Cybersecurity Framework Assessment Description Implement a security framework to identify and close gaps between an organization’s current cybersecurity st

Cybersecurity Framework Assessment Description
Implement a security framework to identify and close gaps between an organization’s current cybersecurity status and its target (future) cybersecurity status. Make sure to align to an appropriate regulation (e.g., PCI DSS, HIPAA, SOX, GLBA). In CYB-650, the NIST Cybersecurity Framework was utilized, and therefore it cannot be utilized for this assignment.
Develop a report that addresses the following:
Organizational Objectives and Priorities

Current Framework Compliance Status: Describe the current cybersecurity environment, such as processes, information, and systems directly involved in the delivery of services. Describe the current risk management practices, threat environment, legal and regulatory requirements, business/mission objectives, and organizational constraints using the framework identified. Include a diagram related to the common workflow of information and decisions at the major levels within the organization.
Future Cybersecurity Policy Implementations: Describe the critical cybersecurity needs that should be in place to ensure compliance with the appropriate regulation (e.g., PCI DSS, HIPAA, SOX, GLBA) and then prioritize organizational efforts, business needs, and outcomes.

Operational Compliance and Risk Assessment

Cybersecurity Risk Assessment: Describe the likelihood of risks occurring and the resulting impact. Identify threats to, and vulnerabilities of, those systems and assets. Express risks both internally and externally. Determine the acceptable level of risk (risk tolerance). Describe the response to the risk. Describe how identified risks are managed and resolved. Include an Organizational Risk Assessment Chart.
Privacy Risk Management: Describe how the business is integrating privacy laws and regulations, prioritizing, and measuring progress.
Compliance Gaps: Describe the type of audits that should be performed in order to keep a consistent measure of risk. Determine what type of gap analysis should be performed in order to properly identify the security elements and variables within the environment that pose the most risk. Formulate a cybersecurity governance strategy that establishes mitigation plans to achieve security objectives.
Web Portal Diagram: Create a web portal data flow diagram of the hypothetical organization’s operational environment using Visio or similar diagramming software. Within the web portal data flow diagram, students will show how the web portal is compliant. The web portal data flow diagram must: a) Display the organization’s technical requirements (related and unrelated applications, services, and links); b) display the compliance of associated servers, routers, access-control components, data storage, internal and external data communication, data backup, e-mail servers, and so forth; c) identify related systems and assets, regulatory requirements, and overall risk approach; and d) demonstrate each IT task to the next as aligned to regulations/compliance (e.g., start with the user logging in, and then go through each step and how it is validated.

APA style is not required, but solid academic writing is expected.

Refer to “CYB-690 Cybersecurity Framework Scoring Guide,” prior to beginning the assignment to become familiar with the expectations for successful completion. CYB- 690 Cybersecurity Framework Scoring Guide

Performance Level Ratings

Meets Expectations

Performance consistently met expectations in all essential areas of the assignment criteria, at times possibly exceeding expectations, and the quality of work overall was very good. The most critical goals were met.

Near Expectations

Performance did not consistently meet expectations. Performance failed to meet expectations in one or more essential areas of the assignment criteria, one or more of the most critical goals were not met.

Below Expectations

Performance was consistently below expectations in most essential areas of the assignment criteria, reasonable progress toward critical goals was not made. Significant improvement is needed in one or more important areas.

Criteria

Below Expectations

Near Expectations

Meets Expectations

Earned

The student accurately implements a cybersecurity framework to:

Comprehensively describe the current framework compliance status to include:

· The cybersecurity environment, such as processes, information, and systems directly involved in the delivery of services

· The current risk management practices, threat environment, legal and regulatory requirements, business/mission objectives, and organizational constraints

· A diagram of the common workflow of information and decisions at the major levels within the organization

0 pts – 6 pts

7 pts – 9 pts

10 pts

Comprehensively describe the future cybersecurity policy implementations to include:

· The critical cybersecurity needs that should be in place to ensure compliance with the appropriate regulation (e.g., PCI DSS, HIPAA, SOX, GLBA)

· The prioritized organizational efforts, business needs, and outcomes

0 pts – 9 pts

10 pts – 14 pts

15 pts

Comprehensively describe the organization’s cybersecurity risk assessment to include:

· The likelihood of risks occurring and the resulting impact

· Threats to, and vulnerabilities of, those systems and assets

· The risks internally and externally

· The acceptable level of risk (risk tolerance), response, management, and resolution

· An Organizational Risk Assessment Chart

0 pts – 6 pts

7 pts – 9 pts

10 pts

Comprehensively describe how the business is integrating privacy laws and regulations, prioritizing, and measuring progress

0 pts – 2 pts

3 pts – 4 pts

5 pts

Comprehensively describe compliance gaps to include:

· The type of audits that should be performed in order to keep a consistent measure of risk

· The type of gap analysis to be performed A cybersecurity governance strategy that establishes mitigation plans to achieve security objectives

0 pts – 6 pts

7 pts – 9 pts

10 pts

Create a web portal data flow diagram of the hypothetical organization’s operational environment The web portal data flow diagram must:

· Display the organization’s technical requirements (related and unrelated applications, services, and links).

· Display the compliance of associated servers, routers, access-control components, data storage, internal and external data communication, data backup, e-mail servers, and so forth

· Identify related systems and assets, regulatory requirements, and overall risk approach.

· Demonstrate each IT task to the next as aligned to regulations/compliance.

0 pts – 6 pts

7 pts – 9 pts

10 pts

Prose is largely free of mechanical errors. The writer uses a variety of effective sentence structures, figures of speech, and industry terminology.

0 pts – 2 pts

3 pts – 4 pts

5 pts

TOTAL

/65

Instructor Feedback

Submit a Comment

Open chat