CSIA 485 Project #2 Detailed Assignment Description Using the case study and NIST SP 800-53, Identify and prioritize IT Security controls that should be implemented. Discuss any applicable US Government regulations/standards that apply to this organization (The organization is from Project 1) Step 1: Review the selected case study and describe at least10 issues related to security, interoperability, and operations. Step 2: Prioritize and articulate the selected requirements based on immediate need, security posture, complexity, resource availability, and cost. Step 3: Identify at least 4 applicable government regulations/ standards that govern how the requirements must be met, implemented, or measured. Provide rationale for why these are applicable. Step 4: Using NIST Special Publication 800-53 select at least 4 security controls that relate to these issues and describe how these controls enhance the security posture or facilitates the secure implementation of these requirements. The deliverable for this case study assignment will be a minimum 5 page, double-spaced paper using Times New Roman 12 font and APA style formatting for citations and references. It will also include a minimum of 5 references. The Title/Cover page, illustrations and references are not part of the page count but are required for the assignment. The grading rubric provides additional details as to what should be included in the paper. Your instructor may provide an APA style template to use for this paper.

    IT Refuge Moderate

    Issues Connected to Refuge, Interoperability, And Agencys

    Several outcomes bear been endow to be of august endanger to the rule and activities refuge of the bank. (1) There is a elder outcome with the explanation synod past it appears that there is a duplication of the refuge explanations. Referoperative attributoperative attributoperative attributoperative attributoperative attributoperative attributoperative perfect the crowd unquiet with explanation synod bear a representation, and a representation of the identical is garnerd in the rule which is duplicated in perfect advice centers and backups. Moderate-this-reason, in authenticationlessness a refuge explanation is past or the network is confused the bank succeed bear problems terminateing the representation of the refuge; they may be insufficient to arrival unfair advice (Camara et al., 2011). This is a explanation outcome environing the refuge of the bank advice past distrusted community may arrival the axioms in authenticationlessness they contrive to terminate the refuge explanations.

    (2) The portraiturers of the DRBCPs do referoperative attributoperative attributoperative attributoperative attributoperative attributoperative attributoperative bear the technical cognizance of how to the program. Moderate-this-reason, it succeed referoperative attributoperative attributoperative attributoperative attributoperative attributoperative attributoperative be of ample acceleration to be a bank. (3) The bank has referoperative attributoperative attributoperative attributoperative attributoperative attributoperative attributoperative coercionmulated rule policies and progresss to contrive the circumstance logging, and IDs portraitured to arrival the bank facilities. (4) There are bank portraiturers who bear privileged transcribe arrival rights whereby they are operative to qualify the circumstance logs on the evolution servers. This is a expressive endowigate to the bank refuge past anyundivided who can terminate arrival to the evolution servers can override the healthy rule and creator further mischief. (5) Axioms congeries in the network diagram is a explanation outcome to the network refuge of the bank. Congeries media that a representation of the identical axioms excluding garnerd in incongruous locations amid the rule (Camara et al., 2011). It gives symmetricality coercion the assaulters to fabricate arrival to the bank’s obscure advice.

    (6) The construction conducts a moderatetune of era antecedently they meaunmistakoperative and update their axioms centers. This could conclusion in refuge threats past the rules, and network conductors may never acquire whenever there is a refuge institution in the rule. (7) The DRBCP does referoperative attributoperative attributoperative attributoperative attributoperative attributoperative attributoperative bear a reanimation intention this media that it does referoperative attributoperative attributoperative attributoperative attributoperative attributoperative attributoperative bear reanimation points and era, moderate-this-reason, in authenticationlessness of rule contamination the bank succeed bear problems to recruit the axioms. The bank may endanger dignified advice and axioms in authenticationlessness of a auspicious assault. (8) The bank does referoperative attributoperative attributoperative attributoperative attributoperative attributoperative attributoperative bear disengaged pilotlines to reply to emergencies; there is no reanimation intention, and as-courteous it does referoperative attributoperative attributoperative attributoperative attributoperative attributoperative attributoperative bear a intention that can acceleration them to render the rule to normality in authenticationlessness of an assault on the rule. (9) Despite the bank having a backup intention coercion the daily activities, it may be insufficient to recruit the advice in authenticationlessness the backup is confused. It was referoperative attributoperative attributoperative attributoperative attributoperative attributableiced that the backup at undivided of the part mannering minority has constantly been feeble and the creator was obscure. (10) The IT official on integralegiance did referoperative attributoperative attributoperative attributoperative attributoperative attributoperative attributoperative appear to bear a compact rejoinder when he was asked environing it. This shows withdrawal of competent treatees to conduct wariness of the rule.

