SEC310 Project Module 6

.docx

School

DeVry University, Chicago *

*We aren’t endorsed by this school

Course

310

Subject

Information Systems

Date

Jun 18, 2024

Type

docx

Pages

3

Uploaded by BaronNeutronButterfly254

Student Name: Date: Part 1: Cyber Incident Response Standard Locate and read the Cyber Incident Response Standard in the NIST Cybersecurity Framework Policy Template Guide. Research online for a real-world implementation example of the standard/policy and compare it with the NIST policy template side by side. Answer the following questions clearly and systemically in this Word document. Make sure to include a References section toward the end of the document. 1. The Cyber Incident Response Standard is implemented for which NIST functions and sub- categories? [5 points] Answer: ID.SC-5 Response and recovery planning and testing are conducted with suppliers and third-party providers. 2. Which organization is the implementation example you identified for? Which industry sector (e.g., education, government, etc.) is the organization in? [5 points] Answer: Federal Bureau of Investigation (FBI) (government) 3. What is the purpose of the example standard/policy? Which party (parties) does the standard/policy apply to? Who is/are responsible for implementing this standard/policy? [5 points] Answer: This policy is to ensure that the FBI is prepared to respond to cyber incidents to protect state systems and classified data. The response standard applies to all Executive Branch agencies. 4. As compared to the NIST policy template, how is the example standard/policy customized to fit the needs of the organization? Describe two occurrences of the customization (e.g., incident triggering sources or incident types) in detail. [10 points] Answer: The FBI deploys an information services division that provides resources and support with reporting and handling of security incidents for users. 5. What criteria for forensic investigation are specified in the example standard/policy? [5 points] Answer: detection, analysis, containment, eradication, and recovery
Part 2: Personnel Security Policy Locate and read the Personnel Security Policy in the NIST Cybersecurity Framework Policy Template Guide. Research online for a real-world implementation example of the standard/policy and compare it with the NIST policy template side by side. Answer the following questions clearly and systemically in this Word document. Make sure to include a References section toward the end of the document. 1. The Personnel Security Policy is implemented for which NIST functions and sub-categories? [5 points] Answer: PR.AT-1 All users are informed and trained 2. Which organization is the implementation example you identified for? Which industry sector (e.g., education, government, etc.) is the organization in? [5 points] Answer: St. John’s University (education) 3. What is the purpose of the example policy? Which party (parties) does the policy apply to? Who is/are responsible for implementing this policy? [5 points] Answer: The purpose for the policy is to help safeguard the confidentiality of the university’s assets and to protect the confidentiality of its customers and personnel. 4. As compared to the NIST policy template, how is the example policy customized to fit the needs of the organization? Describe two occurrences of the customization in detail. [10 points] Answer: There is a security awareness, training and education program. Each employee must be part of a security mechanism and process during hiring and termination. 5. If specified in the example policy, what criteria are defined to verify the organization’s compliance to the policy? If not specified in the example policy, what are your recommendations? [5 points] Answer: The networks and systems are audited on a periodical basis to ensure compliance with the policy. All breaches, whether suspected or actual, must be reported to the director of information security. Failure to do so will result in disciplinary action.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help