03 Apr Requirements: 1) APA 6th Ed format (to include introduction and conclusion) 2) Due 9 April 3) 5
1) APA 6th Ed format (to include introduction and conclusion)
2) Due 9 April
3) 5 Pages minimum (not including title page and APA references)
4) Minimum of 5 References (including the 3 provided/uploaded)
Continuous monitoring is a critical part of the risk management process. "Continuous monitoring is ongoing observance with intent to provide warning. A continuous monitoring capability is the ongoing observance and analysis of the operational states of systems to provide decision support regarding situational awareness and deviations from expectations." —Source: Keith Willett (MITRE) in support of the National Security Agency.
"Information Security Continuous Monitoring (ISCM) is defined as maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions." —NIST.
Organizations should establish, implement, and maintain ISCM. ISCM should be a recursive process as its monitoring strategy is continually refined so that ISCM is a robust system. Tiered organization-wide ISCM framework and dynamic ISCM processes are proposed by the National Institute of Standards and Technology. Please scan through the important framework and processes in the following article. Its Appendix D "Technologies for Enabling ISCM" provides some technical and managerial details and examples.
NIST (2011). Information Security — Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations. National Institute of Standards and Technology Special Publication 800-137. (attached/uploaded)
Oniha, A., Weaver, G., Arnold, C. and Shreck, T. (2017). Information security continuous monitoring. Journal of Cyber Security and Information Systems. 5(1). https://www.csiac.org/journal-article/information-security-continuous-monitoring-iscm/
Mell, P., Waltermire, D., Feldman, L., Booth, H., Ouyang, A., Ragland, Z., & McBride, T. (2012). CAESARS framework extension: an enterprise continuous monitoring technical reference model (attached Uploaded)
After reviewing the above materials, write a 5-page essay, to include introduction and conclusion. and answer the following question: How does an organization systematically conduct risk assessments of information systems security risks?
In addition, answer/address the following topics:
The importance of risk management for information systems security
The principles and fundamentals of risk management of information system security
The methods of risk assessments including processes, matrix, calculations, etc. (include an example matrix)
The challenges and solutions to risk assessments that are particularly interesting to you
Our website has a team of professional writers who can help you write any of your homework. They will write your papers from scratch. We also have a team of editors just to make sure all papers are of HIGH QUALITY & PLAGIARISM FREE. To make an Order you only need to click Ask A Question and we will direct you to our Order Page at WriteDemy. Then fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.
Do you need help with this question?
Get assignment help from Aqhomework.com Paper Writing Website and forget about your problems.
Aqhomework provides custom & cheap essay writing 100% original, plagiarism free essays, assignments & dissertations.
With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.
Click Order now to access our order form, fill your paper details correctly, select your paper deadline and wait for our writers to send a perfectly written assignment.
Chat with us today! We are always waiting to answer all your questions.