    Recommendations

    This minority succeed address recommendations on what the bank should do to better the refuge of the advice rules.

    It is so indulgent coercion the bank to update their rule and do endanger evaluation on the rule past it does referoperative attributoperative attributoperative attributoperative attributoperative attributoperative attributoperative clcontribute ample media and strive. The bank should improve advice refuge by creating progresss that can be followed to recruit axioms from the backup in authenticationlessness of a emergency (Krutz & Vines, 2010). They are doing a recommendoperative on doing a daily backup of the advice. The bank should clcontribute that perfect the rules portraiturers to bear a password that they succeed portraiture to verify themselves whenever they neglect to arrival axioms in the rule. The password should be kept as a obscure and portraiturers should be horrify from using the vile passwords. They should fix that the password is sound ample to prcircumstance the assaulters from hacking or guessing it.

    It is recommendoperative coercion the bank to rent refuge explanation contriver who succeed fix that the refuge explanations are fasten and simply the identified personnel can arrival them. The super accounts should be deactivated or deleted to negative crowd with choleric intentions a befoulment to assault the rule with equitoperative a uncompounded click (Mell & Grance, 2011). The bank should endow in inoculation sessions and seminars to nurture the treatees on the best habits to observe a exalted raze of advice refuge. The IT officials under obligation coercion rule refuge should be assessed to meaunmistakoperative their power. Eliminate the uncompetent workers and rent competent and operative candidates using the rule hiring progress of the bank. The IT officials should mould unmistakoperative that the scheduled backups are auspicious and the advice in the backup is referoperative attributoperative attributoperative attributoperative attributoperative attributoperative attributoperative confused. Advocate coercion perfect the rule portraiturers to permanently delete any excessive axioms in the rule.

    The Synod Refuge Regulations

      • The constructions must mould a narration on their advice rules full-year.
      • The valueing and rate of the rules threats should be a symmetricalityic habit to be operative to demonstrate choleric activities (Kaufman, 2009).  
      • The narration should be accompanied by endanger evaluation, refuge intention, and emergency reanimation intention. These policies are so ample applicoperative to the consecrated scenario of the bank which does referoperative attributoperative attributoperative attributoperative attributoperative attributoperative attributoperative do symmetricalityic rates and updates (Kaufman, 2009).
      • If the bank can incorporate the symmetricalityic update policies and annual narrationing, it would be so indulgent coercion it to contrive the loopholes in their refuge rule (Ross et al., 2005).

    The Synod Refuge Pilotlines

    The synod has stated the stint rules of refuge claimments coercion any construction following their not attributable attributableification. According to NIST proper not attributable attributableification, the United States synod has plain pilotlines to back constructions in this the authenticationlessness the bank, terminate fasten rules.

    • The constructions should produce a further reusable, uniform, and comparoperative symmetricality of determining and selecting refuge meaunmistakoperative coercion the advice rules (Ross et al., 2005).
    • The synod has coercionmal pilotlines and techniques to be portraitured to assess the power of the refuge values that bear been incorporateed by any construction.
    • The synod agents consultation the properist who is under obligation coercion observeing the refuge of the rule. This succeed meaunmistakoperative their power and determine whether they are competent coercion the drudgery.
    • State searchs the advice refuge policies and observes the agencys connected to refuge of the rule. By doing so, the bank would bear been compelled to do symmetricalityic updates and endanger rate.  The sequence is to awaken, value, and search the fastidious aspects of axioms refuge in the rule agency, hardware, firmware and the software.
    • The bank should propagate a ductile and stoperative classificationatize of refuge values which the construction should incorporate to coalesce the confer-upon refuge claimments of the construction and the coming demand coercion refuge depending on the dynamic erection of the technology and claimments.
    • The bank should propose a platform coercion the coercionmation of evaluation techniques and progress coercion demonstrateing the energy of the refuge values.

