Need help with a question.
Assignment Content
1.
Top of Form
As the CISO for a health care organization, you are tasked with the following:
· Analyze an information system for determining the selection of security control objectives in order to manage information security risk and apply that gained knowledge to build a security assessment plan.
· Assess information security controls to mitigate risks and secure operations for a specified industry organization.
Read the
NewTab Project Profile document and
refer to FIPS Publication 200,
Minimum Security Requirements for Federal Information and Information Systems
.
Part A: Security Assessment Plan
Create a 3- to 4-page security assessment plan (SAP) in Microsoft® Word that includes the following:
· Short summary of the NewTab project
· Description of each of the 11 security control families as documented in FIPS Publication 200 and listed in the NewTab Project Profile
· Priority list of the top 5 security control families of concern, based on their applicability to the NewTab project
· Explanation of your rationale for the top 5 security control families that must be analyzed and assessed in order to determine any vulnerabilities that the NewTab solution may have
Part B: Build the POA&M
Based on the list of 7 vulnerabilities provided in the NewTab Project Profile and the information from the SAP you wrote in Part A,
complete a 3- to 4-page POA&M using the
Plan of Action and Milestones (POA&M) Worksheet.
Cite any references according to APA guidelines.