Why is a separate System Security Plan SSP required for each Review the Red Clay Renovations company profile, the project #3 description, and the weekly re

Why is a separate System Security Plan SSP required for each Review the Red Clay Renovations company profile, the project #3 description, and the weekly readings before responding to this question.

Prepare a one page briefing statement (3 to 5 paragraphs) for the company’s Corporate Board. This statement should answer the question: “Why is a separate System Security Plan (SSP) required for each field office?” (Or, put another way “Why doesn’t one size fits all work for SSP’s?”)

Don't use plagiarized sources. Get Your Custom Essay on
Why is a separate System Security Plan SSP required for each Review the Red Clay Renovations company profile, the project #3 description, and the weekly re
Just from $13/Page
Order Essay

Do not assume that all members of the board are familiar with the purpose and contents of an SSP. Nor, will they be familiar with enterprise architectures and the details of the IT infrastructure for the field office.

Provide specific information about “the company” in your briefing statement. (Customize your briefing for THIS company.)

Provide in-text citations and references for 3 or more authoritative sources. Put the reference list at the end of your posting. Project #3: IT Security Controls Baseline for Red Clay Renovations
To ensure compatibility with existing policy and documentation, Red Clay Renovations’ IT Security
policies, plans, and procedures will continue to use the following security control classes (management,
operational, technical), as defined in NIST SP 800-53 rev 3 (p. 6).
Security Controls Baseline
Red Clay Renovations Security Controls Baseline shall include the security controls listed below. Security
control definitions and implementation guidance shall be obtained from the most recent version of NIST
Special Publication 800-53, Security and Privacy Controls for Federal Information Systems and
Organizations.
1. AC: Access Controls (Technical Controls Category)
AC-1
AC-2
AC-3
AC-4
AC-5
AC-6
AC-7
AC-8
AC-11
AC-12
Access Control Policy and Procedures
Account Management
Access Enforcement
Information Flow Enforcement
Separation of Duties
Least Privilege
Unsuccessful Logon Attempts
System Use Notification
Session Lock
Session Termination
AC-1
AC-2 (1) (2) (3) (4)
AC-3
AC-4
AC-5
AC-6 (1) (2) (5) (9) (10)
AC-7
AC-8
AC-11 (1)
AC-12
AC-14
Permitted Actions without Identification or
AC-14
Authentication
AC-17
Remote Access
AC-17 (1) (2) (3) (4)
AC-18
Wireless Access
AC-18 (1)
AC-19
Access Control for Mobile Devices
AC-19 (5)
AC-20
Use of External Information Systems
AC-20 (1) (2)
AC-21
Information Sharing
AC-21
AC-22
Publicly Accessible Content
AC-22
2. AT: Awareness and Training (Operational Controls Category)
AT-1
AT-2
AT-3
AT-4
Security Awareness and Training Policy and
Procedures
Security Awareness Training
Role-Based Security Training
Security Training Records
AT-1
AT-2 (2)
AT-3
AT-4
3. AU: Audit and Accountability (Technical Controls Category)
AU-1
AU-2
AU-3
AU-4
AU-5
AU-6
AU-7
AU-8
AU-9
AU-10
AU-11
AU-12
Audit and Accountability Policy and Procedures
Audit Events
Content of Audit Records
Audit Storage Capacity
Response to Audit Processing Failures
Audit Review, Analysis, and Reporting
Audit Reduction and Report Generation
Time Stamps
Protection of Audit Information
Non-repudiation
Audit Record Retention
Audit Generation
AU-1
AU-2 (3)
AU-3 (1)
AU-4
AU-5
AU-6 (1) (3)
AU-7 (1)
AU-8 (1)
AU-9 (4)
Not Selected
AU-11
AU-12
4. CA: Security Assessment and Authorization (Management Controls Category)
CA-1
CA-2
CA-3
CA-5
CA-6
CA-7
CA-9
Security Assessment and Authorization Policies and
Procedures
Security Assessments
System Interconnections
Plan of Action and Milestones
Security Authorization
Continuous Monitoring
Internal System Connections
CA-1
CA-2 (1)
CA-3 (5)
CA-5
CA-6
CA-7 (1)
CA-9
5. CM: Configuration Management (Operational Controls Category)
CM-1
CM-2
CM-3
CM-4
CM-5
CM-6
CM-7
Configuration Management Policy and Procedures
Baseline Configuration
Configuration Change Control
Security Impact Analysis
Access Restrictions for Change
Configuration Settings
Least Functionality
CM-1
CM-2 (1) (3) (7)
CM-3 (2)
CM-4
CM-5
CM-6
CM-7 (1) (2) (4)
CM-8
CM-9
CM-10
CM-11
Information System Component Inventory
Configuration Management Plan
Software Usage Restrictions
User-Installed Software
CM-8 (1) (3) (5)
CM-9
CM-10
CM-11
6. Contingency Planning (Operational Controls Category)
CP-1
CP-2
CP-3
CP-4
CP-5
CP-6
CP-7
CP-8
