How the Recommended Security Controls for Federal Information Systems and Organizations presented in NIST Special Publication...
How the Recommended Security Controls for Federal Information Systems and Organizations presented in NIST Special Publication 800-53 may also apply in the private sector?
Homework Answers
NIST develops and issues standards, guidelines, and other publications to assist federal agencies in implementing the Federal Information Security Management Act (FISMA) of 2002 and in managing cost-effective programs to protect their information and information systems. Federal Information Processing Standards (FIPS) are developed by NIST in accordance with FISMA. FIPS are approved by the Secretary of Commerce and are compulsory and binding for federal agencies. Since FISMA requires that federal agencies comply with these standards, agencies may not waive their use. Guidance documents and recommendations are issued in the NIST Special Publication (SP) 800-series. Office of Management and Budget (OMB) policies (including OMB FISMA Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management) state that for other than national security programs and systems, agencies must follow NIST guidance. Other security-related publications, including interagency and internal reports (NISTIRs), and ITL Bulletins, provide technical and other information about NIST's activities. These publications are mandatory only when so specified by OMB.
Add Answer to:
How the Recommended Security Controls for Federal Information
Systems and Organizations presented in NIST Special Publication...
A key tenet of the NIST SP 800-53r5 (Security and Privacy Controls for Information Systems and...
A key tenet of the NIST SP 800-53r5 (Security and Privacy Controls for Information Systems and Organizations) specification is that security and privacy requirements are a subset of all requirements that can be imposed on an information system and/or an organization. In other words, when we develop systems/applications for example, we must consider security and privacy requirements as part of overall system requirements A. True B. False
True or False 16. Access to information, information processing facilities, and business processes should be controlled...
True or False 16. Access to information, information processing facilities, and business processes should be controlled on the basis of employee’s requirements. 17. Access control rules should take account of policies for information dissemination and authorization. 18. NIST Special Publication 800-53 Recommended Security Controls for Commercial Information Systems. 19. The primary characteristic of the SABSA model is that everything must be derived from an analysis of the user’s requirements for security. 20. COBIT includes best practices, measures, and processes organizations...
When performing a gap analysis, one must have an understanding of the desired future or "to be" state. For cybersecurity focused gap analyses, we frequently use IT security controls as the mea...
When performing a gap analysis, one must have an understanding of the desired future or "to be" state. For cybersecurity focused gap analyses, we frequently use IT security controls as the means by which we describe the "to be" (or "should be") state of IT systems and Information Security Management Programs. There are a variety of guidance documents which list and define sets of security controls. Each of these documents or sets of controls has an underlying framework. One of...
#1) Select the best choice. For security controls, gap analysis involves comparing the present state of...
#1) Select the best choice. For security controls, gap analysis involves comparing the present state of controls with a desired state of controls. At a minimum, common baseline security controls should be in place. Any gaps to various types of controls should be clearly documented, for example - "Information security responsibilities", which: a. Defines the program to provide initial and ongoing security education across the organization. b. Reduces risk from known vulnerabilities being exploited. c. Defines how staff will execute...
If an organization is going to have a chance at a successful security program they need...
If an organization is going to have a chance at a successful security program they need to develop policies that provide direction for all security efforts and guide the conduct of the users. These policies need to be well written to provide the organization with solid guidance to support their security objectives. Identify and briefly describe the three types of security policies. Your response should include a discussion of where each should be used. Where should policy writers look to...
What is an Information Security Program (ISP) and how is an ISP used in organizations, companies...
What is an Information Security Program (ISP) and how is an ISP used in organizations, companies and federal agencies?
What do you feel are the top 3 security issues of management information systems and how...
What do you feel are the top 3 security issues of management information systems and how could organizations counter these issues?
Please choose 5 questions from 20 and answer them. 1. How can a security framework assist...
Please choose 5 questions from 20 and answer them.
