Cyber
Need Help with a question.
3 years ago
30
Wk4_407T.docx
Wk4_407SW.docx
Wk4_407T.docx
Assessment and Monitoring Tools
ou have become familiar with the HSR Toolkit to track progress on the selected security controls in order to assist with conducting a risk assessment. After the risk assessment is conducted and documented in a Security Assessment Report (SAR), the implemented security controls must be monitored.
Research the various administrative tools (HSR Toolkit is one) and technical security monitoring tools (i.e., code scanners, vulnerability scanners, etc.) that help validate the effectiveness of implemented security controls.
Develop a 1-page listing using Microsoft® Word of at least two administrative and technical tools that are available to support control monitoring.
The listing should include:
· A description of each tool
· An explanation of how each tool assists with measuring control effectiveness and mitigating risks
Wk4_407SW.docx
Assessing Security Controls and Risk
Based on the Assignment Scenario, determine the risk associated with the vulnerabilities. Use NIST SP 800-30 to calculate the risks for each vulnerability.
Part 1 – Report Risk
Develop a 2- to -3-page Security Assessment Report (SAR) using the Wk 4 Assignment Template . The Security Assessment Report (SAR) should include the following for each vulnerability:
· Vulnerability title
· A precise vulnerability description
· Likelihood
· Impact
· Overall risk level
· Logical recommendations for mitigation
Part 2 – Communicate the Risk to Leadership
Develop a 10- to 12-slide Microsoft® PowerPoint® presentation documenting the risks for each vulnerability to be presented to the leadership of Health Coverage Associates.
The presentation should include:
· An introduction slide
· A description of each of the three vulnerabilities
· An accurate illustration of the NIST SP-30 5x5 matrices
· A description of the likelihood and impact, with a justification of that determination (e.g., very low, low, moderate, high, very high)
· An illustration of the overall, high watermark level of risk (e.g., very low, low, moderate, high, very high)
· A logical recommendation for mitigation actions, including an explanation of risk tolerance and risk acceptance for the organization
· A conclusion slide
· Detailed speaker notes
Be sure to include supportive graphics and appropriate backgrounds and styles. All references need to adhere to APA guidelines. Images should not be copied, unless author permission is obtained or copyright-free images are used.
Note: Other applications like Adobe® Spark® or Microsoft® Sway® or Mix can be used instead of Microsoft® PowerPoint®.