PSU ISCP In Depth Model for Selecting Critical Security Controls White Paper
In this module, you explored selecting security controls as it relates to the Risk Management Framework used by the Federal Government to manage risk. The security control baselines address the security needs of a broad and diverse set of constituencies and are developed based on a number of general assumptions, including common environmental, operational, and functional considerations. The baselines also assume typical threats facing common information systems.
Imagine you are have been asked to brief your manager/CFO or CEO of your company (real or fictitious) about selecting security controls. Prepare a two- to three-page white paper describing how you selected and tailored a set of baseline controls based on the categorization of your company’s payroll system (or other information system real or fictional). Discuss the security controls you selected (at a high level – families) based on impact levels of each security objective: confidentiality, integrity and availability and your justification for each. (See NIST SP 800-53 Rev. 5, Chapter 3 for assistance).
Your white paper must be double-spaced, use a standard 12-point font and standard margins. At least two APA formatted in-text citations are required plus appropriate references must be listed. (Note: No wiki or blog references are allowed).
Your document should be free of spelling and/or grammatical errors