
 
CHAPTER 5Risk Response and MitigationIn this chapter, you will.docx
CHAPTER 5Risk Response and MitigationIn this chapter, you will.docxCHAPTER 5Risk Response and MitigationIn this chapter, you will.docx
CHAPTER 5Risk Response and MitigationIn this chapter, you will.docxAbhinav816839
 
Management of risk introduction
Management of risk introductionManagement of risk introduction
Management of risk introductionSpyros Ktenas
 
CompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxCompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxInfosectrain3
 
Toward a Trusted Supply Chain White Paper from Microsoft
Toward a Trusted Supply Chain White Paper from MicrosoftToward a Trusted Supply Chain White Paper from Microsoft
Toward a Trusted Supply Chain White Paper from MicrosoftDavid J Rosenthal
 
White paper pragmatic safety solutions
White paper pragmatic safety solutionsWhite paper pragmatic safety solutions
White paper pragmatic safety solutionsCraig Tappel
 
The Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk AssessmentThe Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk AssessmentBradley Susser
 
Facilitated Risk Analysis Process - Tareq Hanaysha
Facilitated Risk Analysis Process - Tareq HanayshaFacilitated Risk Analysis Process - Tareq Hanaysha
Facilitated Risk Analysis Process - Tareq HanayshaHanaysha
 
Lesson 3
Lesson 3Lesson 3
Lesson 3MLG College of Learning, Inc
 
Melissa HinkhouseWeek 3-Original PostNURS 6050 Policy and A.docx
Melissa HinkhouseWeek 3-Original PostNURS 6050 Policy and A.docxMelissa HinkhouseWeek 3-Original PostNURS 6050 Policy and A.docx
Melissa HinkhouseWeek 3-Original PostNURS 6050 Policy and A.docxwkyra78
 
Melissa HinkhouseAdvanced Pharmacology NURS-6521N-43Professo.docx
Melissa HinkhouseAdvanced Pharmacology NURS-6521N-43Professo.docxMelissa HinkhouseAdvanced Pharmacology NURS-6521N-43Professo.docx
Melissa HinkhouseAdvanced Pharmacology NURS-6521N-43Professo.docxwkyra78
 

More Related Content

Similar to Project 7 Organization Security PlanChoose an organization from.docx

For our discussion question, we focus on recent trends in security t.pdf
For our discussion question, we focus on recent trends in security t.pdfFor our discussion question, we focus on recent trends in security t.pdf
For our discussion question, we focus on recent trends in security t.pdfalokkesh
 
Happiest Minds NIST CSF compliance Brochure
Happiest Minds NIST CSF compliance BrochureHappiest Minds NIST CSF compliance Brochure
Happiest Minds NIST CSF compliance BrochureSuresh Kanniappan
 
Cyber Security Program Realization in the Mid Market - Executive Summary
Cyber Security Program Realization in the Mid Market - Executive SummaryCyber Security Program Realization in the Mid Market - Executive Summary
Cyber Security Program Realization in the Mid Market - Executive SummarySteve Leventhal
 
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_NewsletterSTRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_NewsletterDion K Hamilton
 
Connection can help keep your business secure!
Connection can help keep your business secure!Connection can help keep your business secure!
Connection can help keep your business secure!Heather Salmons Newswanger
 
Information Security Maturity Model
Information Security Maturity ModelInformation Security Maturity Model
Information Security Maturity ModelCSCJournals
 
NIST to CSF to ISO or EC 27002 2022 with NIST
NIST to CSF to ISO or EC 27002 2022 with NISTNIST to CSF to ISO or EC 27002 2022 with NIST
NIST to CSF to ISO or EC 27002 2022 with NISTebonyman0007
 
1chapter42BaseTech Principles of Computer Securit.docx
1chapter42BaseTech Principles of Computer Securit.docx1chapter42BaseTech Principles of Computer Securit.docx
1chapter42BaseTech Principles of Computer Securit.docxdurantheseldine
 
CHAPTER 5Risk Response and MitigationIn this chapter, you will
CHAPTER 5Risk Response and MitigationIn this chapter, you willCHAPTER 5Risk Response and MitigationIn this chapter, you will
CHAPTER 5Risk Response and MitigationIn this chapter, you willJinElias52
 