    NIST Refuge Moderates

    Below are some the synod advice refuge Acts that bear been stated to moderate the protection of advice in constructions.

    • FISMA (Federal Advice Refuge Synod Act) is undivided of unfair synod refuge moderate values which map assured refuge delineation in correspondence with NIST not attributable attributableification moderate values which fix ductility, power, and restness.
    • CP-1 is authenticationlessness intentionning which handles the whole of pilotlines and policies that fix causative deed of point refuge values and improvements.
    • Synod Performance and Conclusions Act (GPRA)
    • Clinger-Cohen Act and Synod Paperwork Elimination Act.
    • They perfect contribute at ensuring that construction’s advice rules are fasten.

    Coercion fasten axioms rules, constructions are reckoned to comply with the refuge rules coercionmal by NIST amid twelve months past their not attributable attributableification. NIST coercionmulates the rules coercion axioms mannering which are then attested by the trade obscureary. The refuge moderate values are classificationatizeified into synod, technical and agencyal to indulgent the perfect manner of advice refuge. The erection of refuge moderate is middle of the coerce, improvement and the coerce minority.

    Figure 2- Endanger Synod Model

    (Source: Ross et al., 2005)

    Figure 2 shows the activities implicated in the endanger synod intention of NIST and the refuge values and rules that should be incorporateed coercion full life. Here are a lacking of the improvements that the bank can work to fix axioms log refuge in the rule.

    • The axioms rule of the bank should bear the power to subjoin the audit advice from uncertain components of the rule and garner them in a rule-wide unitedly with the era that they happened. This succeed acceleration rule conductor of the bank to mentor activities in the rule thus comely indulgent to demonstrate choleric activities (Ross et al., 2005).
    • The rule should as courteous bear the cappower to moderate the auditoperative circumstances by the incongruous rule components.
    • It is recommendoperative coercion the bank to revisal and update constantly the chronicles of the auditoperative circumstances that bear been defined by the bank. These moderate values acceleration to demonstrate the outcomes of refuge institution and the actions that should be conductn to explain the endowigates.
    • The bank should propagate, distribute and update constantly rule policies that succeed husband arrival moderate to unfair advice.
    • It should as-courteous circulate progresss that succeed improve the deed of the plan associated with synod of advice arrival. This plan can be incorporated into the construction’s plan coercion axioms refuge and coercion unfair axioms rules where requisite.
    • The bank can contrive the portraiturer accounts by deactivating, removing and stagnation the accounts that are confused or the undivideds that are referoperative attributoperative attributoperative attributoperative attributoperative attributoperative attributoperative in portraiture (Ross et al., 2005). Fix to cendanger the meaunmistakoperative accounts past they bear privileged rights that can override the perfect rule.
    • The rule should word the rights accorded to the super accounts and as-courteous treat strategies that succeed perfectow simply the identified community. The axioms rules should portraiture simply the cemal authorizations to moderate the issue of axioms in the bank’s rule.

    References

    Camara, S., Crossler, R., Midha, V., & Wallace, L. (2011). Teaching Authenticationlessness: Bank Solutions Disaster Reanimation and Business Continuity: A Authenticationlessness Study coercion Business Students. Journal of Advice Rules Education, 22(2), 117.

    Kaufman, L. M. (2009). Axioms refuge in the earth of outvie computing. IEEE Refuge & Privac Krutz, R. L., & Vines, R. D. (2010). Outvie refuge: A all pilot to fasten outvie computing. Wiley Circulateing.y, 7(4).

    Krutz, R. L., & Vines, R. D. (2010). Outvie refuge: A all pilot to fasten outvie computing. Wiley Circulateing.

    Mell, P., & Grance, T. (2011). The NIST specification of outvie computing.

    Ross, R., Katzke, S., Johnson, A., Swanson, M., Stoneburner, G., Rogers, G., & Lee, A. (2005). Recommended Refuge Moderates coercion Federal Advice Rules (Final open draft; NIST SP 800-53). National Institute of Rules and Technology Gaithersburg.