Do you need this or any other assignment done for you from scratch? We have qualified writers to help you. We assure you an A+ quality paper that is free from plagiarism. Order now for an Amazing Discount! Use Discount Code “Newclient” for a 10% Discount!
NB: We do not resell papers. Upon ordering, we do an original paper exclusively for you.
In the book, we saw a number of ways to treat unacceptable risk in an organizati
In the book, we saw a number of ways to treat unacceptable risk in an organization. One approach for risk treatment is the NIST Risk Management Framework (RMF) outlined in SP 800-30, 37, and 39. The purpose of this assignment is to apply the NIST RMF to a specific situation to see how it fits in an organization.
Before You Get Started
Use the following resources to complete the assignment:
NIST SP 800-30: Guide for Conducting Risk AssessmentsDownload NIST SP 800-30: Guide for Conducting Risk Assessments
NIST SP 800-39: Managing Information Security Risk: Organization, Mission, and Information System ViewDownload NIST SP 800-39: Managing Information Security Risk: Organization, Mission, and Information System View
NIST SP 800-37: Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and PrivacyDownload NIST SP 800-37: Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy
Instructions
Scenario
Our organization, Nadir Tools Inc., makes power tools, and although security is usually vigilant, the Sales team managed to bypass the normal process in purchasing to buy a large screen for a special presentation to potential customers. As a result, neither IT nor Security personnel were aware that a Wi-Fi enabled screen had been in the Sales Demo area for the last week until unusual network traffic coming from the screen was detected by a member of the networking team.
You have been tasked with applying the NIST Risk Management Framework to the whole situation. The CISO wants to figure out how to mitigate the current situation and also how the entire situation could have been avoided in the first place.
Please do the following:
Considering the mitigation process in the above scenario, pick the most relevant task from each of the Tables E-1 to E-7 on pages 145-138 of the NIST SP 800-37 document, and explain why the task you picked was the most relevant one from each table. You can make reasonable assumptions about the organizational structure of Nadir Tools Inc. and about its current security arrangements as long as you spell out your assumptions.
Explain which two tasks from these tables will be the most important as you come up with a plan for avoiding a repeat of the scenario in the future. What did you take into account when selecting these two tasks?
TIP The various steps of the NIST RMF are summarized in Tables E-1 to E-7 on pages 145-138 of the NIST SP 800-37 document. There are links that take you back to earlier parts of the document where the specific tasks are spelled out.
For example, on page 131 we see Table E-3, and when we click on the “Task S-1” link, we are taken to page 50 where this task is described in more detail. Clicking on the “Task S-2” link in Table E-3 on page 131 takes us to the description starting on page 51 and so on.
Additional Details
Format: Microsoft Word (or compatible)
Font: Arial, 12-point
Citation style: APA
Suggested length: At least 3 pages, which can vary depending on your presentation of the content
Evaluation
TIP Refer to the grading rubric attached to this assignment for further details.
Submit your work by the due date in the course calendar.
Rubric
Assignment: Risk Treatment
Assignment: Risk Treatment
CriteriaRatingsPts
This criterion is linked to a Learning OutcomeApply components of the NIST RMF to the mitigation process for an event.
15 to >12.0 ptsMeets Expectations
At least 7 tasks were chosen from the various steps of the NIST RMF and explained
12 to >3.0 ptsPartially Meets Expectations
Tasks were only partly explained or fewer than 7 were chosen.
3 to >0 ptsDoes Not Meet Expectations
No tasks were chosen or explained
15 pts
This criterion is linked to a Learning OutcomeApply components of the NIST RMF to prevent a repeat of the event
15 to >12.0 ptsMeets Expectations
At least 7 tasks chosen from the various steps of the NIST RMF and explained
12 to >3.0 ptsPartially Meets Expectations
Tasks were only partly explained or fewer than 7 were chosen
3 to >0 ptsDoes Not Meet Expectations
No tasks were chosen or explained
15 pts
Total Points: 30
Do you need this or any other assignment done for you from scratch? We have qualified writers to help you. We assure you an A+ quality paper that is free from plagiarism. Order now for an Amazing Discount! Use Discount Code “Newclient” for a 10% Discount!
NB: We do not resell papers. Upon ordering, we do an original paper exclusively for you.
