Project #3: IT Security Controls Baseline for Red Clay Renovations Prepare a two-page briefing paper (5 to 7 paragraphs) for the senior leadership and corp

Project #3: IT Security Controls Baseline for Red Clay Renovations Prepare a two-page briefing paper (5 to 7 paragraphs) for the senior leadership and corporate board of Red Clay Renovations which addresses planning (what do we need to do?), programming (how will we do it?), and budgeting (how will we pay for it?) processes for IT security program management.

1. Use the company profile and enterprise architecture diagrams to identify five or more riskswhich require a financial investment. Financial investments should be categorized as: people investments, process investments, and/or technology investments.

Don't use plagiarized sources. Get Your Custom Essay on
Project #3: IT Security Controls Baseline for Red Clay Renovations Prepare a two-page briefing paper (5 to 7 paragraphs) for the senior leadership and corp
Get an essay WRITTEN FOR YOU, Plagiarism free, and by an EXPERT!
Order Essay

2. Choose one of the four strategies for reducing the costs associated with responding to cyberattacks from the Rand report (A Framework for Programming and Budgeting for Cybersecurity):

Minimize Exposure
Neutralize Attacks
Increase Resilience
Accelerate Recovery

3. Discuss how your selected strategy (make it clear which strategy you selected) can be used in the planning (what do we need to do?) and programming (how will we do it?) phases of budget preparation to identify less costly solutions for implementing technical, operational, and management controls.

