StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Cybersecurity Profile - Essay Example

Cite this document
Summary
The paper "Cybersecurity Profile" describes as stated in NIST's "Special Publication No. 800-53 Rev 4" Guidelines for Assessing Security Monitoring in Federal Information Systems and Organizations, "every public organization must establish a SSP to create effective safety assessment plans…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER91.4% of users find it useful
Cybersecurity Profile
Read Text Preview

Extract of sample "Cybersecurity Profile"

Cybersecurity Profile (System Security Plan (SSP) Number Lecturer Cybersecurity Profile (System Security Plan (SSP) Introduction As stipulated in the NIST Special Publication 800-53 Rev 4 Guide for Assessing the Security Controls in Federal Information Systems and Organizations, Building Effective Security Assessment Plans, each public organization is required to create a system security plan (SSP) or a cyber-security profile for all their minor and major information systems (NIST, 2012). Additionally, all federal regulations and the department of Treasury information technology security program requires that all the senior officials in-charge of information security should establish a security program for their departments (IRS, 2012). Given the nature of operations and the sensitivity of the information handled by IRS, it is paramount that confidentiality is accorded to these information. Essentially, the information security program includes security controls required for audit and accountability. They also ensure that appropriate identification and authentication controls, integrity controls and audit controls are implemented (NIST, 2012). Consequently, this document provides a cybersecurity profile for IRS, which will basically document the current and the planned controls including management, technical and operational controls for the IRS system. The paper will also address security concerns likely to affect the operating environment of the system. Security profiles/ controls NIST’s Special Publication 800-53 recommends several security controls for the IRS and similar agencies and organizations. These controls are mainly categorized as management controls, technical controls and operational controls (NIST, 2012). For purposes of this assignment, we will elaborate one control in each of the three broad categories. Management controls According to the internal Revenue Manual titled IRM 10.8.1, that contains policy and regulations that guide the IRS organization with regard to information security; management controls are controls that are management oriented (IRS, 2012). They are mainly concerned with the management of risks during the IRS normal system operations. The policy states that the organization shall implement management security controls aimed at mitigating the risk of electronic data and information and Information Technology applications loss in a bid to protect the mission of IRS (IRS, 2012). Planning Control (PL) Among the family of management controls is the Planning (PL) controls. Each information system must have a radiant and effective security plan (Barnard & Von Solms, 2000). Planning Control is a management control that addresses the security planning for each system in the IRS organization. In the IRS context, Planning controls with regard to information security include creation of security policies that will guide the organization in ensuring that there is availability of a security plan. The planning control is required in an organization to ensure that the institution has a working security plan for all their information systems (IRS, 2012). Planning control has several associated family identifiers, two of the associated identifiers include; security planning policy and procedures and system security plan identifiers (Barnard & Von Solms, 2000). a) Security Planning Policy and Procedures Implementation Status; this control is in place. IRS has implemented a security planning policy and procedures that guide the organization in matters information system security (IRS, 2012). In conformity with the NIST SP 800-53 security assessment guidelines the organization has prepared an Internal Revenue Manual that addresses the security planning and related issues. Part 10 of the IRM (10.8) is a formal documented, security planning policy that gives the purpose, roles, scope, responsibilities, coordination, management and compliance. It also provides a documented procedure that facilitate the implementation of the security planning policy and associated security planning controls (IRS, 2012). b) System security Plan The agency has implemented a system security plan for its information systems. The system security plan provides an overview of the security requirements for the information system and a description of the of all the security controls put in place or intended for implementation (IRS, 2012). IRS agency has implemented this control through the use of an IRM manual that comprise of all system security plans, policy and regulations that are implemented in the agency (IRS, 2012). Operation controls Operational controls focus on the mechanisms that are implemented by the management of the information system, the administration and the technical support. Operational controls are security controls that are essentially put in place to improve the overall system security (Barnard & Von Solms, 2000). According to the internal Revenue manual Part 10 Chapter 8 (IRM 10.8.1), IRS shall implement operational security controls that will secure the information systems in the organization (IRS, 2012). One of the operational controls is