CHAPTER 5Risk Response and MitigationIn this chapter, you will.docx
CHAPTER 5Risk Response and MitigationIn this chapter, you will.docxCHAPTER 5Risk Response and MitigationIn this chapter, you will.docx
CHAPTER 5Risk Response and MitigationIn this chapter, you will.docxAbhinav816839
 
Management of risk introduction
Management of risk introductionManagement of risk introduction
Management of risk introductionSpyros Ktenas
 
CompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxCompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxInfosectrain3
 
Toward a Trusted Supply Chain White Paper from Microsoft
Toward a Trusted Supply Chain White Paper from MicrosoftToward a Trusted Supply Chain White Paper from Microsoft
Toward a Trusted Supply Chain White Paper from MicrosoftDavid J Rosenthal
 
White paper pragmatic safety solutions
White paper pragmatic safety solutionsWhite paper pragmatic safety solutions
White paper pragmatic safety solutionsCraig Tappel
 
The Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk AssessmentThe Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk AssessmentBradley Susser
 
Facilitated Risk Analysis Process - Tareq Hanaysha
Facilitated Risk Analysis Process - Tareq HanayshaFacilitated Risk Analysis Process - Tareq Hanaysha
Facilitated Risk Analysis Process - Tareq HanayshaHanaysha
 

Similar to Project 7 Organization Security PlanChoose an organization from.docx (20)

Security-Brochure
Security-BrochureSecurity-Brochure
Security-Brochure
 
Security-Brochure
Security-BrochureSecurity-Brochure
Security-Brochure
 
For our discussion question, we focus on recent trends in security t.pdf
For our discussion question, we focus on recent trends in security t.pdfFor our discussion question, we focus on recent trends in security t.pdf
For our discussion question, we focus on recent trends in security t.pdf
 
Happiest Minds NIST CSF compliance Brochure
Happiest Minds NIST CSF compliance BrochureHappiest Minds NIST CSF compliance Brochure
Happiest Minds NIST CSF compliance Brochure
 
Cyber Security Program Realization in the Mid Market - Executive Summary
Cyber Security Program Realization in the Mid Market - Executive SummaryCyber Security Program Realization in the Mid Market - Executive Summary
Cyber Security Program Realization in the Mid Market - Executive Summary
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
 
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_NewsletterSTRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
 
Connection can help keep your business secure!
Connection can help keep your business secure!Connection can help keep your business secure!
Connection can help keep your business secure!
 
Information Security Maturity Model
Information Security Maturity ModelInformation Security Maturity Model
Information Security Maturity Model
 
NIST to CSF to ISO or EC 27002 2022 with NIST
NIST to CSF to ISO or EC 27002 2022 with NISTNIST to CSF to ISO or EC 27002 2022 with NIST
NIST to CSF to ISO or EC 27002 2022 with NIST
 
1chapter42BaseTech Principles of Computer Securit.docx
1chapter42BaseTech Principles of Computer Securit.docx1chapter42BaseTech Principles of Computer Securit.docx
1chapter42BaseTech Principles of Computer Securit.docx
 
CHAPTER 5Risk Response and MitigationIn this chapter, you will
CHAPTER 5Risk Response and MitigationIn this chapter, you willCHAPTER 5Risk Response and MitigationIn this chapter, you will
CHAPTER 5Risk Response and MitigationIn this chapter, you will
 
CHAPTER 5Risk Response and MitigationIn this chapter, you will.docx
CHAPTER 5Risk Response and MitigationIn this chapter, you will.docxCHAPTER 5Risk Response and MitigationIn this chapter, you will.docx
CHAPTER 5Risk Response and MitigationIn this chapter, you will.docx
 
Management of risk introduction
Management of risk introductionManagement of risk introduction
Management of risk introduction
 
CompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxCompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptx
 
Toward a Trusted Supply Chain White Paper from Microsoft
Toward a Trusted Supply Chain White Paper from MicrosoftToward a Trusted Supply Chain White Paper from Microsoft
Toward a Trusted Supply Chain White Paper from Microsoft
 
White paper pragmatic safety solutions
White paper pragmatic safety solutionsWhite paper pragmatic safety solutions
White paper pragmatic safety solutions
 
The Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk AssessmentThe Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk Assessment
 
Facilitated Risk Analysis Process - Tareq Hanaysha
Facilitated Risk Analysis Process - Tareq HanayshaFacilitated Risk Analysis Process - Tareq Hanaysha
Facilitated Risk Analysis Process - Tareq Hanaysha
 
