HOC Cyber Security Profiles
Introduction
Cyber security profiles (System Security Plans or SSP) are an essential component within an organizational security program. An Organizations Cyber security profile references to information pertinent to the security of a system such as security issues, security controls, security categories to which the system belongs, and concern pertaining to the environment in which the system is installed. Cyber security profiles provides security administrators with essential information necessary to ensure that the proper countermeasures are in place for each system in order to maintain confidentiality, integrity and availability requirements of the organization as well as those that apply specifically to each system. HOC (Housing Opportunities of Montgomery County) maintains a security program designed to protect the highly technical and sensitive cliental information stored within their systems and networks. To ensure that each system within the organizations IT infrastructure is properly, securely configured and protected, Cyber Security Profiles must be implemented for each system in order to concisely document the required secure configuration of both the system and the environment in which the system is installed.
Analysis
1. Management Control
1.1 System and Services Acquisition Controls (SA)
System services and acquisition controls focus on the procurement and life cycle support for items acquired in order to conduct business. For HOC, items such as network devices, computer workstations, and WAN services, established during acquisition are covered by this management control.
1.1.1(SA-5) Information System Documentation
Information system documentation records the det...
... middle of paper ...
...nt. Cyber security profiles help tremendously by organizing security related information in a way that avoids confusion, facilitates coverage and essential understanding. These same profiles are also essential to certification and accreditation efforts as well as routine, periodic audits, as they facilitate communication between the auditors and the organization and ensure that an understanding of the systems, configurations, policies and procedures are in line with best practices and regulatory compliance.
References
NIST, (2006), FIPS Pub 200: Minimum Security Requirements for Federal Information and Information Systems, Retrieved from http://csrc.nist.gov/publications/fips/fips200/FIPS-200-final-march.pdf
NIST, (2013), National Vulnerability Database – Security Controls, Retrieved from http://web.nvd.nist.gov/view/800-53/class?controlClassName=Management
National Institute of Standards and Technology (NIST): Risk Management Guide for Information Technology Systems. Special Publication 800-30, 2002.
1.) (3 points) The US Computer Emergency Readiness Team (US-CERT) publishes what are called Technical Cyber Security Alerts and Vulnerability Notes and these documents alert users to potential threats to the security of their systems. Select a Technical Security Alert or Vulnerability Note published in the last twelve months that has a network related component to it and research the reported problem and the suggested solution (if one is available.) Analyze and describe the problem, and the solution paying close attention to the network related issues that it raises. We are interested in reading your analysis, and not a cut-and-paste of what is on the website. The listing of recent Technical Security Alerts can be found at: http://www.us-cert.gov/cas/techalerts/ and the listing of Vulnerability Notes is at http://www.kb.cert.org/vuls
"Computer Security Training, Network Research & Resources." SANS: Computer Security Training, Network Security Research, InfoSec Resources. Web. 17 Mar. 2011. .
Cyber security is the designing, creating, using, and repairing most technological and mechanical equipment. This includes programing and creating new technology before it is mass produced in order to insure safety and quality. It also cover the use of programs to protect and fix technological and mechanical equipment from malfunctions, viruses, and hackers. Lastly, cyber security includes the repairing and upkeep of most electronically designed systems. This job is important because most of today’s world is entirely made up of system that need to be protected, maintained, and constantly improved. This jobs needed in order to keep developed countries stable and able to keep developing,
Security helps the organization meet its business objectives or mission by protecting its physical and financial resources, reputation, legal position, employees, and other tangible and intangible assets through the selection and application of appropriate safeguards. Businesses should establish roles and responsibilities of all personnel and staff members. However, a Chief Information Officer should be appointed to direct an organization’s day to day management of information assets. Supporting roles are performed by the service providers and include systems operations, whose personnel design and operate the computer systems. Each team member must be held accountable in ensuring all of the rules and policies are being followed, as well as, understanding their roles, responsibilities and functions. Organizations information processing systems are vulnerable to many threats that can inflict various types of damage that can result in significant losses (Harris, 2014). Losses can come from actions from trusted employees that defraud the system, outside hackers, or from careless data entry. The major threat to information protection is error and omissions that data entry personnel, users, system operators and programmers make. To better protect business information resources, organizations should conduct a risk analysis to see what
This project must meet the requirements of DoD security policies and standards for delivery of the technology services. The first requirement we are to discuss is Federal Information Security Management Act (FISMA) which is a United States legislation that defines a comprehensive framework to protect government information, operations and assets against natural or man-made threats. FISMA assigned the National Institute of Standards and Technology (NIST), the responsibility of defining standards and security procedures to be followed and must be complied. There are nine processes NIST outlines to be in compliance with FISMA:
Hardware, software, support and maintenance costs grow each year with multiple systems in each local region running different types of software and hardware. The application and hardware support teams are larger than could be possible with one integrated solution.
Long term sustainment of new technology, especially in the face of rapid technological development, is a question defense contractors must answer prior to fielding. The Defense Acquisition Systems final phase, operation and support, “is considered to
Roberts, Richard M. "Network Secrurity." Networking Fundamentals. 2nd ed. Tinley Park, IL: Goodheart-Willcox, 2005. 599-639. Print.
Cybersecurity standards have recently been implemented to force organizations to maintain a safe environment and reduce the risk of cyber-attacks. Cyberspace is the “universe” for computers, and depending on how secure one’s system is could determine how well someone could maneuver through cyberspace. Cybersecurity is designed to find these intruders in unwanted areas, by placing barriers and obstacles. Of course cyberspace is an undefined area so it’s possible for people to get around and intrude into other networks.
The nation has become dependent on technology, furthermore, cyberspace. It’s encompassed in everything we deliver in our daily lives, our phones, internet, communication, purchases, entertainment, flying airplane, launching missiles, operating nuclear plants, and implicitly, our protection. The more ever-growing technology empower Americans, the more they become prey to cyber threats. The United States Executive Office of the President stated, “The President identified cybersecurity as one of the top priorities of his administration in doing so, directed a 60-day review to assess polices.” (United States Executive Office of the President, 2009, p.2). Furthermore, critical infrastructure, our network, and internet alike are identified as national assets upon which the administration will orchestrate integrated cybersecurity policies without infringing upon and protecting privacy. While protecting our infrastructure, personal privacy, and civil liberties, we have to keep in mind the private sector owns and operates the majority of our critical and digital infrastructure.
The good, the bad and the ugly. (2012). SC Magazine: For IT Security Professionals, 9. Retrieved from DeVry Library
Melford, RJ 1993, 'Network security ', The Internal Auditor, vol. 50, no. 1, p. 18.
The acquisitions process starts from obtaining the necessary raw materials to make a product and ends with the delivery of the product to the buyer. Acquisition and Supply Chain Management encompasses activities such as contract administration, product procurement and manufacturing, and logistics.
The first thing that we must consider about Information Security is that there is not a final destination at which we can arrive. IT Security is an ongoing set of processes and activities that requires attention and expertise on a daily basis. It is important to understand that systems are not secured by themselves and it is our responsibility to maintain and improve them periodically as required. It is of vital importance to establish the appropriate mechanisms and requirements in order to support the company’s CIA triad. The following report will provide you guidance about auditing and hardening techniques applied though the 7 Domains by utilizing IT Security Best Practices.