discussed in the following section: Security Training and Awareness (TA) controls Security Training and Awareness controls are needed to ensure that the employees in the agency have proper security awareness and training. This is achieved by security policies and procedures that have been established and implemented. NIST SP 800-53 recommends several security training and awareness family controls. This paper will look at two of the recommended family identifiers; a) Security training and awareness policy and procedure According the IRS IRM manual which acts as the agency’s security policy and procedure, the agency must develop and implement an IT security awareness and Training program for all its employees. The agency has a formal, well documented security training and awareness policy and procedure in place. The document addresses the purpose scope, roles, responsibilities, management, commitment, coordination and responsibilities among organization entities and management (IRS, 2012). b) Awareness The system users in the agency are required to undergo and complete a security awareness and training before they are granted access to the system (IRS, 2012). Additionally, they are required to undergo the training annually as long as they continue to use the system (IRS, 2012). Technical controls Technical controls are mainly concerned with the controls put in place to address the unauthorized access to the system resources and information. IRS is one of the crucial agencies that handles sensitive data and information that must be protected from unauthorized access using appropriate technical controls. One of the controls from the family of technical controls is the identification and authentication control (NIST, 2012). Identification and Authentication control The Identification and Authentication controls are a set of technical controls that are basically used to prevent unauthorized access to the system by individuals or processes (NIST, 2012). The control is a fundamental element of any information system and in this case the IRS that handles some of the crucial information. The control is needed to identify, authenticate and differentiate users when using the system. The following family of identifiers can be used in this control: a) User identification and Authentication IRS maintains a system that ensures that all users of the system are first identified and defined. The users are given different access privileges depending on their duties and responsibilities within the system. This also includes the processes that acts on behalf of the users of the system (IRS, 2012). The agency has a user identification and authentication procedure in place. The user identification and authentication procedure is guided by the existing guidelines, procedures and policy in the organization (IRS, 2012). b) Device Identification and Authentication The identification and authentication procedures and guidelines in the agency requires that each device is identified and authenticated before a connection is established. Confidentiality and security can easily be breached through intruding devices. The agency has a device identification and authentication procedure in place that is guided by the Internal Revenue Manual of IRS (IRS, 2012). Conclusion In conclusion, it is important to note that security controls and profiles will vary with information systems in different organizations. In this case the security controls inherent in the Agency are crucial controls that are aimed at maintain the privacy and confidentiality of the data and information. To achieve a complete and sound security profile, the management, operational and technical controls must be implemented to complement each other for effective results. Planning control lays a foundation for other management controls, this can be done through security policy and procedures and security plan. Basic operational controls such as security awareness and training is crucial in any organization. Through security awareness and training policy and procedures and user awareness, security can be achieved. Finally, the technical controls offer a final remedy for security concerns in the organization. Basically, the identification and authentication control is one of the effective technical controls. By user identification and authentication and device identification and authentication controls the agency can address the issue of unauthorized access. References Barnard, L., & Von Solms, R. (2000). A formalized approach to the effective selection and evaluation of information security controls. Computers & Security, 19(2), 185-194. IRS. (2012). Part 10: Security Privacy and Assuarance. Retrieved April 24, 2015, from IRS Agency Website: http://www.irs.gov/irm/part10/irm_10-008-034r.html#d0e1573 NIST. (2012). NIST Special Publication 800-53 Revision 4 Recommended Security Controls for Federal Information Systems and Organizations. . CA: CreateSpace, Paramount. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Cybersecurity Profile Essay Example | Topics and Well Written Essays - 1250 words”, n.d.)
Cybersecurity Profile Essay Example | Topics and Well Written Essays - 1250 words. Retrieved from https://studentshare.org/information-technology/1690862-cybersecurity-profile
(Cybersecurity Profile Essay Example | Topics and Well Written Essays - 1250 Words)
Cybersecurity Profile Essay Example | Topics and Well Written Essays - 1250 Words. https://studentshare.org/information-technology/1690862-cybersecurity-profile.
“Cybersecurity Profile Essay Example | Topics and Well Written Essays - 1250 Words”, n.d. https://studentshare.org/information-technology/1690862-cybersecurity-profile.
  • Cited: 0 times