Lesson 3
Lesson 3Lesson 3
Lesson 3
 

More from wkyra78

Melissa HinkhouseWeek 3-Original PostNURS 6050 Policy and A.docx
Melissa HinkhouseWeek 3-Original PostNURS 6050 Policy and A.docxMelissa HinkhouseWeek 3-Original PostNURS 6050 Policy and A.docx
Melissa HinkhouseWeek 3-Original PostNURS 6050 Policy and A.docxwkyra78
 
Melissa HinkhouseAdvanced Pharmacology NURS-6521N-43Professo.docx
Melissa HinkhouseAdvanced Pharmacology NURS-6521N-43Professo.docxMelissa HinkhouseAdvanced Pharmacology NURS-6521N-43Professo.docx
Melissa HinkhouseAdvanced Pharmacology NURS-6521N-43Professo.docxwkyra78
 
Meiner, S. E., & Yeager, J. J. (2019). Chapter 17Chap.docx
Meiner, S. E., & Yeager, J. J. (2019). Chapter 17Chap.docxMeiner, S. E., & Yeager, J. J. (2019). Chapter 17Chap.docx
Meiner, S. E., & Yeager, J. J. (2019). Chapter 17Chap.docxwkyra78
 
member is a security software architect in a cloud service provider .docx
member is a security software architect in a cloud service provider .docxmember is a security software architect in a cloud service provider .docx
member is a security software architect in a cloud service provider .docxwkyra78
 
Melissa ShortridgeWeek 6COLLAPSEMy own attitude has ch.docx
Melissa ShortridgeWeek 6COLLAPSEMy own attitude has ch.docxMelissa ShortridgeWeek 6COLLAPSEMy own attitude has ch.docx
Melissa ShortridgeWeek 6COLLAPSEMy own attitude has ch.docxwkyra78
 
Melissa is a 15-year-old high school student. Over the last week.docx
Melissa is a 15-year-old high school student. Over the last week.docxMelissa is a 15-year-old high school student. Over the last week.docx
Melissa is a 15-year-old high school student. Over the last week.docxwkyra78
 
Measurement  of  the  angle  θ          .docx
Measurement  of  the  angle  θ          .docxMeasurement  of  the  angle  θ          .docx
Measurement  of  the  angle  θ          .docxwkyra78
 
Measurement of the angle θ For better understanding .docx
Measurement of the angle θ For better understanding .docxMeasurement of the angle θ For better understanding .docx
Measurement of the angle θ For better understanding .docxwkyra78
 
Meaning-Making Forum 2 (Week 5)Meaning-Making Forums 1-4 are thi.docx
Meaning-Making Forum 2 (Week 5)Meaning-Making Forums 1-4 are thi.docxMeaning-Making Forum 2 (Week 5)Meaning-Making Forums 1-4 are thi.docx
Meaning-Making Forum 2 (Week 5)Meaning-Making Forums 1-4 are thi.docxwkyra78
 
MBA6231 - 1.1 - project charter.docxProject Charter Pr.docx
MBA6231 - 1.1 - project charter.docxProject Charter Pr.docxMBA6231 - 1.1 - project charter.docxProject Charter Pr.docx
MBA6231 - 1.1 - project charter.docxProject Charter Pr.docxwkyra78
 
Medication Errors Led to Disastrous Outcomes1. Search th.docx
Medication Errors Led to Disastrous Outcomes1. Search th.docxMedication Errors Led to Disastrous Outcomes1. Search th.docx
Medication Errors Led to Disastrous Outcomes1. Search th.docxwkyra78
 
Meet, call, Skype or Zoom with a retired athlete and interview himh.docx
Meet, call, Skype or Zoom with a retired athlete and interview himh.docxMeet, call, Skype or Zoom with a retired athlete and interview himh.docx
Meet, call, Skype or Zoom with a retired athlete and interview himh.docxwkyra78
 
Medication Administration Make a list of the most common med.docx
Medication Administration Make a list of the most common med.docxMedication Administration Make a list of the most common med.docx
Medication Administration Make a list of the most common med.docxwkyra78
 
media portfolio”about chapter 1 to 15 from the book  Ci.docx
media portfolio”about chapter 1 to 15 from the book  Ci.docxmedia portfolio”about chapter 1 to 15 from the book  Ci.docx
media portfolio”about chapter 1 to 15 from the book  Ci.docxwkyra78
 
