Discussions of Security Control Frameworks and Controlling the Uncontrollable

Anonymous
timer Asked: Jan 6th, 2018
account_balance_wallet $20

Question description

1. When performing a gap analysis, one must have an understanding of the desired future or "to be" state. For cybersecurity focused gap analyses, we frequently use IT security controls as the framework for describing the "to be" (or "should be") state. There are a variety of guidance documents which list and define sets of security controls.

If you look at multiple sources, e.g. NIST, SANS, CSIS, you will see that IT controls come in a variety of "flavors". Some sources use the People, Process, and Technology scheme to organize and define controls. Other sources define controls (safeguards) in terms of the phases of information security to which they apply (e.g, Preventive controls, Detective controls, Deterrent controls, Corrective controls (used in the Response or remediation phases)). A third framework which you used in earlier courses (CSIA 413) is "administrative or managerial, operational, and technical" controls.

Research and select a control grouping framework then populate the framework with some examples of the actual controls. Provide your rational as to why you selected your framework and identify an industry or industry vertical to which your framework is most applicable.


2. What four (4) IT security controls do you find the most important? Why? Do you consider anything related to process or policy a real or actual "safeguard?" Why? Why not?

Note: Use NIST SP 800-53 (http://nvlpubs.nist.gov/nistpubs/SpecialPublicatio...) as your source for security controls definitions for this discussion question.

Tutor Answer

Robert F
School: UT Austin

Please let me know if there is anything needs to be changed or added. I will be also appreciated that you can let me know if there is any problem or you have not received the work Good luck in your study and if you need any further help in your assignments, please let me know Can you please confirm if you have received the work? Once again, thanks for allowing me to help you R MESSAGE TO STUDYPOOL NO OUTLINE IS NEEDED AS IT IS A DISCUSSION

https://www.studypool.com/questi
ons/717094
by Robert F

Submission date: 10-Jan-2018 09:41PM (UT C-0500)
Submission ID: 901697178
File name: urity_Control_Frameworks_and_Controlling_the_Uncontrollable.docx (18.13K)
Word count: 549
Character count: 3363

https://www.studypool.com/questions/717094
ORIGINALITY REPORT

0

%

SIMILARIT Y INDEX

0%

0%

0%

INT ERNET SOURCES

PUBLICAT IONS

ST UDENT PAPERS

PRIMARY SOURCES

Exclude quotes

On

Exclude bibliography

On

Exclude matches

Of f


Running Head: SECURITY CONTROL ...

flag Report DMCA
Review

Anonymous
Totally impressed with results!! :-)

Similar Questions
Hot Questions
Related Tags

Brown University





1271 Tutors

California Institute of Technology




2131 Tutors

Carnegie Mellon University




982 Tutors

Columbia University





1256 Tutors

Dartmouth University





2113 Tutors

Emory University





2279 Tutors

Harvard University





599 Tutors

Massachusetts Institute of Technology



2319 Tutors

New York University





1645 Tutors

Notre Dam University





1911 Tutors

Oklahoma University





2122 Tutors

Pennsylvania State University





932 Tutors

Princeton University





1211 Tutors

Stanford University





983 Tutors

University of California





1282 Tutors

Oxford University





123 Tutors

Yale University





2325 Tutors