CP-9
CP-10
Contingency Planning Policy and Procedures
Contingency Plan
Contingency Training
Contingency Plan Testing
Withdrawn
Alternate Storage Site
Alternate Processing Site
Telecommunications Services
Information System Backup
Information System Recovery and Reconstitution
CP-1
CP-2 (1) (3) (8)
CP-3
CP-4 (1)
–CP-6 (1) (3)
CP-7 (1) (2) (3)
CP-8 (1) (2)
CP-9 (1)
CP-10 (2)
7. IA: Identification and Authentication (Technical Controls Category)
IA-1
IA-2
IA-3
IA-4
IA-5
IA-6
IA-7
IA-8
Identification and Authentication Policy and
Procedures
Identification and Authentication (Organizational
Users)
Device Identification and Authentication
Identifier Management
Authenticator Management
Authenticator Feedback
Cryptographic Module Authentication
Identification and Authentication (Non-Organizational
Users)
IA-1
IA-2 (1) (2) (3) (8) (11) (12)
IA-3
IA-4
IA-5 (1) (2) (3) (11)
IA-6
IA-7
IA-8 (1) (2) (3) (4)
8. IR: Incident Response (Operational Controls Category)
IR-1
IR-2
IR-3
IR-4
IR-5
IR-6
IR-7
IR-8
Incident Response Policy and Procedures
Incident Response Training
Incident Response Testing
Incident Handling
Incident Monitoring
Incident Reporting
Incident Response Assistance
Incident Response Plan
IR-1
IR-2
IR-3 (2)
IR-4 (1)
IR-5
IR-6 (1)
IR-7 (1)
IR-8
9. MA: Maintenance (Operational Controls Category)
MA-1
MA-2
MA-3
System Maintenance Policy and Procedures
Controlled Maintenance
Maintenance Tools
MA-1
MA-2
MA-3 (1) (2)
MA-4
MA-5
Nonlocal Maintenance
Maintenance Personnel
MA-4 (2)
MA-5
10. MP: Media Protection (Operational Controls Category)
MP-1
MP-2
MP-3
MP-4
MP-5
MP-6
MP-7
Media Protection Policy and Procedures
Media Access
Media Marking
Media Storage
Media Transport
Media Sanitization
Media Use
MP-1
MP-2
MP-3
MP-4
MP-5 (4)
MP-6
MP-7 (1)
11. PE: Physical and Environmental Protection (Operational Controls Category)
PE-1
PE-2
PE-3
PE-4
PE-5
PE-6
PE-8
PE-9
PE-10
PE-11
PE-12
PE-13
PE-14
PE-15
PE-16
PE-17
Physical and Environmental Protection Policy and
Procedures
Physical Access Authorizations
Physical Access Control
Access Control for Transmission Medium
Access Control for Output Devices
Monitoring Physical Access
Visitor Access Records
Power Equipment and Cabling
Emergency Shutoff
Emergency Power
Emergency Lighting
Fire Protection
Temperature and Humidity Controls
Water Damage Protection
Delivery and Removal
Alternate Work Site
PE-1
PE-2
PE-3
PE-4
PE-5
PE-6 (1)
PE-8
PE-9
PE-10
PE-11
PE-12
PE-13 (3)
PE-14
PE-15
PE-16
PE-17
12. PL: Planning (Management Controls Category)
PL-1
PL-2
PL-4
PL-8
Security Planning Policy and Procedures
System Security Plan
Rules of Behavior
Information Security Architecture
PL-1
PL-2 (3)
PL-4 (1)
PL-8
13. PS: Personnel Security (Operational Controls Category)
PS-1
PS-2
Personnel Security Policy and Procedures
Position Risk Designation
PS-1
PS-2
PS-3
PS-4
PS-5
PS-6
PS-7
PS-8
Personnel Screening
Personnel Termination
Personnel Transfer
Access Agreements
Third-Party Personnel Security
Personnel Sanctions
PS-3
PS-4
PS-5
PS-6
PS-7
PS-8
14. RA: Risk Assessment (Management Controls Category)
RA-1
RA-2
RA-3
RA-5
Risk Assessment Policy and Procedures
Security Categorization
Risk Assessment
Vulnerability Scanning
RA-1
RA-2
RA-3
RA-5 (1) (2) (5)
15. SA: System and Services Acquisition (Management Controls Category)
SA-1
SA-2
SA-3
SA-4
SA-5
SA-8
SA-9
SA-10
SA-11
System and Services Acquisition Policy and Procedures
Allocation of Resources
System Development Life Cycle
Acquisition Process
Information System Documentation
Security Engineering Principles
External Information System Services
Developer Configuration Management
Developer Security Testing and Evaluation
SA-1
SA-2
SA-3
SA-4 (1) (2) (9) (10)
SA-5
SA-8
SA-9 (2)
SA-10
SA-11
16. SC: System and Communications Protection (Technical Controls Category)
SC-1
SC-5
SC-7
SC-8
SC-18
SC-19
SC-28
SC-39
System and Communications Protection Policy and
Procedures
Denial of Service Protection
Boundary Protection
Transmission Confidentiality
Mobile Code
Voice Over Internet Protocol
Protection of Information at Rest
Process Isolation
SC-1
SC-5
SC-7
SC-8
SC-18
SC-19
SC-28
SC-39
17. SI: System and Information Integrity (Operational Controls Category)
SI-1
SI-2
SI-3
SI-4
SI-5
SI-7
SI-8
SI-10
System and Information Integrity Policy and Procedures
Flaw Remediation
Malicious Code Protection
Information System Monitoring
Security Alerts, Advisories, and Directives
Software, Firmware, and Information Integrity
Spam Protection
Information Input Validation
SI-1
SI-2 (2)
SI-3 (1) (2)
SI-4 (2) (4) (5)
SI-5
SI-7 (1) (7)
SI-8 (1) (2)
SI-10
SI-11
SI-12
SI-16
Error Handling