MediationNameAMUDate.docx
MediationNameAMUDate.docxMediationNameAMUDate.docx
MediationNameAMUDate.docxwkyra78
 
Media coverage influences the publics perception of the crimina.docx
Media coverage influences the publics perception of the crimina.docxMedia coverage influences the publics perception of the crimina.docx
Media coverage influences the publics perception of the crimina.docxwkyra78
 
Media Content AnalysisPurpose Evaluate the quality and value of.docx
Media Content AnalysisPurpose Evaluate the quality and value of.docxMedia Content AnalysisPurpose Evaluate the quality and value of.docx
Media Content AnalysisPurpose Evaluate the quality and value of.docxwkyra78
 
Mayan gods and goddesses are very much a part of this text.  Their i.docx
Mayan gods and goddesses are very much a part of this text.  Their i.docxMayan gods and goddesses are very much a part of this text.  Their i.docx
Mayan gods and goddesses are very much a part of this text.  Their i.docxwkyra78
 
Media and SocietyIn 1,100 words, complete the followingAn.docx
Media and SocietyIn 1,100 words, complete the followingAn.docxMedia and SocietyIn 1,100 words, complete the followingAn.docx
Media and SocietyIn 1,100 words, complete the followingAn.docxwkyra78
 
MBA 5110 – Business Organization and ManagementMidterm ExamAns.docx
MBA 5110 – Business Organization and ManagementMidterm ExamAns.docxMBA 5110 – Business Organization and ManagementMidterm ExamAns.docx
MBA 5110 – Business Organization and ManagementMidterm ExamAns.docxwkyra78
 

More from wkyra78 (20)

Melissa HinkhouseWeek 3-Original PostNURS 6050 Policy and A.docx
Melissa HinkhouseWeek 3-Original PostNURS 6050 Policy and A.docxMelissa HinkhouseWeek 3-Original PostNURS 6050 Policy and A.docx
Melissa HinkhouseWeek 3-Original PostNURS 6050 Policy and A.docx
 
Melissa HinkhouseAdvanced Pharmacology NURS-6521N-43Professo.docx
Melissa HinkhouseAdvanced Pharmacology NURS-6521N-43Professo.docxMelissa HinkhouseAdvanced Pharmacology NURS-6521N-43Professo.docx
Melissa HinkhouseAdvanced Pharmacology NURS-6521N-43Professo.docx
 
Meiner, S. E., & Yeager, J. J. (2019). Chapter 17Chap.docx
Meiner, S. E., & Yeager, J. J. (2019). Chapter 17Chap.docxMeiner, S. E., & Yeager, J. J. (2019). Chapter 17Chap.docx
Meiner, S. E., & Yeager, J. J. (2019). Chapter 17Chap.docx
 
member is a security software architect in a cloud service provider .docx
member is a security software architect in a cloud service provider .docxmember is a security software architect in a cloud service provider .docx
member is a security software architect in a cloud service provider .docx
 
Melissa ShortridgeWeek 6COLLAPSEMy own attitude has ch.docx
Melissa ShortridgeWeek 6COLLAPSEMy own attitude has ch.docxMelissa ShortridgeWeek 6COLLAPSEMy own attitude has ch.docx
Melissa ShortridgeWeek 6COLLAPSEMy own attitude has ch.docx
 
Melissa is a 15-year-old high school student. Over the last week.docx
Melissa is a 15-year-old high school student. Over the last week.docxMelissa is a 15-year-old high school student. Over the last week.docx
Melissa is a 15-year-old high school student. Over the last week.docx
 
Measurement  of  the  angle  θ          .docx
Measurement  of  the  angle  θ          .docxMeasurement  of  the  angle  θ          .docx
Measurement  of  the  angle  θ          .docx
 
Measurement of the angle θ For better understanding .docx
Measurement of the angle θ For better understanding .docxMeasurement of the angle θ For better understanding .docx
Measurement of the angle θ For better understanding .docx
 
Meaning-Making Forum 2 (Week 5)Meaning-Making Forums 1-4 are thi.docx
Meaning-Making Forum 2 (Week 5)Meaning-Making Forums 1-4 are thi.docxMeaning-Making Forum 2 (Week 5)Meaning-Making Forums 1-4 are thi.docx
Meaning-Making Forum 2 (Week 5)Meaning-Making Forums 1-4 are thi.docx
 
