Vlt 2 Task 4 Essay

During SDLC phase one, the initiation phase, “the need for a system is expressed and the purpose of the system is documented” (NIST, 2008). Some of the expected outcomes from this phase would be a project plan and schedule; system performance specifications outlining the operational requirements, system design documents, and a document that defines roles and responsibilities. The corresponding RMF step, security categorization, establishes the foundation for security standardization among information systems and provides a vital step towards integrating security into the information system (NIST, 2008). During this step, the type(s) of information processed by the information system are identified and the information system is categorized to determine the level of protection requirements to put in place. Some of the expected outputs of this step include a security project plan and schedule, documented system boundary, the system categorization, and the security roles and responsibilities. These two process steps are very similar except the focus of RMF is on information security related functions. In some cases, SDLC produces the expected outputs that RMF requires, and the security professionals only require a copy of the documentation for their records. For example, the system design document often depicts the system boundary. The reason this step is so critical is that it

Technical controls involves the use of technology and expertise to mitigate risk. An administrator who installs and configures a firewall and IDS to prevent attacks on the network is implementing a technical security control. Management controls use planning and assessment ways to reduce risk. Conducing risk assessment, vulnerability assessment and penetration testing. Lastly. Operational controls are implement by people. Having awareness training and having a contingency plan is a way of implementing operation controls (Darril

Security-This is a sub-characteristic of the system’s functionality.It relates to the prevention of unauthorized access to the company’s confidential data by using dashboard software.

p. 10). Other controls include: Asset Classification and Control maintains an appropriate level of protection for all critical or sensitive assets. Communications and Operations Management reduces the risk of failure and its consequences by ensuring the proper and secure use of information processing facilities and by developing incident response procedures. Systems Development and Maintenance prevents the loss, modification, or misuse of information in operating systems and application software. Business Continuity Management develops the organization’s capacity to react rapidly to the interruption of critical activities resulting from failures, incidents, natural disasters, or catastrophes. Compliance ensures that all laws and regulations

FIPS PUB 199 Standards for Security Categorization of Federal Information and Information Systems is the current

The purpose of the system security plan (SSP) is to provide an overview of federal information system security requirements and describe the controls in place or planned to meet those requirements for the Department of Health and Human Services. Each SSP is developed in accordance with the guidelines contained in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-18, Guide for Developing Security Plans for Information Technology Systems, and applicable risk mitigation guidance and standards. Through

The framework of security policy is defined to construct a structure by the help of which policy gaps can be identified in an easy manner. A system specific policy would assist to ensure that all employees and management comply with the policies. This is also used to maintain the confidentiality for user authentication would assist in the confidentiality aspect of security, maintain integrity (There are several limiting rules or constraints which are distinct in the relational data model and whose work is to maintain the data’s accuracy and maintain its integrity.), availability and authenticity of the system. Access controls are a collection of mechanisms that work together to create security architecture to protect the assets of an information system. One of the goals of access control is personal accountability, which is the mechanism that proves someone performed a computer activity at a specific point in time. So, the framework acts as the guideline

This policy provides a framework for the management of information security throughout Cañar Networking organization. It applies to:

Other security elements are in reference to data recovery, database administration, handling a breach in security and administrative security policies such as access procedure, employee transfer and excessive user access. As I assume the role of the chief security officer, database designer, database administrator, and chief applications designer this project is very important to the armed services and the Virgin Islands National Guard as we strive to provide global security.

22. Which of the following features should not be there in an access control system?

in the form of rules. These are a first line of defense to inform users

The security plan is formulated to protect the information and important resources from a wide variety of potential threats. This will promote business continuity, reduce business risks and increase the return on investment together with business opportunities. The security of information technology is attained by executing a suitable set of control, efficient policies, processes, organization structures, software and the hardware. These given controls ought to be formulated, put into action, assessed, analyzed and developed for productivity, where necessary. This will allow the explicit security and business objectives of the United States Department of health and Human Services to be accomplished (Easttom, 2006, p.32).

Identification of controls already in place – including policies, firewalls, applications, intrusion and detection prevention systems, virtual private networks, data loss prevention and encryption.

A security administrator can look to the Information Technology- Code of Practice for Information Security Management, ISO 17799/BS 7799 as well as ISO 17799/BS 7799, the NIST Security Models including the SP 800-12, 14, 18, 26, and 30, and the VISA International Security Model are just a few of the established security frameworks available.

General Controls consist of implementation controls, software controls, hardware controls, computer operations controls, data security controls and administrative controls. These controls ensure that authorized user involvement as well as specific procedures and standards are followed, controlled and are properly managed to secure physical and electronic data.