{"id":7209,"date":"2023-03-03T00:33:54","date_gmt":"2023-03-03T00:33:54","guid":{"rendered":"https:\/\/www.goodacademic.com\/blog\/questions\/complete-according-to-guideline\/"},"modified":"2023-03-03T00:33:54","modified_gmt":"2023-03-03T00:33:54","slug":"complete-according-to-guideline","status":"publish","type":"questions","link":"https:\/\/www.goodacademic.com\/blog\/questions\/complete-according-to-guideline\/","title":{"rendered":"complete according to guideline"},"content":{"rendered":"<div class=\"col-sm-12 messageContent\">\n <b>Learning Goal: <\/b>I&#8217;m working on a cyber security discussion question and need a sample draft to help me learn.<\/p>\n<p>In the book, we saw a number of ways to treat unacceptable risk in an organization.\u00e2\u20ac\u00afOne approach for risk treatment is the NIST Risk Management Framework (RMF) outlined in SP 800-30, 37, and 39. The purpose of this assignment is to apply the NIST RMF to a specific situation to see how it fits in an organization.<\/p>\n<h2>Before You Get Started<\/h2>\n<p>Use the following resources to complete the assignment:<\/p>\n<ul>\n<li><span class=\"instructure_file_holder link_holder instructure_file_link_holder\"><a id=\"49588780\" class=\"inline_disabled preview_in_overlay\" href=\"https:\/\/uws.instructure.com\/courses\/527604\/files\/49588780?wrap=1\" target=\"_blank\" data-canvas-previewable=\"true\" data-api-endpoint=\"https:\/\/uwsa.instructure.com\/api\/v1\/courses\/527604\/files\/49588780\" data-api-returntype=\"File\" rel=\"noopener\">NIST SP 800-30: Guide for Conducting Risk Assessments<\/a><a class=\"file_download_btn\" role=\"button\" download=\"\" href=\"https:\/\/uws.instructure.com\/courses\/527604\/files\/49588780\/download?download_frd=1\"><br \/>\n     <svg viewbox=\"\">\n      <path><\/path>\n     <\/svg><span class=\"screenreader-only\">Download NIST SP 800-30: Guide for Conducting Risk Assessments<\/span><\/a><\/span><\/li>\n<li><span class=\"instructure_file_holder link_holder instructure_file_link_holder\"><a id=\"49588782\" class=\"inline_disabled preview_in_overlay\" href=\"https:\/\/uws.instructure.com\/courses\/527604\/files\/49588782?wrap=1\" target=\"_blank\" data-canvas-previewable=\"true\" data-api-endpoint=\"https:\/\/uwsa.instructure.com\/api\/v1\/courses\/527604\/files\/49588782\" data-api-returntype=\"File\" rel=\"noopener\">NIST SP 800-39: Managing Information Security Risk: Organization, Mission, and Information System View<\/a><a class=\"file_download_btn\" role=\"button\" download=\"\" href=\"https:\/\/uws.instructure.com\/courses\/527604\/files\/49588782\/download?download_frd=1\"><br \/>\n     <svg viewbox=\"\">\n      <path><\/path>\n     <\/svg><span class=\"screenreader-only\">Download NIST SP 800-39: Managing Information Security Risk: Organization, Mission, and Information System View<\/span><\/a><\/span><\/li>\n<li><span class=\"instructure_file_holder link_holder instructure_file_link_holder\"><a id=\"49588781\" class=\"inline_disabled preview_in_overlay\" href=\"https:\/\/uws.instructure.com\/courses\/527604\/files\/49588781?wrap=1\" target=\"_blank\" data-canvas-previewable=\"true\" data-api-endpoint=\"https:\/\/uwsa.instructure.com\/api\/v1\/courses\/527604\/files\/49588781\" data-api-returntype=\"File\" rel=\"noopener\">NIST SP 800-37: Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy<\/a><a class=\"file_download_btn\" role=\"button\" download=\"\" href=\"https:\/\/uws.instructure.com\/courses\/527604\/files\/49588781\/download?download_frd=1\"><br \/>\n     <svg viewbox=\"\">\n      <path><\/path>\n     <\/svg><span class=\"screenreader-only\">Download NIST SP 800-37: Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy<\/span><\/a><\/span><\/li>\n<\/ul>\n<hr>\n<h2>Instructions<\/h2>\n<h3>Scenario<\/h3>\n<p>Our organization, Nadir Tools Inc., makes power tools, and although security is usually vigilant, the Sales team managed to bypass the normal process in purchasing to buy a large screen for a special presentation to potential customers. As a result, neither IT nor Security personnel were aware that a Wi-Fi enabled screen had been in the Sales Demo area for the last week until unusual network traffic coming from the screen was detected by a member of the networking team.