Provide in-text citations and references for 3 or more authoritative sources. Put the reference list at the end of your posting. Project #3: IT Security Controls Baseline for Red Clay Renovations
To ensure compatibility with existing policy and documentation, Red Clay Renovations’ IT Security
policies, plans, and procedures will continue to use the following security control classes (management,
operational, technical), as defined in NIST SP 800-53 rev 3 (p. 6).
Security Controls Baseline
Red Clay Renovations Security Controls Baseline shall include the security controls listed below. Security
control definitions and implementation guidance shall be obtained from the most recent version of NIST
Special Publication 800-53, Security and Privacy Controls for Federal Information Systems and
Organizations.
1. AC: Access Controls (Technical Controls Category)
AC-1
AC-2
AC-3
AC-4
AC-5
AC-6
AC-7
AC-8
AC-11
AC-12
Access Control Policy and Procedures
Account Management
Access Enforcement
Information Flow Enforcement
Separation of Duties
Least Privilege
Unsuccessful Logon Attempts
System Use Notification
Session Lock
Session Termination
AC-1
AC-2 (1) (2) (3) (4)
AC-3
AC-4
AC-5
AC-6 (1) (2) (5) (9) (10)
AC-7
AC-8
AC-11 (1)
AC-12
AC-14
Permitted Actions without Identification or
AC-14
Authentication
AC-17
Remote Access
AC-17 (1) (2) (3) (4)
AC-18
Wireless Access
AC-18 (1)
AC-19
Access Control for Mobile Devices
AC-19 (5)
AC-20
Use of External Information Systems
AC-20 (1) (2)
AC-21
Information Sharing
AC-21
AC-22
Publicly Accessible Content
AC-22
2. AT: Awareness and Training (Operational Controls Category)
AT-1
AT-2
AT-3
AT-4
Security Awareness and Training Policy and
Procedures
Security Awareness Training
Role-Based Security Training
Security Training Records
AT-1
AT-2 (2)
AT-3
AT-4
3. AU: Audit and Accountability (Technical Controls Category)
AU-1
AU-2
AU-3
AU-4
AU-5
AU-6
AU-7
AU-8
AU-9
AU-10
AU-11
AU-12
Audit and Accountability Policy and Procedures
Audit Events
Content of Audit Records
Audit Storage Capacity
Response to Audit Processing Failures
Audit Review, Analysis, and Reporting
Audit Reduction and Report Generation
Time Stamps
Protection of Audit Information
Non-repudiation
Audit Record Retention
Audit Generation
AU-1
AU-2 (3)
AU-3 (1)
AU-4
AU-5
AU-6 (1) (3)
AU-7 (1)
AU-8 (1)
AU-9 (4)
Not Selected
AU-11
AU-12
4. CA: Security Assessment and Authorization (Management Controls Category)
CA-1
CA-2
CA-3
CA-5
CA-6
CA-7
CA-9
Security Assessment and Authorization Policies and
Procedures
Security Assessments
System Interconnections
Plan of Action and Milestones
Security Authorization
Continuous Monitoring
Internal System Connections
CA-1
CA-2 (1)
CA-3 (5)
CA-5
CA-6
CA-7 (1)
CA-9
5. CM: Configuration Management (Operational Controls Category)
CM-1
CM-2
CM-3
CM-4
CM-5
CM-6
CM-7
Configuration Management Policy and Procedures
Baseline Configuration
Configuration Change Control
Security Impact Analysis
Access Restrictions for Change
Configuration Settings
Least Functionality
CM-1
CM-2 (1) (3) (7)
CM-3 (2)
CM-4
CM-5
CM-6
CM-7 (1) (2) (4)
CM-8
CM-9
CM-10
CM-11
Information System Component Inventory
Configuration Management Plan
Software Usage Restrictions
User-Installed Software
CM-8 (1) (3) (5)
CM-9
CM-10
CM-11
6. Contingency Planning (Operational Controls Category)
CP-1
CP-2
CP-3
CP-4
CP-5
CP-6
CP-7
CP-8
CP-9
CP-10
Contingency Planning Policy and Procedures
Contingency Plan
Contingency Training
Contingency Plan Testing
Withdrawn
Alternate Storage Site
Alternate Processing Site
Telecommunications Services
Information System Backup
Information System Recovery and Reconstitution
CP-1
CP-2 (1) (3) (8)
CP-3
CP-4 (1)
–CP-6 (1) (3)
CP-7 (1) (2) (3)
CP-8 (1) (2)
CP-9 (1)
CP-10 (2)
7. IA: Identification and Authentication (Technical Controls Category)
IA-1
IA-2
IA-3
IA-4
IA-5
IA-6
IA-7
IA-8
Identification and Authentication Policy and
Procedures
Identification and Authentication (Organizational
Users)
Device Identification and Authentication
Identifier Management
Authenticator Management
Authenticator Feedback
Cryptographic Module Authentication
Identification and Authentication (Non-Organizational
Users)
IA-1
IA-2 (1) (2) (3) (8) (11) (12)
IA-3
IA-4
IA-5 (1) (2) (3) (11)
IA-6
IA-7
IA-8 (1) (2) (3) (4)
8. IR: Incident Response (Operational Controls Category)
IR-1
IR-2
IR-3
IR-4
IR-5
IR-6
IR-7
IR-8
Incident Response Policy and Procedures
Incident Response Training
Incident Response Testing
Incident Handling
Incident Monitoring
Incident Reporting
Incident Response Assistance
Incident Response Plan
IR-1
IR-2
IR-3 (2)
IR-4 (1)
IR-5
IR-6 (1)
IR-7 (1)
IR-8
9. MA: Maintenance (Operational Controls Category)
MA-1
MA-2
MA-3
System Maintenance Policy and Procedures
Controlled Maintenance
Maintenance Tools
MA-1
MA-2
MA-3 (1) (2)
MA-4
MA-5
Nonlocal Maintenance
Maintenance Personnel
MA-4 (2)
MA-5
10. MP: Media Protection (Operational Controls Category)
MP-1
MP-2
MP-3
MP-4
MP-5
MP-6
MP-7
Media Protection Policy and Procedures
Media Access
Media Marking
Media Storage
Media Transport
Media Sanitization
Media Use
MP-1
MP-2
MP-3
MP-4
MP-5 (4)
MP-6
MP-7 (1)
11. PE: Physical and Environmental Protection (Operational Controls Category)
PE-1
PE-2
PE-3
PE-4
PE-5
PE-6
PE-8
PE-9
PE-10
PE-11
PE-12
PE-13
PE-14
PE-15
PE-16
PE-17
Physical and Environmental Protection Policy and
Procedures
Physical Access Authorizations
Physical Access Control
Access Control for Transmission Medium
Access Control for Output Devices
Monitoring Physical Access
Visitor Access Records
Power Equipment and Cabling
Emergency Shutoff
Emergency Power
Emergency Lighting
Fire Protection
Temperature and Humidity Controls
Water Damage Protection
Delivery and Removal
Alternate Work Site
PE-1
PE-2
PE-3
PE-4
PE-5
PE-6 (1)
PE-8
PE-9
PE-10
PE-11
PE-12
PE-13 (3)
PE-14
PE-15
PE-16
PE-17
12. PL: Planning (Management Controls Category)
PL-1
PL-2
PL-4
PL-8
Security Planning Policy and Procedures
System Security Plan
Rules of Behavior
Information Security Architecture
PL-1
PL-2 (3)
PL-4 (1)
PL-8
13. PS: Personnel Security (Operational Controls Category)
PS-1
PS-2
Personnel Security Policy and Procedures
Position Risk Designation
PS-1
PS-2
PS-3
PS-4
PS-5
PS-6
PS-7
PS-8
Personnel Screening
Personnel Termination
Personnel Transfer
Access Agreements
Third-Party Personnel Security
Personnel Sanctions
PS-3
PS-4
PS-5
PS-6
PS-7
PS-8
14. RA: Risk Assessment (Management Controls Category)
RA-1
RA-2
RA-3
RA-5
Risk Assessment Policy and Procedures
Security Categorization
Risk Assessment
Vulnerability Scanning
RA-1
RA-2
RA-3
RA-5 (1) (2) (5)
15. SA: System and Services Acquisition (Management Controls Category)
SA-1
SA-2
SA-3
SA-4
SA-5
SA-8
SA-9
SA-10
SA-11
System and Services Acquisition Policy and Procedures
Allocation of Resources
System Development Life Cycle
Acquisition Process
Information System Documentation
Security Engineering Principles
External Information System Services
Developer Configuration Management
Developer Security Testing and Evaluation
SA-1
SA-2
SA-3
SA-4 (1) (2) (9) (10)
SA-5
SA-8
SA-9 (2)
SA-10
SA-11
16. SC: System and Communications Protection (Technical Controls Category)
SC-1
SC-5
SC-7
SC-8
SC-18
SC-19
SC-28
SC-39
System and Communications Protection Policy and
Procedures
Denial of Service Protection
Boundary Protection
Transmission Confidentiality
Mobile Code
Voice Over Internet Protocol
Protection of Information at Rest
Process Isolation
SC-1
SC-5
SC-7
SC-8
SC-18
SC-19
SC-28
SC-39
17. SI: System and Information Integrity (Operational Controls Category)
SI-1
SI-2
SI-3
SI-4
SI-5
SI-7
SI-8
SI-10
System and Information Integrity Policy and Procedures
Flaw Remediation
Malicious Code Protection
Information System Monitoring
Security Alerts, Advisories, and Directives
Software, Firmware, and Information Integrity
Spam Protection
Information Input Validation
SI-1
SI-2 (2)
SI-3 (1) (2)
SI-4 (2) (4) (5)
SI-5
SI-7 (1) (7)
SI-8 (1) (2)
SI-10
SI-11
SI-12
SI-16
Error Handling
Information Handling and Retention
Memory Protection
SI-11
SI-12
SI-16
18. PM: Program Management (Management Controls Family)
PM-1
PM-2
PM-3
PM-4
PM-5
PM-6
PM-7
PM-8
PM-9
PM-10
PM-11
PM-12
PM-13
PM-14
PM-15
PM-16
Information Security Program Plan
Senior Information Security Officer
Information Security Resources
Plan of Action and Milestones Process
Information System Inventory
Information Security Measures of Performance
Enterprise Architecture
Critical Infrastructure Plan
Risk Management Strategy
Security Authorization Process
Mission/Business Process Definition
Insider Threat Program
Information Security Workforce
Testing, Training, and Monitoring
Contacts with Security Groups and Associations
Threat Awareness Program
all
all
all
all
all
all
all
all
all
all
all
all
all
all
all
all

