Description
See attached asignment instructions.
Unformatted Attachment Preview
Mitigation and Controls
Having established the exposures that are represented by risks, your task moves to reduce the
probability of occurrence and the impact should there be an occurrence. Reducing both or eliminating
one implies that the risk is neutralized. Your criticality rating together with the risk determination will
lead to a prioritization of the most important areas demanding maximum protection.
You attempted mitigation to reduce risks, and you would do so in important areas as the first priority.
You would break down mitigation as a process of avoiding exposure to threats or by not establishing
vulnerabilities. Controls are frequently viewed as methods of preventing a threat establishing a
foothold, thereby not enabling a risk.
Any control or procedure will make use of specific security plans to achieve a safe outcome. NIST
provides copious details that are important and relevant to C&A. The increased adoption and relevance
of the risk management framework (RMF) by extended areas within the federal government has
changed the nature of C&A practices in many areas. Add to that the adjustments resulting from cloud
computing, and you find that C&A has changed significantly—even though there are few comprehensive
publications. The reason for this is that the renewal in cloud computing and the RMF are garnering
attention, while the integrated nature of C&A receives less focus. It is important for you to synthesize
the different influences provided within this course. Anchor yourself in the textbook and synthesize
important shifts by integrating the articles.
Be sure to review this week’s resources carefully. You are expected to apply the information from these
resources when you prepare your assignments. In addition, notice the linkage back to risk and the
forward-looking links to processes and procedures next week.
Assignment: Select Appropriate Mitigation Options and Controls
REFERENCE
•
•
•
•
•
Official (ISC)2 guide to the CAP CBK (2nd ed.).
CIO Council & Chief Acquisition Officers Council. (2012). Creating
effective cloud computing contracts for the federal government:
Best practices…
Granneman, J. (2013). FEDRAMP: Auditing cloud service
providers. Information Security, 15(5), 25-29.
National Institute of Standards and Technology. (2002). NIST
special publication 800-47: Security guide for interconnecting
information technology….
National Institute of Standards and Technology. (2015a). NIST
special publication 800-53 revision 4: Security and privacy
controls for federal…..
•
National Institute of Standards and Technology. (2017). Draft
NIST special publication 800-53 revision 5: Security and privacy
controls for…
.
Instructions
Having recognized risk, you must consider responses and how you can defend against those
risks. The selection of appropriate methods to reduce or eliminate both the impact and
probability of a loss requires actions at both technical and human levels. Your focus this week
includes mitigation and, especially, controls. Because of the integrated nature, you will have
noticed the need to go back and forth between the different areas. Your learning also requires
you to go across the boundaries because of the linkage between C&A, risk, mitigation, and
controls. For this week’s assignment, create a single assignment with one introduction,
conclusion, and reference list. Between the introduction and conclusion, provide clear
headings to identify each of the two parts (control, mitigation) that you need to address for
this assignment.
For this assignment, construct a paper to validate the applicability of the minimum set of
controls and mitigation options for a specific system. Carefully determine whether the
applicability of the minimum set of controls for the system are enough for the purpose of
certification and accreditation. Analyze and evaluate the security risk to select the appropriate
level of controls. There will be situations where there are multiple options, so compare and
contrast at least one set of options. In making a choice, reference a minimum level as opposed
to best practices for those options.
Length: 5-7 pages, not including the cover page, title page, and reference section.
References: a minimum of 5 resources from the course and add at least 2 others from the NCU
Library
Your assignment should demonstrate thoughtful consideration of the ideas and concepts
presented in the course and provide new thoughts and insights relating directly to this topic.
Your response should reflect scholarly writing and current APA standards.
Purchase answer to see full
attachment
