11120A plan of action and milestones (POA&M) is a living, historical document that identifies tasks that need to be created to remediate security vulnerabilities. The goal of a POA&M should be to reduce the risk of the vulnerability identified. Describe some of the common challenges with...
11115Your company is a security service contractor that consults with businesses in the U.S. that require assistance in complying with HIPAA. You advertise a proven track record in providing information program security management, information security governance programs, risk management programs, and regulatory and compliance recommendations....
11114Your company recently reviewed the results of a penetration test on your network. Several vulnerabilities were identified, and the IT security management team has recommended mitigation. The manager has asked you to construct a plan of action and milestones (POA&M) given that the following vulnerabilities...
11098~Choose one of the control families described in FIPS 200, and describe how a security policy would be written to address that control family. ~Discuss the primary components of the security policy with respect to the security requirements described within the control family....
11093The information security strategic plan and security policies are strongly interrelated within an organization’s information security program. The security plan and security policies will drive the foundation and selection of security controls to be implemented within the organization. Part 1: Write a 1- to 2-page summary of...
11092Research examples of cybersecurity strategic plans and cybersecurity policies, and then compare the two using the Security Strategic Plan Versus a Security Policy Template. Your comparison should be 1 to 2 pages....
10986As a CISO, you are responsible for developing an information security program based on using a supporting framework. Discuss what you see as some major components of an information security program....
10985One of the roles of the Chief Information Security Officer (CISO) is to translate technical jargon into business language that senior leadership and executives can understand to support business decisions. As the CISO, the board of directors has asked you to share your ideas for developing...
10984You are a newly appointed CISO who reports directly to the CIO. In the past, the security team reported directly to the CIO. One of your first initiatives was to run a penetration test against the company to better understand its security posture. The results...
10963Part 1: The National Institute of Standards and Technology (NIST) publishes Special Publications (SP) to help government agencies and private companies develop and support security programs. The SP 800 subseries deals specifically with computer security. SPs are considered guidelines for nongovernment entities whereas both NIST Federal...