project

We need Paper on Risk Assessment for the organization (NASA). The risk should be listed in one of the following links.

http://oig.nasa.gov/audits/reports/FY10/IG-10-018-R.pdf

https://oig.nasa.gov/audits/reports/FY14/IG-14-023.pdf

https://oig.nasa.gov/audits/reports/FY17/IG-17-010.pdf

https://oig.nasa.gov/audits/reports/FY17/IG-17-002A.pdf

The following sections are missing:

• Roles: who will respond to the incident and notification/escalation procedures? Who is responsible for writing the IRP?

• Training: specify a training frequency

• Plan testing: How (and how often) will you test the plan?

• Incidents: What defines an “incident”? Define some security incidents that you may encounter on your network.

• Incident Notification: What happens when an incident is detected?

• Reporting/tracking: How will you report and track incidents? What about capturing “lessons learned”?