Information Handling and Retention
Memory Protection
SI-11
SI-12
SI-16
18. PM: Program Management (Management Controls Family)
PM-1
PM-2
PM-3
PM-4
PM-5
PM-6
PM-7
PM-8
PM-9
PM-10
PM-11
PM-12
PM-13
PM-14
PM-15
PM-16
Information Security Program Plan
Senior Information Security Officer
Information Security Resources
Plan of Action and Milestones Process
Information System Inventory
Information Security Measures of Performance
Enterprise Architecture
Critical Infrastructure Plan
Risk Management Strategy
Security Authorization Process
Mission/Business Process Definition
Insider Threat Program
Information Security Workforce
Testing, Training, and Monitoring
Contacts with Security Groups and Associations
Threat Awareness Program
all
all
all
all
all
all
all
all
all
all
all
all
all
all
all
all
Information System Security Plan
1. Information System Name/Title:
• Unique identifier and name given to the system. [use information from the case study]
2. Information System Categorization:
• Identify the appropriate system categorization [use the information from the case study].
3. Information System Owner:
• Name, title, agency, address, email address, and phone number of person who owns the system.
[Use the field office manager]
4. Authorizing Official:
• Name, title, agency, address, email address, and phone number of the senior management
official designated as the authorizing official. [Use the company’s Chief Information
Officer.]
5. Other Designated Contacts:
• List other key personnel, if applicable; include their title, address, email address, and phone
number. [include the CISO, the ISSO, and other individuals from the case study, if
appropriate]
6. Assignment of Security Responsibility:
• Name, title, address, email address, and phone number of person who is responsible for the
security of the system. [use the case study information]
7. Information System Operational Status:
• Indicate the operational status of the system. If more than one status is selected, list which part
of the system is covered under each status. [Use the case study information.]
8.0 Information System Type:
• Indicate if the system is a major application or a general support system. If the system contains
minor applications, list them in Section 9. General System Description/Purpose. [use the case
study information]
9.0 General System Description/Purpose
• Describe the function or purpose of the system and the information processes. [use the case
study information]
10. System Environment
• Provide a general description of the technical system. Include the primary hardware, software,
and communications equipment.
[use the case study information and diagrams. Add brand names, equipment types as required (if
not provided in the case study)]
11. System Interconnections/Information Sharing
1
Information System Security Plan
• List interconnected systems and system identifiers (if appropriate), provide the system name,
owning or providing organization, system type (major application or general support system)
… add a fictional date of agreement to interconnect, and the name of the authorizing official.
12. Related Laws/Regulations/Policies
• List any laws or regulations that establish specific requirements for the confidentiality,
integrity, or availability of the data in the system.
13. Minimum Security Controls
Use the security controls baseline as provided for this assignment. Include descriptive paragraphs for
each section. Cut and paste the tables from the provided security controls baseline to add the
individual security controls under each section. Use the sections and sub-sections as listed below.
13.1 Management Controls
[provide a descriptive paragraph – DO NOT COPY TEXT FROM OTHER DOCUMENTS]
13.1.1 [first control family]
[provide a descriptive paragraph – DO NOT COPY TEXT FROM OTHER DOCUMENTS]
13.1.2 [second control family]
…………
13.2 Operational Controls
[provide a descriptive paragraph – DO NOT COPY TEXT FROM OTHER DOCUMENTS]
13.2.1 [first control family]
13.2.2 [second control family]
…………..
13.3 Technical Controls
[provide a descriptive paragraph – DO NOT COPY TEXT FROM OTHER DOCUMENTS]
13.3.1 [ first control family]
13.3.2 [ second control family]
…………
Example:
2
Information System Security Plan
14. Information System Security Plan Completion Date: _____________________
• Enter the completion date of the plan.
15. Information System Security Plan Approval Date: _______________________
• Enter the date the system security plan was approved and indicate if the approval
documentation is attached or on file.
3

