Cybersecurity Capstone CYB 670

Step 9 Implement Security Controls

In step 4 of the RMF process, the security controls are implemented and documented to include updating security and privacy plans associated with the system and the organization. Selecting and determining the organization-defined parameters are a precursor to this step.

For our specific use case, we would need to implement approximately 287 baseline security controls as listed in the SP-800-53B control baselines. Clearly, we canâ€™t implement all of these controls in our available timeline. It is not unusual for this step to take several months to complete. However, we can pick a few security controls and work attempt to implement and document the results.

Take Note

One time saving tip for implementing security controls is to use or reuse existing documentation and templates as opposed to creating your own. For example, for most security control families a policy and procedure document is required. Leveraging policy and procedure templates for media protection, personnel security, planning, remote access, incident response, maintenance, security awareness training policies and more will save time.

Templates can be found at a number of sites including SANS and CIS. For your convenience, several templates have been uploaded from the cissecurity site that can be used for implementation. These can be found in assignment itself. To use the templates, you will need to modify the placeholder values typically found in red.

Here are some tips to help you replace those values:

Entity â€“ is typically the organization or system.
Personnel or roles â€“ are organization specific roles. You previously defined these. You just need to assign specific roles as appropriate.
Needs, numbers, conditions and other details will typically be document specific. You may need to conduct some research on what might be the most appropriate value to enter. However, often the solution is simple. For example, for the following statement found in the Access Control Policy template, â€œDisplays system use information [entity defined conditions], before granting further access. â€œ, a possible replacement for â€œentity defined conditionsâ€ could be â€œupon initial login andâ€. This would yield the following policy statement. â€œDisplays system use information upon initial login and before granting further access.â€

Additional documentation related to specific policies and procedures that may be useful to review include NIST SP 800-34: Contingency Planning Guide for Federal Information Systems, NIST SP 800-61: Computer Security Incident Handling Guide and NIST SP 800-128: Guide for Security-Focused Configuration Management of Information Systems. Each of these documents are rather lengthy so they arenâ€™t meant to be read in one setting but are useful for extracting just in time information to help support your security control implementation related to contingency planning, incident handling and configuration management.

Project 2 – Step 10 Implement Security Control

Assignment submission

Using the templates provided in this attachment, complete the policies and documents for each of the following:

Prior to submitting your completed templates, work with 2 other students to review their documents providing feedback, as appropriate. Be sure to have them review your document and apply recommendations. Mention the recommendations from your group in your document and how you specifically applied their recommendations. Discuss with your group how long it might take to and how many people you would need to implement all 238 controls. The group selection is up to you. However, if you have difficulty finding a small team talk with your professor.

Once complete, submit the completed templates as an upload for your instructor to review.

In section 3 describe the process associated with implementing and documenting security controls. Estimate the timeline and number of people you might need to complete all 238 controls that you discussed in your group.

Submit the reporting template for grading and feedback from your instructor. Use the Advanced Risk Management Report Template. Be sure to apply any feedback you received from your professor related to section 2 in this submission as well. For this step, you should have completed section 3, uploaded your policies, and updated previous sections as appropriate.

"96% of our customers have reported a 90% and above score. You might want to place an order with us."

Affordable prices

You might be focused on looking for a cheap essay writing service instead of searching for the perfect combination of quality and affordable rates. You need to be aware that a cheap essay does not mean a good essay, as qualified authors estimate their knowledge realistically. At the same time, it is all about balance. We are proud to offer rates among the best on the market and believe every student must have access to effective writing assistance for a cost that he or she finds affordable.

Caring support 24/7

If you need a cheap paper writing service, note that we combine affordable rates with excellent customer support. Our experienced support managers professionally resolve issues that might appear during your collaboration with our service. Apply to them with questions about orders, rates, payments, and more. Contact our managers via our website or email.

Non-plagiarized papers

“Please, write my paper, making it 100% unique.” We understand how vital it is for students to be sure their paper is original and written from scratch. To us, the reputation of a reliable service that offers non-plagiarized texts is vital. We stop collaborating with authors who get caught in plagiarism to avoid confusion. Besides, our customers’ satisfaction rate says it all.

Home

About Us

Professional Writing Services

Contact Custom Essay Writers

Order Custom Essay