Assignment
1. What are the definitions of a (security) risk assessment in the textbook and in Appendix B of NIST SP 800-53a? Which definition do you prefer? Why?
2. What is a security control? Give three examples of a security control, one each for a physical control, a technical control, and an administrative (people) control.
3. List the primary benefits of a security risk assessment. Which one do you think is the most important? Why?
4. If security spending is not based on a security risk assessment, how are spending priorities typically determined?
5. Why are security controls assessed?
6. How do the guidelines provided in NIST SP 800-53A help achieve more secure information systems?
NIST Special Publication: Assessing Security and Privacy Controls in Federal Information Systems and Organizations- Building Effective Assessment Plans.
Format your assignment according to the following formatting requirements:
1. The answer should be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides.
2. The response also include a cover page containing the title of the assignment, the student's name, the course title, and the date. The cover page is not included in the required page length.
3. Also Include a reference page. The Citations and references should follow APA format. The reference page is not included in the required page length.