MBA6231 - 1.1 - project charter.docxProject Charter Pr.docx
MBA6231 - 1.1 - project charter.docxProject Charter Pr.docxMBA6231 - 1.1 - project charter.docxProject Charter Pr.docx
MBA6231 - 1.1 - project charter.docxProject Charter Pr.docx
 
Medication Errors Led to Disastrous Outcomes1. Search th.docx
Medication Errors Led to Disastrous Outcomes1. Search th.docxMedication Errors Led to Disastrous Outcomes1. Search th.docx
Medication Errors Led to Disastrous Outcomes1. Search th.docx
 
Meet, call, Skype or Zoom with a retired athlete and interview himh.docx
Meet, call, Skype or Zoom with a retired athlete and interview himh.docxMeet, call, Skype or Zoom with a retired athlete and interview himh.docx
Meet, call, Skype or Zoom with a retired athlete and interview himh.docx
 
Medication Administration Make a list of the most common med.docx
Medication Administration Make a list of the most common med.docxMedication Administration Make a list of the most common med.docx
Medication Administration Make a list of the most common med.docx
 
media portfolio”about chapter 1 to 15 from the book  Ci.docx
media portfolio”about chapter 1 to 15 from the book  Ci.docxmedia portfolio”about chapter 1 to 15 from the book  Ci.docx
media portfolio”about chapter 1 to 15 from the book  Ci.docx
 
MediationNameAMUDate.docx
MediationNameAMUDate.docxMediationNameAMUDate.docx
MediationNameAMUDate.docx
 
Media coverage influences the publics perception of the crimina.docx
Media coverage influences the publics perception of the crimina.docxMedia coverage influences the publics perception of the crimina.docx
Media coverage influences the publics perception of the crimina.docx
 
Media Content AnalysisPurpose Evaluate the quality and value of.docx
Media Content AnalysisPurpose Evaluate the quality and value of.docxMedia Content AnalysisPurpose Evaluate the quality and value of.docx
Media Content AnalysisPurpose Evaluate the quality and value of.docx
 
Mayan gods and goddesses are very much a part of this text.  Their i.docx
Mayan gods and goddesses are very much a part of this text.  Their i.docxMayan gods and goddesses are very much a part of this text.  Their i.docx
Mayan gods and goddesses are very much a part of this text.  Their i.docx
 
Media and SocietyIn 1,100 words, complete the followingAn.docx
Media and SocietyIn 1,100 words, complete the followingAn.docxMedia and SocietyIn 1,100 words, complete the followingAn.docx
Media and SocietyIn 1,100 words, complete the followingAn.docx
 
MBA 5110 – Business Organization and ManagementMidterm ExamAns.docx
MBA 5110 – Business Organization and ManagementMidterm ExamAns.docxMBA 5110 – Business Organization and ManagementMidterm ExamAns.docx
MBA 5110 – Business Organization and ManagementMidterm ExamAns.docx
 

Recently uploaded

URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppCeline George
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesFatimaKhan178732
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17Celine George
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...M56BOOKSTORE PRODUCT/SERVICE
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Concept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfConcept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfUmakantAnnand
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Sakshi Ghasle
 

Recently uploaded (20)

URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website App
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Concept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfConcept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.Compdf
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
 

