Security Framework of Rouge Construction
Assessment Description
During this assignment, students will identify the laws or regulations an organization must adhere to, and map these specific controls within a framework to communicate and implement throughout the organization.
1. Access the "Company Profiles," located in the Class Resources.
2. Select a fictitious company to use for the duration of this course and create an associated abbreviation (e.g., Across the States Bank (ASB), Lopes Manufacturing (LM), or Pike's Peak Health Care (PPHC)).
3. For the company selected, research online or use Chapter 2 of the textbook and identify, at minimum, two laws or regulations that include a set of standards the organization must implement to achieve compliance (i.e., PCI DSS, HIPAAHITECH, ISO/IEC 27001:2013, or NISPOM 5220.22).
4. Use the Appendix C in "Security and Privacy Controls for Federal Information Systems and Organizations,” the two identified laws, and the “ITT-430 Developing Enterprise Framework Template," to map the various standards to the controls within the framework. Refer to the “ITT-430 Developing Enterprise Framework Example.”
5. Map a minimum of two NIST controls per law or regulation. NIST 800-53 controls may duplicate across standards as shown in the Developing Enterprise Framework Example (see SC-13).
6. Complete at least 25 mappings.
7. In the "Notes" column, briefly explain the purpose that all three are trying to achieve. For example, the first row in the example is establishing a policy on risk assessment and the identification and management of threats and vulnerabilities.
8. Research and create a security program framework outline for your fictitious company that aligns to the mission and vision of the company. Your outline should include a table of contents; list the topics your company would need to address in order to resolve the many issues of its business.
9. In 550 words, explain your security framework outline and how it is specific to your company to include as appropriate cyber defense, security controls, and network security. Explain why you chose to include your specific topics and how they will help to secure your company's interests long term.
10. Include at least two references outside of the required reading.
Exccel Spreasheat is uploaded to attachments for this assignment
Developing Enterprise Framework for a Security Program
Student Name
College/University
Course
Professor's Name
Date
Developing Enterprise Framework for a Security Program
Rouge Construction is a construction company with a workforce of over 400 employees. The company is involved in the construction of buildings, bridges, and roads in various locations around the world. Due to the nature of its operations, Rouge Construction is exposed to multiple security threats that may compromise the confidentiality, integrity, and availability of its data and systems. Therefore, the company requires a comprehensive security framework that outlines the necessary measures to mitigate the risks and ensure the safety of its employees, customers, and assets. The paper attempts to assess the security framework for the company.
Cyber Defenses
Cyber defenses are an essential component of the security framework for Rouge Construction. The company's IT infrastructure is vulnerable to cyber-attacks that may result in data breaches, system downtime, and financial losses. Therefore, the company has implemented various measures to prevent and detect cyber threats. One of the critical cyber defenses is the use of firewalls, intrusion detection and prevention systems, and anti-virus software. These tools protect the company's networks and systems from unauthorized access, malware, and other malicious activities. Another critical cyber defense in Rouge Construction is strong authentication and access control mechanisms. The company has implemented multi-factor authentication, such as smart cards and biometrics, to ensure that only authorized personnel can access IT systems and data. Furthermore, the company has implemented role-based access control (RBAC) to restrict access to sensitive data and systems based on the user's job responsibilities and privileges (Leskova et al., 2021).
Security Controls
Rouge Construction has implemented various security controls to ensure its data and systems' confidentiality, integrity, and availability. The company's security controls include access control, auditing and accountability measures, improved employee training and awareness, management of configurations, contingency programs, user identity and authentication measures, media protection, employee security initiatives, program management, assessment of inherent risks, security appraisal and subsequent authorization, system and communication protection, information and systems integrity, as well as acqui...