<\/p>\n<p>You have been tasked with applying the NIST Risk Management Framework to the whole situation. The CISO wants to figure out how to mitigate the current situation and also how the entire situation could have been avoided in the first place.<\/p>\n<p>Please do the following:<\/p>\n<ol>\n<li>Considering the mitigation process in the above scenario, pick the most relevant task from <em>each <\/em>of the Tables E-1 to E-7 on pages 145-138 of the NIST SP 800-37 document, and explain why the task you picked was the most relevant one from each table. You can make reasonable assumptions about the organizational structure of Nadir Tools Inc. and about its current security arrangements as long as you spell out your assumptions.<\/li>\n<li>Explain which two tasks from these tables will be the most important as you come up with a plan for avoiding a repeat of the scenario in the future. What did you take into account when selecting these two tasks?<\/li>\n<\/ol>\n<p><span class=\"label warning\">TIP<\/span> The various steps of the NIST RMF are summarized in Tables E-1 to E-7 on pages 145-138 of the NIST SP 800-37 document. There are links that take you back to earlier parts of the document where the specific tasks are spelled out.<\/p>\n<p>For example, on page 131 we see Table E-3, and when we click on the \u00e2\u20ac\u0153Task S-1\u00e2\u20ac\ufffd link, we are taken to page 50 where this task is described in more detail. Clicking on the \u00e2\u20ac\u0153Task S-2\u00e2\u20ac\ufffd link in Table E-3 on page 131 takes us to the description starting on page 51 and so on.<\/p>\n<h3>Additional Details<\/h3>\n<ul>\n<li>Format: Microsoft Word (or compatible)<\/li>\n<li>Font: Arial, 12-point<\/li>\n<li>Citation style: APA<\/li>\n<li>Suggested length: At least 3 pages, which can vary depending on your presentation of the content<\/li>\n<\/ul>\n<hr>\n<h2>Evaluation<\/h2>\n<p><span class=\"label warning\">TIP<\/span> Refer to the grading rubric attached to this assignment for further details.<\/p>\n<p>Submit your work by the due date in the course calendar.<\/p>\n<h2>Rubric<\/h2>\n<p><span class=\"title\">Assignment: Risk Treatment<\/span><\/p>\n<table class=\"rubric_table\">\n<caption>\n<p><span class=\"title\">Assignment: Risk Treatment<\/span><\/p>\n<\/caption>\n<thead>\n<tr>\n<th>Criteria<\/th>\n<th>Ratings<\/th>\n<th>Pts<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>\n<p><span class=\"outcome_sr_content\"><span class=\"screenreader-only\">This criterion is linked to a Learning Outcome<\/span><\/span><span class=\"description description_title\">Apply components of the NIST RMF to the mitigation process for an event.<\/span><\/p>\n<\/td>\n<td>\n<table class=\"ratings\">\n<tbody>\n<tr>\n<td><span class=\"nobr toggle_for_hide_points \"><span class=\"points\">15<\/span> <span class=\"range_rating\">to &gt;<span class=\"min_points\">12.0<\/span><\/span> pts<\/span><\/p>\n<p>Meets Expectations<\/p>\n<p>At least 7 tasks were chosen from the various steps of the NIST RMF and explained<\/p>\n<\/td>\n<td><span class=\"nobr toggle_for_hide_points \"><span class=\"points\">12<\/span> <span class=\"range_rating\">to &gt;<span class=\"min_points\">3.0<\/span><\/span> pts<\/span><\/p>\n<p>Partially Meets Expectations<\/p>\n<p>Tasks were only partly explained or fewer than 7 were chosen.