CHECK THESE SAMPLES OF Cybersecurity Profile

Anonymity of Individuals on the Internet

It also creates misrepresentation about the user's profile on internet.... cybersecurity Question Determine the extent that anonymity has helped better society, industry, and individuals.... It is in this context that anonymity on internet can have diverse consequences for the users owing to its diverse features to render uncomplicated… Many of the users or rather web hackers today, implement software applications such as Tor which allocates active communication facilities around a network as a result of which the sender or the information cannot be tracked....
2 Pages (500 words) Coursework

Business Continuity & Disaster Recovery Planning Models Comparison

om/cybersecurity/insights/67598 the_security_stack_for_business_continuity_and_disaster_recoveryQuintero, D.... Disaster recovery is a term that is use to refer to business resumption after any form of disruption while on the other hand, business… This paper will analyze two models that are used in the business recovery and continuity to highlight their similarities and differences between them. The Business Continuity & Disaster Recovery Planning Models of Learning Disaster recovery and business continuity planning refers to all those processes that aid an organization to recover from a disruptive event....
1 Pages (250 words) Coursework

System Security for Department of Human and Health Services

nbsp;  The SSP works in accordance to the guidelines provided under the National Institute of Standards and Technology (NIST) Special Publication 800-53 Rev 4 Guide for Assessing Security Controls in Federal Information Systems and Organizations, Building Effective Security Assessment PlansThe purpose of this Cybersecurity Profile is to provide an overview of the cybersecurity requirements for the HHS (Department of Human and Health Sciences) with a succinct description of how the management, operational, and technical controls in place and those planned for the future, meet NIST's requirements....
4 Pages (1000 words) Essay

Network Security Fundamentals

The improving technology has led to massive investments in financial services that have seen many people accessing organizations' services at their convenient places.... Uses of credit cards, online money transfer programs and usage of the online transaction platforms have… The increased cyber-crimes are attributed to the increasing adoption of online transaction platforms....
5 Pages (1250 words) Essay

Vision and Mission Statement of Cyber Software, Inc

Nowadays, almost every business organization including government agencies heavily, rely on information technology to effectively, carry out its operations.... This condition continue to increase the significance of coming up with better means of dealing with vulnerabilities in the… For the business to continue performing well and remaining dominant in the industry, it has to establish measures to minimize risks, preserve confidentiality, data integrity and ensure the network resources always available....
1 Pages (250 words) Essay

Proposing a Solution

In advanced definition, cyber attack is more than impairing the computers from which people run their activities.... It incorporates all intentional attacks targeted at… For instance, the cyber attacks directed at the credit transaction service would see the data transactions of the e-commerce system altered into the vast banking systems....
6 Pages (1500 words) Essay

Payment Card Industry (PCI)/Target Breach

cybersecurity, cyber analysis, and warning.... It hopes to ensure that issues of the security of data have been in use consistently across the globe.... What it does provide the starting point of both operational and technical needs that will ensure… the data in the card is secure (Virtue, 2009)....
1 Pages (250 words) Essay

The Prosperity of an Online Enterprise

nbsp; Concerns about cybersecurity scare away many potential customers who fear online scams and identity fraud.... This essay "The Prosperity of an Online Enterprise" presents online business that has come in handy since the establishment of the internet.... Products and services are now sold on online platforms as compared to the brick and mortar ventures where customers must have availed themselves physically....
2 Pages (500 words) Essay
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us