Purchase answer to see full
attachment

Homework Market Pro
Calculate your paper price
Pages (550 words)
Approximate price: -

Our Unique Features

Custom Papers Means Custom Papers

This is what custom writing means to us: Your essay starts from scratch. Plagiarism is unacceptable. We demand the originality of our academic essay writers and they only deliver authentic and original papers. 100% guaranteed! If your final version is not as expected, we will revise it immediately.

Qualified and Experienced Essay Writers

Our team consists of carefully selected writers with in-depth expertise. Each writer in our team is selected based on their writing skills and experience. Each team member is able to provide plagiarism-free, authentic and high-quality content within a short turnaround time.

Free Unlimited Revisions

If you think we missed something, send your order for a free revision. You have 10 days to submit the order for review after you have received the final document. You can do this yourself after logging into your personal account or by contacting our support.

Prompt Delivery and 100% Assuarance

We understand you. Spending your hard earned money on a writing service is a big deal. It is a big investment and it is difficult to make the decision. That is why we support our claims with guarantees. We want you to be reassured as soon as you place your order. Here are our guarantees: Your deadlines are important to us. When ordering, please note that delivery will take place no later than the expiry date.

100% Originality & Confidentiality

Every paper we write for every order is 100% original. To support this, we would be happy to provide you with a plagiarism analysis report on request.We use several writing tools checks to ensure that all documents you receive are free from plagiarism. Our editors carefully review all quotations in the text. We also promise maximum confidentiality in all of our services.

24/7 Customer Support

We help students, business professionals and job seekers around the world in multiple time zones. We also understand that students often keep crazy schedules. No problem. We are there for you around the clock. If you need help at any time, please contact us. An agent is always available for you.

Try it now!

Calculate the price of your order

Total price:
$0.00

How it works?

Follow these simple steps to get your paper done

Place your order

Fill in the order form and provide all details of your assignment.

Proceed with the payment

Choose the payment system that suits you most.

Receive the final file

Once your paper is ready, we will email it to you.

Our Services

Our services are second to none. Every time you place an order, you get a personal and original paper of the highest quality.

Essays

Essay Writing Service

While a college paper is the most common order we receive, we want you to understand that we have college writers for virtually everything, including: High school and college essays Papers, book reviews, case studies, lab reports, tests All graduate level projects, including theses and dissertations Admissions and scholarship essays Resumes and CV’s Web content, copywriting, blogs, articles Business writing – reports, marketing material, white papers Research and data collection/analysis of any type.

Admissions

Any Kind of Essay Writing!

Whether you are a high school student struggling with writing five-paragraph essays, an undergraduate management student stressing over a research paper, or a graduate student in the middle of a thesis or dissertation, homeworkmarketpro.com has a writer for you. We can also provide admissions or scholarship essays, a resume or CV, as well as web content or articles. Writing an essay for college admission takes a certain kind of writer. They have to be knowledgeable about your subject and be able to grasp the purpose of the essay.

Reviews

Quality Check and Editing Support

Every paper is subject to a strict editorial and revision process. This is to ensure that your document is complete and accurate and that all of your instructions have been followed carefully including creating reference lists in the formats APA, Harvard, MLA, Chicago / Turabian.

Reviews

Prices and Discounts

We are happy to say that we offer some of the most competitive prices in this industry. Since many of our customers are students, job seekers and small entrepreneurs, we know that money is a problem. Therefore, you will find better prices with us compared to writing services of this calibre.