CYB 207 Wk 5 – NIST RMF Step 6: Monitor Security Controls

0 items
CYB 207 Wk 5 - NIST RMF Step 6: Monitor Security Controls
CYB 207 Wk 5 – NIST RMF Step 6: Monitor Security Controls
$9.00
  • Description

CYB 207 Wk 5 – NIST RMF Step 6: Monitor Security Controls

As the team leader for Phoenix Security Services’ SureMarket account, you completed your SOX assessment of compliance. Now your company is being retained to monitor the status of SureMarket’s security posture, including maintaining compliance with the Sarbanes-Oxley (SOX) act using the NIST RMF as described in NIST SP 800-37:

  • Step 1: Categorize Information Systems
  • Step 2: Select Security Controls
  • Step 3: Implement Security Controls
  • Step 4: Assess Security Controls
  • Step 5: Authorize Information System
  • Step 6: Monitor Security Controls

 

Review the security controls implemented and assessed during Steps 3 and 4.

 

Your next task as team leader is to complete Step 6 of the NIST RMF process by requiring various methods of monitoring, including security metrics and vulnerability management.

 

Security metrics are used to gain a holistic view of the effectiveness of the overall security program, while vulnerability management constantly monitors for any new vulnerabilities and applies mitigation actions in order to reduce the risks of those newly identified vulnerabilities. In some cases, the process will start over with Step 1 of the NIST RMF process.

 

Part A: Metrics Plan

To prepare a metrics plan for the SureMarket information security department, create a 3- to 4-page Microsoft Word document that includes the following:

  • Describe the security strategy for measuring the effectiveness of the implemented security controls and risk mitigation put into place during Step 5 of the NIST RMF process. Include the following for each of the vulnerabilities with respect to the SureMarket IT systems:
  • How to measure mitigated risk
  • How to identify new vulnerabilities
  • How to measure SOX compliance
  • Describe the tools that you would use to measure and track trends, including key performance indicators and thresholds.
  • Illustrate how you would present metrics to senior leadership, including the requirement for reauthorization.

 

Part B: Vulnerability Management Plan

To prepare a vulnerability management plan for the SureMarket information security department, create a 2- to 3-page Microsoft Word document that includes the following:

  • Describe the strategy for continuously monitoring the SureMarket network and IT systems for new vulnerabilities. Include the methods and frequency for conducting the following:
  • Vulnerability scanning
  • Penetration testing
  • Describe a decision tree for mitigating newly identified vulnerabilities.

 

Format your citations according to APA guidelines.