13 Aug Our company is an internationally recognized, award winning firm that specializes in rehabilitation and renovation of residential buildings and dwelling.
Our company is an internationally recognized, award winning firm that specializes in rehabilitation and renovation of residential buildings and dwelling. Our company has grown significantly over the years we have our main corporate office in Wilmington, Delaware and three others. One is located Philadelphia and two in Maryland; Baltimore, MD and Owings Mill, MD. We’re also aware that our CISO is utilizing the National Institute Standards and Technology (NIST) guidance document as a framework to implement Red Clay Renovations Information Security program. When it comes to protecting the company’s sensitive data it would be best to implement separate System Security Plans (SSP) for each office location.
Let’s look at what an SSP is. A System Security Plan (SSP) documents the controls that have been selected to mitigate the risk of a system. The controls are determined by the Risk Analysis and the FIPS 199. For Federal systems (which include all systems that are funded by Federal money) NIST SP 800-53 provides a catalog of controls with templates according to the FIPS 199 Low, Moderate or High category. The SSP lists important information about the system including the system owner, name of the system, and list of security controls selected for the system. Each control listing includes an enough description which would allow the system owner or an auditor to verify the effectiveness of that control (“What is a System Security Plan?”, 2019).
An overall risk analysis has been determined by the CISO which is required by law. This analysis has determined the company is in the moderate category as defined in the FIPS199/200 standards and NIST SP 800-53 Revision 4. This mean that if their any form of data breach to the company’s infrastructure it could have severe effects or on operations, assets, and people. Each security control at each location is not all cookie cutter so each site would require a different System Security Plan.
The different Red Clay Renovation office don’t have the same IT systems, process the same information, the same amount of personnel, or is subject to the same insider threats or natural disasters. All these factors need to be considered when implementation a System Security Plan. Another thing to remember when these changes are made it’s required that each location make sure these are updated annually and submitted to the CISO for review and approval (NIST 800-18r1, 2019) This would be a game changer overall for us to effectively implement plans to protect our company moving forward.
What is a System Security Plan?. (2019). Retrieved from https://www.uab.edu/research/administration/offices/OSP/FAQ/Pages/What-Is-System-Security-Plan.aspx
(2019). Retrieved from https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistsp…
Tags: science cybersecurity
Our website has a team of professional writers who can help you write any of your homework. They will write your papers from scratch. We also have a team of editors just to make sure all papers are of HIGH QUALITY & PLAGIARISM FREE. To make an Order you only need to click Ask A Question and we will direct you to our Order Page at WriteDemy. Then fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.
Fill in all the assignment paper details that are required in the order form with the standard information being the page count, deadline, academic level and type of paper. It is advisable to have this information at hand so that you can quickly fill in the necessary information needed in the form for the essay writer to be immediately assigned to your writing project. Make payment for the custom essay order to enable us to assign a suitable writer to your order. Payments are made through Paypal on a secured billing page. Finally, sit back and relax.