Purchase answer to see full
attachment

Quick Homework Essays
Calculate your paper price
Pages (550 words)
Approximate price: -

Why Work with Us

Top Quality and Well-Researched Papers

We always make sure that writers follow all your instructions precisely. You can choose your academic level: high school, college/university or professional, and we will assign a writer who has a respective degree.

Professional and Experienced Academic Writers

We have a team of professional writers with experience in academic and business writing. Many are native speakers and able to perform any task for which you need help.

Free Unlimited Revisions

If you think we missed something, send your order for a free revision. You have 10 days to submit the order for review after you have received the final document. You can do this yourself after logging into your personal account or by contacting our support.

Prompt Delivery and 100% Money-Back-Guarantee

All papers are always delivered on time. In case we need more time to master your paper, we may contact you regarding the deadline extension. In case you cannot provide us with more time, a 100% refund is guaranteed.

Original & Confidential

We use several writing tools checks to ensure that all documents you receive are free from plagiarism. Our editors carefully review all quotations in the text. We also promise maximum confidentiality in all of our services.

24/7 Customer Support

Our support agents are available 24 hours a day 7 days a week and committed to providing you with the best customer experience. Get in touch whenever you need any assistance.

Try it now!

Calculate the price of your order

Total price:
$0.00

How it works?

Follow these simple steps to get your paper done

Place your order

Fill in the order form and provide all details of your assignment.

Proceed with the payment

Choose the payment system that suits you most.

Receive the final file

Once your paper is ready, we will email it to you.

Our Services

No need to work on your paper at night. Sleep tight, we will cover your back. We offer all kinds of writing services.

Essays

Essay Writing Service

No matter what kind of academic paper you need and how urgent you need it, you are welcome to choose your academic level and the type of your paper at an affordable price. We take care of all your paper needs and give a 24/7 customer care support system.

Admissions

Admission Essays & Business Writing Help

An admission essay is an essay or other written statement by a candidate, often a potential student enrolling in a college, university, or graduate school. You can be rest assurred that through our service we will write the best admission essay for you.

Reviews

Editing Support

Our academic writers and editors make the necessary changes to your paper so that it is polished. We also format your document by correctly quoting the sources and creating reference lists in the formats APA, Harvard, MLA, Chicago / Turabian.

Reviews

Revision Support

If you think your paper could be improved, you can request a review. In this case, your paper will be checked by the writer or assigned to an editor. You can use this option as many times as you see fit. This is free because we want you to be completely satisfied with the service offered.

See all services