IT

MIMI206
IntroKeyPapersAssignmentSubmitAssignment-2.docx
Home>Business & Finance homework help>Management homework help>IT

The purpose of this first written assignment is to introduce you to a small set of important documents relevant to cyber defense. The assignment asks you to provide short answers to various questions to demonstrate that you have considered these important documents.

First Written Assignment

Please answer the following questions within a single PDF file and then submit your answers to the Instructor via Canvas. Please identify both the question number and your answer to that question in your submission.

Please research on the web (e.g., via a search engine such as Google (e.g., Wikipedia articles)) to answer the following three questions:

1. Why is ISO 27001 relevant to Cyber Defense?

2. Why is ISO 27002 relevant to Cyber Defense?

3. What is the NIST SP (Special Publication) 800 series and why is it relevant to Cyber Defense? [Note: Background: NIST = US National Institute for Standards and Technology; see http://www.nist.gov

4. (Links to an external site.)

5. ; List of NIST’s cybersecurity-related publications: https://csrc.nist.gov/publications/search?requestserieslist=1&requeststatuslist=1,3&requestdisplayoption=brief&itemsperpage=all&requestsortorder=5

6. (Links to an external site.)

7. [Note: this search produces 4+ pages of content]]

Please use https://en.wikipedia.org/wiki/Security_controls

(Links to an external site.)

to answer the following question:

4. What is a security control?

Please use https://csrc.nist.gov/CSRC/media//Publications/sp/800-53/rev-5/draft/documents/sp800-53r5-draft.pdf

(Links to an external site.)

to answer the following three questions:

5. Table 1 on page 7 (Section 2.2) lists the major security and privacy control families. Are any of the items on this list surprising to you personally? If so, why?

6. Look at the Access Control Family that is listed in Section 3.1 (beginning on page17). Please list the 25 specific access controls mentioned in this section (i.e., list the names of AC-1 through AC-25).

7. Are any of the access controls (i.e., AC-1 through AC-25) surprising to you? If so, why? If not, please explain your background that enabled you to already know all 25 of these access controls.