Project 7 Organization Security PlanChoose an organization from.docx

  • 1. Project 7: Organization Security Plan Choose an organization from the choices provided and prepare a security plan that provides security awareness policy using a security policy framework outline and according the Critical Infrastructure document which concentrates on the following integral keywords to cover the necessary elements of an organization security plan. These are: Identify, Protect, Detect, Respond, and Recover. The plan is a capstone of the work that you have accomplished in this course. You will use your outline to guide the outcome of the plan in addition to the keywords. The plan is an enterprise policy that includes the following considerations, analysis approach, and protections for the enterprise: · Identify threats and vulnerabilities. · Assign appropriate security controls to protect the infrastructure of the organization. · Prepare vulnerability scans and effective risk management protocols to ensure protections remain current and effective and detect any issues. · Initiate an incident response plan for responding to problems. · Develop a business continuity and disaster recovery plan to recover from interruptions in business whether manmade or geographical. This plan must be completed and submitted in MS Word format. Choose from one of the organizations below or request approval from your instructor via email for an alternate organization: • Department of Defense • Department of Homeland Security • General Dynamics Information Technology • JC Penney’s Corporate Office • University of Maryland • ITT Technical Institute • United States Marine Corp From the Critical Infrastructure document, align your
  • 2. organizational plan to reflect the intent of the document as follows from an excerpt taken from the document and ensure you read the document in its entirety: “The Framework complements, and does not replace, an organization’s risk management and cybersecurity program. The organization can use its current processes and leverage the Framework to identify opportunities to strengthen and communicate its management of cybersecurity risk while aligning with industry practices. Alternatively, an organization without an existing cybersecurity program can use the Framework as a reference to establish one. Just as the Framework is not industry-specific, the common taxonomy of standards, guidelines, and practices that it provides also is not country-specific. Organizations outside the United States may also use the Framework to strengthen their own cybersecurity efforts, and the Framework can contribute to developing a common language for international cooperation on critical infrastructure cybersecurity.” 1.1 Overview of the Framework The Framework is a risk-based approach to managing cybersecurity risk, and is composed of three parts: the Framework Core, the Framework Implementation Tiers, and the Framework Profiles. Each Framework component reinforces the connection between business drivers and cybersecurity activities. These components are explained below. • The Framework Core is a set of cybersecurity activities, desired outcomes, and applicable references that are common across critical infrastructure sectors. The Core presents industry standards, guidelines, and practices in a manner that allows for communication of cybersecurity activities and outcomes across the organization from the executive level to the implementation/operations level. The Framework Core consists of five concurrent and continuous Functions—Identify, Protect, Detect, Respond, Recover. When considered together, these Functions provide a high-level, strategic view of the lifecycle of an organization’s management of cybersecurity risk. The
  • 3. Framework Core then identifies underlying key Categories and Subcategories for each Function, and matches them with example Informative References such as existing standards, guidelines, and practices for each Subcategory. · Framework Implementation Tiers (“Tiers”) provide context on how an organization views cybersecurity risk and the processes in place to manage that risk. Tiers describe the degree to which an organization’s cybersecurity risk management practices exhibit the characteristics defined in the Framework (e.g., risk and threat aware, repeatable, and adaptive). The Tiers characterize an organization’s practices over a range, from Partial (Tier 1) to Adaptive (Tier 4). These Tiers reflect a progression from informal, reactive responses to approaches that are agile and risk-informed. During the Tier selection process, an organization should consider its current risk management practices, threat environment, legal and regulatory requirements, business/mission objectives, and organizational constraints. A Framework Profile (“Profile”) represents the outcomes based on business needs that an organization has selected from the Framework Categories and Subcategories. The Profile can be characterized as the alignment of standards, guidelines, and practices to the Framework Core in a particular implementation scenario. Profiles can be used to identify opportunities for improving cybersecurity posture by comparing a “Current” Profile (the “as is” state) with a “Target” Profile (the “to be” state). To develop a Profile, an organization can review all of the Categories and Subcategories and, based on business drivers and a risk assessment, determine which are most important; they can add Categories and Subcategories as needed to address the organization’s risks. The Current Profile can then be used to support prioritization and measurement of progress toward the Target Profile, while factoring in other business needs including
  • 4. cost-effectiveness and innovation. Profiles can be used to conduct self-assessments and communicate within an organization or between organizations. 1.2 Risk Management and the Cybersecurity Framework Risk management is the ongoing process of identifying, assessing, and responding to risk. To manage risk, organizations should understand the likelihood that an event will occur and the resulting impact. With this information, organizations can determine the acceptable level of risk for delivery of services and can express this as their risk tolerance. With an understanding of risk tolerance, organizations can prioritize cybersecurity activities, enabling organizations to make informed decisions about cybersecurity expenditures. Implementation of risk management programs offers organizations the ability to quantify and communicate adjustments to their cybersecurity programs. Organizations may choose to handle risk in different ways, including mitigating the risk, transferring the risk, avoiding the risk, or accepting the risk, depending on the potential impact to the delivery of critical services. The Framework uses risk management processes to enable organizations to inform and prioritize decisions regarding cybersecurity. It supports recurring risk assessments and validation of business drivers to help organizations select target states for cybersecurity activities that reflect desired outcomes. Thus, the Framework gives organizations the ability to dynamically select and direct improvement in cybersecurity risk management for the IT and ICS environments.” Your organization plan must be a comprehensive approach identifying the framework for enabling organizations to establish cybersecurity policy in the enterprise. Submit to your assignment folder by the due date assigned in your syllabus schedule.