Which I believe is one of the most important aspects of a security system.
Discussion
.
Respond to two colleagues (BELOW): (Half a page each and provide each reference separately)
Discussion Topic
The NIST Cybersecurity framework is often used as a foundation for organizations to measure their security program readiness. Name three controls/sub-controls for computer and for cyber forensic considerations that support the protections needed. Provide a rationale for your selection
Post from colleague 1
Hello and good morning!
NIST security controls are broken down into three different categories based on what is needed, and the organization as well. These three categories are low, moderate, and high as well as being split into a number of different families, 18 to be exact. According to the NIST SP 800-53 these 18 different families are currently listed and all of them can affect an organization differently, but which ones do I see as being the most important? Well for me I chose these three.
-Access Control
-Awareness and Training
-Planning
Now not necessarily in that order but I chose these three for a few different reasons. The first of which I wanna talk about, Awareness and Training. Recently I can recall working for companies and receiving the training on phishing and insider attacks, having a well educated and trained workforce can save the company money because of their risk of an attack whether accidental or not goes way down. By training the workforce, for instance, you wouldn’t have someone clicking a link that they shouldn’t have.
The next is Access Control a very important one to also limit the breadth of an attack, at least from someone inside. By limiting what an employee can access and how deep they can go in the system means that if there was a leak of information from a low-level employee there’s a chance that the information wouldn’t be as damaging, and the company would be able to trace who accessed the information, and when.
Lastly, we have Planning. Which I believe is one of the most important aspects of a security system. You have to know what an organization is going to have, what they currently have, and what they had in the past that worked and didn’t work for them. Knowing that an organization is going to grow and move in one direction means that the security system can already be prepared to handle the changes necessary to keep it secure.
Post from colleague 2
National Institute of Standards and Technology Special Publication 800-53 “provides a catalog of controls that support the development of secure and resilient federal information systems. These controls are the operational, technical, and management safeguards used by information systems to maintain the integrity, confidentiality, and security of federal information systems.”
The three main classes of security controls are low-impact, moderate-impact, and high-impact. From there, these controls are split into several families or sub-controls. Three sub-controls that support safeguards needed by an organization are access control, awareness and training, and risk assessment. These three sub-controls protect the company from insider, outside, and self-inflicted threats, respectively. Access control prevents those unauthorized persons from gaining entry to physical and logical information systems. This can be any form of locks, gates, passwords, two-factor authentication, and much more. Awareness and training can thwart insider threats. If employees are knowledgeable and held accountable in the role, they play to protect information system then this could reduce simple mistakes. For example, an employee should know not to share or write down passwords with other associates of the company. Risk assessments allows the company to take a moment for self-evaluation. Keeping track of what needs to be updated and what needs to be removed or improved can help protect against exploits and attacks. These three sub-controls are not the only sources of protection. I chose these because they are some important controls that I work with everyday and I’ve seen the impact first-hand.
References:
https://digitalguardian.com/blog/what-nist-sp-800-53-definition-and-tips-nist-sp-800-53-compliance
Collepals.com Plagiarism Free Papers
Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.
Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS
Why Hire Collepals.com writers to do your paper?
Quality- We are experienced and have access to ample research materials.
We write plagiarism Free Content
Confidential- We never share or sell your personal information to third parties.
Support-Chat with us today! We are always waiting to answer all your questions.
