Kibata

Sign In

Our Services

Get 15% Discount on your First Order

Order Now
[rank_math_breadcrumb]

Assign 2 of CG

Follow the attach information to complete this work. Make sure it aligns with the Rubric.

Unit 2 Assignment Directions:

Risk-Assessment Strategy

Purpose

In this assignment, you will detail the risk-assessment plan and strategy for your organization that you described in your discussion post. You have demonstrated that you understand their core business functions and mission. Your risk assessment should be tailored to that understanding. If you implement the risk-management controls recommended by NIST, another standards body, or a trade association for your industry, you will be demonstrating compliance with government requirements. This means that if there is a breach, your legal office can provide a written justification that maps your compliance to your direct business services. This will also support any insurance claims and help to maintain your business reputation.

Directions

Write a detailed overview and analysis of the fundamentals of risk management in cybersecurity for your organization that you described in your discussion post. You may choose one of the following two options for formatting your response (see details below):

· Option A: A 4- to 6-page paper 
OR

· Option B: A matrix (sample provided below) and a 2- to 3-page narrative

Regardless of which format you choose, be sure to address all the following elements:

1.
Write a substantive executive summary that includes the following:

a. A brief statement on the purpose and scope of the RA

b. Your focus on the current organizational assessment

c. Your risk-mitigation and management strategy

d. Cited references to authorities that show the organization’s compliance with government requirements, industry best practices (NIST), or other standards

2.
Assess the cybersecurity posture of your chosen organization. Be sure to include the following:

a. Describe your organization’s business goals, mission, objectives, and how the requirements would support them.

b. Use the implementation tiers in NIST to assess your organization’s current situation.

c. List vulnerabilities, countermeasures, and recommendations for improvement.

3.
Apply the NIST RMF framework:

a. Explain in more detail how to use NIST 800-53 (rev.5), NIST 800-30, and the new NIST 2.0 to create a comprehensive strategy.

b. Explain what actions you would take to align your business strategy with the recommended NIST best practices.

c. Clearly map the business objectives and goals to a cybersecurity plan. Include all the following key measures:

i. Prepare the organization.

ii. Categorize system and information.

iii. Select a range of 4–6 NIST SP 800-53 controls.

iv. Implement the controls and document how controls were deployed.

v. Assess whether the controls are in place, operating as intended, and producing the desired outcomes.

vi. Authorize risk-based decision-making.

vii. Continuously monitor implementation and risks to the system.

4.
Evidence of skills: Demonstrate your knowledge of risk-assessment protocols as well as legal and regulatory compliance.

5.
Write the paper with an organized, logical flow of information. Cite authoritative sources sufficiently to show that your analysis is based on the resources provided or other documents you find through your research. Please use a consistent citation style.

Executive Summary Features

Here are some ideas for what to include in your executive summary. A CEO should be able to use your summary for decision-making purposes. An executive summary includes a brief statement of the issue, which helps the executive understand the topic (risk mitigation and management).

As stated in the directions, cite the authorities you are using to show compliance with government requirements, industry best practices (e.g., NIST), or other standards. To analyze the importance of these requirements and best practices, one approach would be to follow the suggestions below.

Explain briefly how the templates and their rationale provide assurances to the CEO that these requirements reduce the organization’s cybersecurity risk. One way to do this is to cite a specific requirement as an example and explain how it is applied. Then you may also want to talk briefly about a technological solution you are using to assist you in this effort. You can then list some of the vulnerabilities your organization has in the system and explain how you will address them, Finally, you could discuss how you will make sure that you are ensuring compliance (e.g., continuous monitoring, establishing a training program that requires quarterly testing, or some other methods that demonstrate active participation).

To remind yourself how to cite references, visit the Library’s 
APA Document Formatting (7th Edition) and 
APA 7th Edition Citation Examples.

Format

Click the “+” to expand each section below.

Suggested Outline for Option A: Paper

Suggested Outline for Option B: Narrative and Matrix

Submission

· Review the Unit 2 Risk-Assessment Strategy Rubric to understand how you will be assessed on this assignment.

image4.png

image5.png

image6.png

image7.png

image8.png

image1.png

image2.png

image3.png

Share This Post

Email
WhatsApp
Facebook
Twitter
LinkedIn
Pinterest
Reddit

Order a Similar Paper and get 15% Discount on your First Order

Order Now

Related Questions

Blockchain app programming

i have the template provided and you will have to use the term project presentation to complete it.  Secure-Trade CIS-5730 – Blockchain Applications TERM PROJECT PRESENTATION The money is stored in a digital wallet in the blockchain until two parties pass release or refund (Safe, 2026). The same agreement promotes

HIMS 655 ASS8

Watch the YouTube Video MEDICAL CODING ICD-10-CM GUIDELINES LESSON – 1.B – Coder explanation and examples for 2021 Review the ICD-10-CM Official Guidelines for Coding and Reporting at   and in your assignment respond to the following questions: Who is responsible for framing these Guidelines? Why are these guidelines necessary for

HIMS 645 ASS8

Using Internet resources, search  three national and three international healthcare organizations that maintain databases and use the information based on the processed data from these databases in their decision-making process. Briefly describe the organizations and types of data contained in their databases (make sure to remember quality of data points and

W8: Topic 1 – Course Wrap-Up

 Pick one topic from this class that most interested you. State the topic and your reasons for the choice. ii. You need to respond to at least 2 students.  This is part of your grade to be active in the threads and responding to students.   NB: THIS IS THE TOPIC

Big Data Tools and Emerging Technologies

please see attachment  4 [ Note: To complete this template, replace the bracketed text with your own content. Remove this note before you submit your project.] Big Data Tools and Emerging Technologies Paper [Your Name] DAT 260: Emerging Technologies and Big Data [Your Instructor’s Name] [Date—for example, May 1, 2021]

HIMS 655 ASS7

Mapping between SNOMED-CT and ICD-10-CM Note: For completing this assignment, use of the I-MAGIC tool (Interactive Map-Assisted Generation of ICD Codes) is required. To access the I-MAGIC tool, click on the following  ) Problems and diagnoses can be recorded in SNOMED CT in the EHR, while the cross-mappings to ICD-10-CM can

HIMS 645 ASS7

Four types of databases are Relational, Network, Hierarchical, and Object-Oriented. What are their salient features (a table format is acceptable)? Assess their usability for healthcare facilities that generated numerical, text, and images data citing reasons for your choice.  Two most commonly used databases in healthcare organizations are Relational and Object-Oriented (O-O). Both employ respective

MS ACCESS

Need to do a Microsoft Access document for my work.  2 Consideration of MS Access Database Development on Healthcare. Name Instructor School Date Consideration of MS Access Database Development on Healthcare. Introduction The task entailed developing a Microsoft access database of a small healthcare facility, which has just abandoned the

Effective security programs

Organizational policies define the direction for an organization and contribute to its overall security culture by setting the tone on what is and is not acceptable. 

The Equifax Data Breach

Briefly explain what the Equifax data breach was, why it happened, and why it was important. You should mention that Equifax failed to protect personal data, discuss the ethical and security issues involved, and explain what companies can learn from the incident. Please see attached documents. 

Reflection on Big Data and AI

please see attached DAT 260 Module Five Journal Guidelines and Rubric Overview In this journal assignment, you will reflect on key concepts covered in this module. This assignment directly supports your work in Project Two, which is due in Module Seven. Directions In a well-crafted journal entry, address the following: