Security Architecture - 001
MIS 5214 - Section 001 - David Lanter
January 23, 2020 by David Lanter 17 Comments
Akshay Shendarkar says
January 24, 2020 at 3:16 pm
Since it is difficult/impossible to predict the probability of any security incident, what are some of the alternatives that can be used to get a more accurate estimation while performing the classical Risk Analysis ?
Numneung Koedkietpong says
January 24, 2020 at 8:16 pm
What are the risks when the system security planning is reviewed and approved by unauthorized person?
Christopher James Lukens says
January 28, 2020 at 11:21 am
The risk is that the person who is unauthorized may also be unqualified to review a SSP. This could lead to gaps in the plan or even gaps towards compliance and open the company up for breaches and fines. The SSP needs to be reviewed by qualified security professionals who know how to use the framework.
Zeynep Sahin says
January 24, 2020 at 10:59 pm
How can an organization balance regulatory compliance and business needs?
Percy Jacob Rwandarugali says
January 26, 2020 at 11:50 am
Who should have access to the system security and where should to it be stored?
January 26, 2020 at 11:52 am
Who should have access to the system security plan and where should to it be stored?
January 26, 2020 at 2:16 pm
What are the relationships between FIPS 199, FIPS 200, SP 800-53, in terms of developing a system security plan?
January 27, 2020 at 2:43 am
FIPS Publication 199 is for Security Categorization of Federal Information and Information Systems. FIPS Publication 200, points out risk-based process for selecting the security controls to meet the minimum-security requirements. NIST SP 800-53 provides three security control baselines., low, moderate, and high, that are associated with the three FIPS 199 impact levels; as the impact level increases, so do the minimum assurance requirements.
Imran Jordan Kharabsheh says
January 26, 2020 at 7:53 pm
Among the seventeen security related areas that are covered in the minimum security requirements of federal information systems security program, which area do you feel holds the most significance and cover the most prominent risks faced by federal agencies?
Natalie Dorely says
January 26, 2020 at 9:41 pm
What would happen if organizations added biometrics as a form of security control and there was a breach in confidential information of the employees that personal information was obtained?
Junjie Han says
January 26, 2020 at 11:04 pm
When some organizations are unable to meet minimum security requirements (when they want to implement IT programs such as membership).But the financial situation does not meet the minimum security requirements.) what can they do?Or just take risks?
Alexander Reichart-Anderson says
January 26, 2020 at 11:40 pm
Which information systems, positions, and policies/standards are most risky, important, and/or vulnerable as we move into the 2020s?
January 28, 2020 at 11:18 am
I think at the hart of this question its about staying current with standards and not falling behind on best practices. At the current time using the NIST standards is a great option but once implemented you need to review and make sure there are no changes and that your still current. The most risky thing to do is to implement a framework and then never look at it again and assume your not vulnerable.
Sarah Puffen says
January 26, 2020 at 11:44 pm
Why is it important to revisit security categorizations as a business matures?
January 28, 2020 at 11:14 am
As the business evolves and matures, a business needs to make sure their categorizations of data are right otherwise they wont be using the necessary controls to prevent an incident. Another reason is to make sure the company stays in compliance and doesn’t receive any fines.
Joseph Nguyen says
January 27, 2020 at 12:01 am
Is SSP specific to NIST only or also available in other frameworks?
January 29, 2020 at 2:32 am
Who is responsible for implementing, monitoring and enforcing the security rules and policies that are established and authorized by the management of an organization ?
You must be logged in to post a comment.