1. How can a security framework assist in the design and implementation of a security infrastructure? What is information security governance? Who in the organization should plan for it? 2. Where can a security administrator find information on established security frameworks? 3. What is the ISO 27000 series of standards? Which individual standards make up the series? 4. What are the issues associated with adopting a formal framework or model? 5....
how do i calculate? The following information is available for Lock-Tite Company, which produces special-order security...
how do i calculate?
The following information is available for Lock-Tite Company, which produces special-order security products and uses a job order costing system. April 30 May 31 $ $46,500 10,900 66,500 59,000 22,700 42,600 Inventories Raw materials Work in process Finished goods Activities and information for May Raw materials purchases (paid with cash) Factory payroll (paid with cash) Factory overhead Indirect materials Indirect labor Other overhead costs Sales (received in cash) Predetermined overhead rate based on direct labor cost...
how do i calculate? The following information is available for Lock-Tite Company, which produces special-order security...
how do i calculate?
The following information is available for Lock-Tite Company, which produces special-order security products and uses a job order costing system. April 30 May 31 $ $32,000 9,300 66,000 37,000 19,200 33, 100 Inventories Raw materials Work in process Finished goods Activities and information for May Raw materials purchases (paid with cash) Factory payroll (paid with cash) Factory overhead Indirect materials Indirect labor Other overhead costs Sales (received in cash) Predetermined overhead rate based on direct labor...
Please choose 5 questions from 20 and answer them.
1. How can a security framework assist in the design and implementation of a security infrastructure? What is information security governance? Who in the organization should plan for it? 2. Where can a security administrator find information on established security frameworks? 3. What is the ISO 27000 series of standards? Which individual standards make up the series? 4. What are the issues associated with adopting a formal framework or model? 5....
how do i calculate?
The following information is available for Lock-Tite Company, which produces special-order security products and uses a job order costing system. April 30 May 31 $ $46,500 10,900 66,500 59,000 22,700 42,600 Inventories Raw materials Work in process Finished goods Activities and information for May Raw materials purchases (paid with cash) Factory payroll (paid with cash) Factory overhead Indirect materials Indirect labor Other overhead costs Sales (received in cash) Predetermined overhead rate based on direct labor cost...
how do i calculate?
The following information is available for Lock-Tite Company, which produces special-order security products and uses a job order costing system. April 30 May 31 $ $32,000 9,300 66,000 37,000 19,200 33, 100 Inventories Raw materials Work in process Finished goods Activities and information for May Raw materials purchases (paid with cash) Factory payroll (paid with cash) Factory overhead Indirect materials Indirect labor Other overhead costs Sales (received in cash) Predetermined overhead rate based on direct labor...
Most questions answered within 3 hours.
-
Hyundai Motors is considering threesites—A, B,C —at which to
locate a factory to build its new-model...
asked 1 minute from now -
Learning Outcomes:
Upon the successful completion of this module, you should
understand the following concepts:
Strategic...
asked 25 seconds from now -
A 0.2m diameter ball with an initial velocity of 8m/s rolls up a
hill without slipping....
asked 7 minutes ago -
Identify four of the five major types of organizations within
the federal bureaucracy, and give examples...
asked 7 minutes ago -
The following data have been obtained
for the effect of solvent composition on the solubility of...
asked 8 minutes ago -
Our ability to see distinct edges as well as our errors in
contrast perceptions (e.g., seeing...
asked 27 minutes ago -
Two buckets of mass 17.1 kg and 11.3 kg are attached to the ends
of a...
asked 20 minutes ago -
A laser used in LASIK eye surgery produces 50 pulses per second.
The wavelength is 192...
asked 17 minutes ago -
Smith Inc. recently reported operating income of $2.75 million,
depreciation of $1.20 million, and had a...
asked 18 minutes ago -
A
nurse is trying to understand the structure and chain of command of
a healthcare organization....
asked 21 minutes ago -
A company is interested in estimating the costs of lunch
in their cafeteria. After surveying employees,...
asked 24 minutes ago -
A woman expends 94 kJ of energy in walking a kilometer. The
energy is supplied by...
asked 35 minutes ago