Assignment:
Part 1: Risk Assessment Policy
Locate and read the Risk Assessment Policy in the NIST Cybersecurity Framework Policy Template Guide. Research online for a real-world implementation example of the policy and compare the NIST policy template with the template side by side.
Answer the following questions clearly and systemically in this Word document. Make sure to include a References section toward the end of the document.
- The Risk Assessment Policy is implemented for which NIST function and sub-categories?
- Which organization is the implementation example you identified for? Which industry sector (e.g., education, government, etc.) is the organization in?
- What is the purpose of the example policy? Which party (parties) does the policy apply to? Who is/are responsible for implementing this policy?
- As compared to the NIST policy template, how is the example policy customized to fit the needs of the specific organization? Describe two occurrences of the customization in detail.
- If specified in the example policy, what criteria are defined to verify the organization's compliance to the policy? If not specified in the example policy, what are your recommendations?
Part 2: Access Control Policy
Locate and read the Access Control Policy in the NIST Cybersecurity Framework Policy Template Guide. Research online for a real-world implementation example of the policy and compare it with the NIST policy template side by side.
Answer the following questions clearly and systemically in this Word document. Make sure to include a References section toward the end of the document.
- The Access Control Policy is implemented for which NIST function and sub-categories?
- Which organization is the implementation example you identified for? Which industry sector (e.g., education, government, etc.) is the organization in?
- What is the purpose of the example policy? Which party (parties) does the policy apply to? Who is/are responsible for implementing this policy?
- As compared to the NIST policy template, how is the example policy customized to fit the needs of the organization? Describe one occurrence of the customization in detail.
- If specified in the example policy, what criteria are defined to verify the organization's compliance to the policy? If not specified in the example policy, what are your recommendations?
- If specified in the example policy, how frequent is the policy reviewed for potential modifications? If not specified in the example policy, what are your recommendations?