Please Complete 7 & 8. 7 is partially completed.
Introduction:
Organizations commit to cybersecurity by way of a policy – this is how the organization describes the “law” of the organization. Policies generally do not include “how” something should be implemented, just the overall commitment (the Acceptable Use is an exception to this overall rule). In later assignments, we will be describing internal standards, which would indeed describe the details of “how.”
[AC-7] Unsuccessful Login Attempts: must enforce a limited of consecutive unsuccessful login attempts, and automatically locks the user account for a period of time until unlocked via established authentication methods, detailed in the internal standard.
or
[AC-11] Device Lock: must prevent further access to the system by initiating a device lock after a period of inactivity and retain the device lock until the user reestablishes access using established identification and authentication procedures, detailed in the internal standard.
Note that the timings and number of times unsuccessful login attempts are not listed in a policy – these would be detailed in the internal standard.
Completion Instructions:
Section 7 of the Cyber Security Program document will contain 4 policies.
7) Policies – complete this section by providing 4 complete policies, using the template you created for the DB in this module.
Policies
Acceptable Use Policy (use what you did for the DB – and put it in the template format – you will have to add to it as the DB did not include all sections of the template). (Already Complete!!)
Asset Management Policy – This is mostly provided for you by way of an example. You should complete the blank sections.
Access Control Policy – leverage NIST 800-53r5, the Access Control family, for inspiration. There should be at least 8 policy clauses included (2 examples are provided above as examples, you can use them)
Risk Management Policy – leverage NIST 800-53r5, the Risk Assessment family, for inspiration. There should be at least 5 policy clauses included
Additional Policies
NAME at least 8 additional policies that should be created to support the organization.
Note – this is just the NAME of the policy – you do not have to create these policies.
You can list policies based on the aligned standard, such as from NIST. You may choose policies such as “Audit and Accountability” – or If you want to be more direct, policies like “Password Policy” is fine as well, or a combination of both. Ensure that your polices cover most, if not all of the landscape of the common security controls areas.
Completion
Each week, more content will be added to it, you will always turn in the entire document each time. There are additional notes and comments on the template, remove them as you move through the completion of the template. For example, for the sections due this week, all of the comments, notes, and suggested text should be removed for those sections.
Introduction:
Determining the controls that are to be implemented is an important step to ensure that data is secure.
Completion Instructions:
There are 2 sections to complete in your program document for this module. The first is a table that reflects the information assets that need to be secured, and the second is to describe the controls that should be implemented.
8. Security Controls
Information Assets that Require Protection: There is a table within the program document that requires completion. The table is driven by the Information Assets that are within the Bank. The asset needs to be described, and the system classification identified. The information assets are already provided for you based on the initial given material, but you can add to them as you wish.
Information or Information Asset (name)
How needed by business or mission
System Classification
Email
For communication…
“Confidential”
Bank Office ERP
MYBANK Platform
Security Controls Aligned to Information Assets:
This section details the security controls that are implemented or planned to be implemented. We do this by starting with a category of control, and then identifying what should be put into place to protect the information asset.
Reference Enterprise Cybersecurity Architecture Categories
System Administration
Network Security
Application Security
Endpoint, Server, and Device Security
Identity, Authentication and Access Management
Data Protection and Cryptography
Monitoring, Vulnerability and Patch Management
High Availability, Disaster Recovery, and Physical Protection
Incident Response
Asset Management and Supply Chain
Policy, Audit and Training
In addition to the requirements and data that have been indicated above, these are additional requirements that have been derived to better protect the data described above.
Security Requirement: What is the requirement, can be as simple as “Confidentiality, Integrity, or Availability”, multiple of those or others.
System or Security Control Implemented (category) – From the list of 11 areas above, include the 1 or 2 key architecture implementations that will provide security control (or more if applicable).
Control, Tool or Technology – Can be description of a control, a name-brand tool or generic technology approach. These can be re-used for multiple information system assets – where the same tool will protect multiple assets. It is OK to leverage what you put in the DB.
Information or System that is being protected
Security Requirement
System or Security Control Implemented (category)
Control, Tool or Technology
Email
Confidentiality
Integrity
1. Identity, Authentication and Access Management
2. Data Protection and Cryptography
1. Password Authentication
2. Encrypted session to email when using Web
3. Multi-factor authentication
Bank Office ERP
Confidentiality
Integrity
Availability
MYBANK Platform
LEGACY BANK Application
Submission Instructions:
Each week, more content will be added to it, you will always turn in the entire document each time. There are additional notes and comments on the template, remove them as you move through the completion of the template. For example, for the sections due this week, all of the comments, notes, and suggested text should be removed for those sections.
Please Complete 7 & 8. 7 is partially completed. Introduction: Organizations com
Struggling With a Similar Paper? Get Reliable Help Now.
Delivered on time. Plagiarism-free. Good Grades.
What is this?
It’s a homework service designed by a team of 23 writers based in Carlsbad, CA with one specific goal – to help students just like you complete their assignments on time and get good grades!
Why do you do it?
Because getting a degree is hard these days! With many students being forced to juggle between demanding careers, family life and a rigorous academic schedule. Having a helping hand from time to time goes a long way in making sure you get to the finish line with your sanity intact!
How does it work?
You have an assignment you need help with. Instead of struggling on this alone, you give us your assignment instructions, we select a team of 2 writers to work on your paper, after it’s done we send it to you via email.
What kind of writer will work on my paper?
Our support team will assign your paper to a team of 2 writers with a background in your degree – For example, if you have a nursing paper we will select a team with a nursing background. The main writer will handle the research and writing part while the second writer will proof the paper for grammar, formatting & referencing mistakes if any.
Our team is comprised of native English speakers working exclusively from the United States.
Will the paper be original?
Yes! It will be just as if you wrote the paper yourself! Completely original, written from your scratch following your specific instructions.
Is it free?
No, it’s a paid service. You pay for someone to work on your assignment for you.
Is it legit? Can I trust you?
Completely legit, backed by an iron-clad money back guarantee. We’ve been doing this since 2007 – helping students like you get through college.
Will you deliver it on time?
Absolutely! We understand you have a really tight deadline and you need this delivered a few hours before your deadline so you can look at it before turning it in.
Can you get me a good grade? It’s my final project and I need a good grade.
Yes! We only pick projects where we are sure we’ll deliver good grades.
What do you need to get started on my paper?
* The full assignment instructions as they appear on your school account.
* If a Grading Rubric is present, make sure to attach it.
* Include any special announcements or emails you might have gotten from your Professor pertaining to this assignment.
* Any templates or additional files required to complete the assignment.
How do I place an order?
You can do so through our custom order page here or you can talk to our live chat team and they’ll guide you on how to do this.
How will I receive my paper?
We will send it to your email. Please make sure to provide us with your best email – we’ll be using this to communicate to you throughout the whole process.
Getting Your Paper Today is as Simple as ABC
No more missed deadlines! No more late points deductions!
You give us your assignments instructions via email or through our order page.
Our support team selects a qualified writing team of 2 writers for you.
In under 5 minutes after you place your order, research & writing begins.
Complete paper is delivered to your email before your deadline is up.
Want A Good Grade?
Get a professional writer who has worked on a similar assignment to do this paper for you