csf

CSF framework, and the ISO/IEC 27001:2013 certification process to  expand their understanding through the lens of an internal auditor for a  small and medium-sized business. The student may select to address the  scenario from a federal or private sector perspective, but must be sure  to denote which sector is chosen and apply the appropriate logic to the  steps needed to secure compliance.

Scenario

The  federal and private sector organization is considering ISO/IEC  27001:2013 certification and currently holds a Level 3 strategic  alignment organizational alignment maturity (established policies,  procedures, and SOPs). The organization requires additional work to  obtain an optimized state and you have been asked to lead the effort to  get them there.

In a 750- to 1,000-word paper, describe the steps  you would use to help the organization begin to prepare for this  certification. Make sure to address the following:

1. What is the organizational readiness for certification? Review the Strategic Alignment Maturity Model Levels for this portion.
2. How  many members of your internal audit team will you need to perform the  risk assessment? How long will the risk assessment take?
3. What internal technology teams and other key stakeholders will you need to engage?
4. Provide a brief description of the ISO/IEC 27001:2013 or FISMA certification process (dependent on sector type chosen).

Make  sure to reference academic or NIST official publications (most current  year available via the Internet) or other relevant sources published  within the last 5 years.