APPLYING IMPLEMENTATION PRINCIPLES FOR SECURITY RISK MANAGEMENT METHODS
The Risk Management Framework for Information Systems and Organization published by the NIST is applicable for people and organizations to use in order to make security decisions about technology. However, there is no one-size-fits-all use case. As the security professional, you will need to make sensible decisions about how to apply such principles in the context of the goals set by your organization.
RESOURCES
Be sure to review the Learning Resources before completing this activity.
Click the weekly resources link to access the resources.
WEEKLY RESOURCES
BY DAY 7
Submit a 2- to 4-page paper in APA format in which you:
• Provide an in-depth analysis with examples of how the NIST Risk Management FrameworkLinks to an external site.principles are used (or not used) in your current professional environment or in a professional environment with which you are familiar.
• Make critical suggestions on how some of these principles could be better applied.
Refer to the Week 1 Assignment Rubric for specific grading elements and criteria. Your Instructor will use this grading rubric to assess your work.
Your document should be 2–4 pages (not including the list of references), but it is the quality of the work that is important, not the number of pages. Cite and reference all sources using APA format and style guidelines and submit in a single document.
SUBMISSION INFORMATION
Before submitting your final assignment, you can check your draft for authenticity. To check your draft, access the Turnitin Drafts from the Start Here area.
1. To submit your completed assignment, save your Assignment as WK1Assgn_LastName_FirstInitial
2. Then, click on Start Assignment near the top of the page.
3. Next, click on Upload File and select Submit Assignment for review.
Rubric
MCYB_6215_Week1_Assignment_Rubric
MCYB_6215_Week1_Assignment_Rubric
Criteria Ratings Pts
This criterion is linked to a Learning OutcomeCriterion
Element 1: Use of NIST Risk Management Framework Principles 20 ptsMastery CriteriaStudent provides a thorough and detailed analysis of how the NIST Risk Management Framework principles are used (or not used) in their current professional environment or in a professional environment with which they are familiar. Several examples and resources support thinking.
18.6 ptsExceptional CriteriaStudent provides a detailed analysis of how the NIST Risk Management Framework principles are used (or not used) in their current professional environment or in a professional environment with which they are familiar. Several examples or resources support thinking. There are one or two minor errors or details missing.
17 ptsCompetent CriteriaStudent provides an analysis of how the NIST Risk Management Framework principles are used (or not used) in their current professional environment or in a professional environment with which they are familiar. Some examples or resources support thinking. Some details are missing and/or not fully developed.
15 ptsDeveloping CriteriaStudent provides a cursory or incomplete analysis of how the NIST Risk Management Framework principles are used (or not used) in their current professional environment or in a professional environment with which they are familiar. Few examples or resources support thinking. Most details are missing or lack clarity.
10 ptsUnacceptable CriteriaStudent provides an incomplete or cursory analysis that does not directly address this element and/or meet minimal requirements.
0 ptsNot SubmittedStudent did not submit this element. 20 pts
This criterion is linked to a Learning OutcomeCriterion
Element 2: Application of NIST Risk Management Framework Principles 20 ptsMastery CriteriaStudent provides several thorough and detailed critical suggestions on how many of these principles could be better applied. Several examples and resources support thinking.
18.6 ptsExceptional CriteriaStudent provides several detailed critical suggestions on how some of these principles could be better applied. Several examples or resources support thinking. There are one or two minor errors or details missing.
17 ptsCompetent CriteriaStudent provides critical suggestions on how some of these principles could be better applied. Some examples or resources support thinking. Some details are missing and/or not fully developed.
15 ptsDeveloping CriteriaStudent provides cursory or incomplete suggestions on how some of these principles could be better applied. Few examples or resources support thinking. Most details are missing or lack clarity.
10 ptsUnacceptable CriteriaStudent provides incomplete or cursory suggestions that do not directly address this element and/or meet minimal requirements.
0 ptsNot SubmittedStudent did not submit this element. 20 pts
This criterion is linked to a Learning OutcomeCriterion
Element 3: Form and Style 10 ptsMastery CriteriaStudent demonstrates thorough organization and writing skills by consistently applying APA format and style. Writing is well organized and grammatically correct, including complete sentences that are free of spelling errors. A reference list with a variety of scholarly sources is provided, using APA formatting, and it matches the citations in the text.
9.3 ptsExceptional CriteriaStudent demonstrates thorough organization and writing skills by consistently applying APA format and style. Writing is well organized and grammatically correct, including complete sentences that are free of spelling errors. A reference list with a variety of scholarly sources is provided, using APA formatting, and it matches the citations in the text, but with one or two minor errors.
8.5 ptsCompetent CriteriaStudent demonstrates organization and writing skills by mostly applying APA format and style. Writing is well organized and mostly grammatically correct, including complete sentences that are mostly free of spelling errors. While a reference list is provided and includes a variety of resources, APA formatting may be incorrect, or the list may not match the citations in the text.
7.5 ptsDeveloping CriteriaStudent made a cursory attempt to address but there are numerous errors, writing is difficult to read, and/or no reference list is provided.
5 ptsUnacceptable CriteriaStudent submission does not adhere to the writing expectations.
0 ptsNot SubmittedStudent did not submit this element. 10 pts
LEARNING RESOURCES
Required Readings
• National Institute of Standards and Technology. (2018, December). Risk management framework for information systems and organizations: A system life cycle approach for security and privacy (Special Publication 800-37, Revision 2)Links to an external site.. U.S. Department of Commerce. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-37r2.pdf
o Chapter 2, pp. 6-20
Required Media
• Walden University, LLC. (2018). Definitions of asset, risk, threat, vulnerability [Video]. Walden University Canvas. https://waldenu.instructure.com
Note: The approximate length of this media piece is 4 minutes.
• Walden University, LLC. (2018). NIST 800-39 SRM fundamentals [Video]. Walden University Canvas. https://waldenu.instructure.com
Note: The approximate length of this media piece is 7 minutes.
Optional Resources
• National Institute of Standards and Technology. (2011). Managing information security risk: Organization, mission, and information system view (Special Publication 800-39)Links to an external site.. U.S. Department of Commerce. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-39.pdf
• Federal Financial Institutions Examination Council. (2023). Cybersecurity assessment toolLinks to an external site.. https://www.ffiec.gov/cyberassessmenttool.htm
• Federal Financial Institutions Examination Council. (2017). Cybersecurity assessment tool: User’s guideLinks to an external site.. https://www.ffiec.gov/pdf/cybersecurity/FFIEC_CAT_May_2017_Users_Guide_June2.pdf
• Federal Financial Institutions Examination Council. (2017). FFIEC cLinks to an external site.ybersecurity assessment tool: Overview for chief executive officers and boards of directorsLinks to an external site.. https://www.ffiec.gov/pdf/cybersecurity/FFIEC_CAT_CEO_Board_Overview_June_2015_PDF1.pdf
• Federal Financial Institutions Examination Council. (2017). FFIEC cybersecurity assessment tool: Cybersecurity maturity: Doman 1Links to an external site.. https://www.ffiec.gov/pdf/cybersecurity/FFIEC_CAT_May_2017_Cybersecurity_Maturity.pdf
• Federal Financial Institutions Examination Council. (2017). FFIEC cybersecurity assessment tool: Inherent risk profileLinks to an external site.. https://www.ffiec.gov/pdf/cybersecurity/FFIEC_CAT_May_2017_Inherent_Risk_Profile.pdf