Assignment:
Many organizations are found purchasing, installing, and setting up services using out-of-the-box configurations and default settings. Research and briefly describe a current incident (within the past year) where an organization was exploited because of a lack in security best practices, updated patches, secure configurations, etc. What would you recommend organizations establish to ensure long-term protection of systems and applications?
Topic: Benchmark - Developing Enterprise Framework for a Security Program
Company name to use (Across the states bank).
Assessment Description
During this assignment, students will identify the laws or regulations an organization must adhere to, and map these specific controls within a framework to communicate and implement throughout the organization.
1. Access the "Company Profiles," located in the Class Resources.( Use"Across the States Bank")
2. Select a fictitious company to use for the duration of this course and create an associated abbreviation (e.g., Across the States Bank (ASB), Lopes Manufacturing (LM), or Pike's Peak Health Care (PPHC)).
3. For the company selected, research online or use Chapter of the textbook and identify, at minimum, two laws or regulations that include a set of standards the organization must implement to achieve compliance (i.e., PCI DSS, HIPAAHITECH, ISO/IEC 27001:2013, or NISPOM 5220.22).
4. Use the Appendix C in "Security and Privacy Controls for Federal Information Systems and Organizations," the two identified laws, and the "ITT-430 Developing Enterprise Framework Template," to map the various standards to the controls within the framework. Refer to the "ITT-430 Developing Enterprise Framework Example."
5. Map a minimum of two NIST controls per law or regulation. NIST 800-53 controls may duplicate across standards as shown in the Developing Enterprise Framework Example (see SC-13).
6. Complete at least 25 mappings.
7. In the "Notes" column, briefly explain the purpose that all three are trying to achieve. For example, the first row in the example is establishing a policy on risk assessment and the identification and management of threats and vulnerabilities.
8. Research and create a security program framework outline for your fictitious company that aligns to the mission and vision of the company. Your outline should include a table of contents; list the topics your company would need to address in order to resolve the many issues of its business.
9. In 500 to 750 words, explain your security framework outline and how it is specific to your company to include as appropriate cyber defense, security controls and network security. Explain why you chose to include your specific topics and how they will help to secure your companies interests long term.
10. Include at least two references outside of the required reading.
APA style is not required, but solid academic writing is expected.