Overview – Every organization must create a cyber security profile (System Security Plan (SSP)) for all of its major and minor information systems. The cyber security profile documents the current and planned controls for the system and addresses security concerns that may affect the system’s operating environment. The cyber security profile includes security categorizations, security controls, and is included in the certification and accreditation package. For this project, you will create a sample cyber security profile describing the security posture of your selected organization.
Learning Objective – After completing this project, students will be able to 1) explain security categorizations, 2) explain management, technical, and operational controls, 3) provide examples of management, technical, and operational controls, and 4) create a security profile.
Media – Students will use the Internet and Microsoft Word. Students will use the NIST website. Students will use their selected organization’s information security program documentation. Students will use several NIST Special Publications.
Deliverable – Your sample cyber security profile should be at least three (3) full pages, double-spaced, 1-inch margins, New Times Roman 12-Pitch font, include a cover page (name, course number, date, title of paper) and a reference page. The cover page and reference page are not included in the three-page minimum. Papers not meeting the three full-page minimum will lose points. You must have at least three (3) sources, correctly formatted per APA guidelines. Submit your security profile the appropriate assignment area by the due date.
Detailed Description of Learning Activity
1. 2. Review the sample 800-53 System Security Plan template attached to this conference. This is a template an organization would use if it was doing a FULL security profile.
3. Select one management, one technical, and one operational control that applies to HHS (i.e., Risk Assessment – RA).
4. Describe each control. Include why these controls (and family controls) are required.
5. For each management, technical, and operational control, select two family controls (Vulnerability Scanning – RA-5).
6. Describe each family control, state the implementation status as it relates to HHS’s security program, and describe how your selected organization implements the control.
7. Write your sample cyber security profile. At a minimum, the profile should include:
a.) An introduction that includes the purpose of your paper and introduces security profiles as they relate to your selected organization.
b) An analysis section that includes items 3, 4, 5, and 6 above
c) A conclusion that summarizes what you wrote
8. Use Spell and Grammar Checker before submitting. It is also a good idea to have someone else read your paper. You should also review the below grading rubric to ensure you have all the graded components.
9. Submit the project to the appropriate TurnItIn assignment area by the due date AND post a comment in the WebTycho assignment area stating you uploaded your assignment to TurnItIn.
10. Use the MANDATORY template for this assignment. You will earn zero points if you do not use the template.