<\/p>\n<\/td>\n<td><span class=\"nobr toggle_for_hide_points \"><span class=\"points\">3<\/span> <span class=\"range_rating\">to &gt;<span class=\"min_points\">0<\/span><\/span> pts<\/span><\/p>\n<p>Does Not Meet Expectations<\/p>\n<p>No tasks were chosen or explained<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<td>\n<p><span class=\"display_criterion_points\">15<\/span> pts<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td>\n<p><span class=\"outcome_sr_content\"><span class=\"screenreader-only\">This criterion is linked to a Learning Outcome<\/span><\/span><span class=\"description description_title\">Apply components of the NIST RMF to prevent a repeat of the event<\/span><\/p>\n<\/td>\n<td>\n<table class=\"ratings\">\n<tbody>\n<tr>\n<td><span class=\"nobr toggle_for_hide_points \"><span class=\"points\">15<\/span> <span class=\"range_rating\">to &gt;<span class=\"min_points\">12.0<\/span><\/span> pts<\/span><\/p>\n<p>Meets Expectations<\/p>\n<p>At least 7 tasks chosen from the various steps of the NIST RMF and explained<\/p>\n<\/td>\n<td><span class=\"nobr toggle_for_hide_points \"><span class=\"points\">12<\/span> <span class=\"range_rating\">to &gt;<span class=\"min_points\">3.0<\/span><\/span> pts<\/span><\/p>\n<p>Partially Meets Expectations<\/p>\n<p>Tasks were only partly explained or fewer than 7 were chosen<\/p>\n<\/td>\n<td><span class=\"nobr toggle_for_hide_points \"><span class=\"points\">3<\/span> <span class=\"range_rating\">to &gt;<span class=\"min_points\">0<\/span><\/span> pts<\/span><\/p>\n<p>Does Not Meet Expectations<\/p>\n<p>No tasks were chosen or explained<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<td>\n<p><span class=\"display_criterion_points\">15<\/span> pts<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td colspan=\"4\">\n<p>Total Points: <span class=\"rubric_total\">30<\/span><\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Learning Goal: I&#8217;m working on a cyber security discussion question and need a sample draft to help me learn. In the book, we saw a number of ways to treat unacceptable risk in an organization.\u00e2\u20ac\u00afOne approach for risk treatment is the NIST Risk Management Framework (RMF) outlined in SP 800-30, 37, and 39. The purpose [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"closed","template":"","meta":[],"disciplines":[718],"paper_types":[],"tagged":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.goodacademic.com\/blog\/wp-json\/wp\/v2\/questions\/7209"}],"collection":[{"href":"https:\/\/www.goodacademic.com\/blog\/wp-json\/wp\/v2\/questions"}],"about":[{"href":"https:\/\/www.goodacademic.com\/blog\/wp-json\/wp\/v2\/types\/questions"}],"author":[{"embeddable":true,"href":"https:\/\/www.goodacademic.com\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.goodacademic.com\/blog\/wp-json\/wp\/v2\/comments?post=7209"}],"version-history":[{"count":0,"href":"https:\/\/www.goodacademic.com\/blog\/wp-json\/wp\/v2\/questions\/7209\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.goodacademic.com\/blog\/wp-json\/wp\/v2\/media?parent=7209"}],"wp:term":[{"taxonomy":"disciplines","embeddable":true,"href":"https:\/\/www.goodacademic.com\/blog\/wp-json\/wp\/v2\/disciplines?post=7209"},{"taxonomy":"paper_types","embeddable":true,"href":"https:\/\/www.goodacademic.com\/blog\/wp-json\/wp\/v2\/paper_types?post=7209"},{"taxonomy":"tagged","embeddable":true,"href":"https:\/\/www.goodacademic.com\/blog\/wp-json\/wp\/v2\/tagged?post=7209"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}