CYB/407 Information Systems Risk Controls and Auditing Management The Latest Version A+ Study Guide **********************************************
CYB 407 Entire Course Link https://www.onlinehelp123.com/cyb-407 **********************************************
CYB 407 Wk 1 - Risk Management Framework Using the Wk 1 Assignment Template, develop a 1- to 2-page table of the six steps for the NIST Risk Management Framework (RMF) showing the Special Publication guidance for each step. Include a precise description of the deliverables and the typical author of the deliverable. Note: The NIST RMF and its six steps will be exemplified throughout the course. You will develop many of the deliverables prescribed by the RMF. Cite all references according to APA guidelines. Submit your assignment.
CYB 407 Wk 2 - uCertify Lab and Selecting Controls for HIPAA Security Rule Read the Assignment Scenario document.
Part 1 – Lab Navigate to the uCertify HIPAA Lab by using the access link below this assignment in the Wk 2 folder. Directions for navigating the HSR Toolkit are provided in the lab.
Follow the instructions for choosing specific security controls to address the listed vulnerabilities. Take screenshots from the HSR Toolkit for your responses to the selected security control questions within the HSR Toolkit. You will submit the screenshots along with the worksheet.
Part 2 – Worksheet Complete the 3- to 4-page Wk 2 Assignment Template. For each of the three vulnerabilities, complete the following:
Cross-reference the HSR Toolkit questions to specific security controls within NIST SP 800-53a. (For example, for the Training question within the HSR Toolkit, the corresponding security controls within NIST SP 800-53a would be within the Awareness and Training Control Family (AT).)
Use NISTSP 800-30 to accurately calculate the risks. Correctly describe how each selected question from the HSR Toolkit can help reduce the risks associated with the vulnerability.
Paste the screenshots into the worksheet. Cite all references according to APA guidelines. Submit your assignment.
CYB 407 Wk 2 Team - Security Controls for Attack Vectors Understanding which threat agents and vectors are targeting a particular healthcare organization (e.g., hospital, health insurance provider, biomedical device supplier, etc.) can be difficult, as the threat agents (i.e., hackers) are continually changing their attack vectors. Research common attack vectors that can be perpetrated against a typical hospital. Using the Wk 2 Team Template, which identifies three common attack vectors, complete the 1-page table with the recommended security controls from NIST SP 800-53a that would potentially mitigate the risk resulting from those attacks. The team will submit one document for the team. This assignment will help you complete this week's individual assignment.
Submit your team assignment.
CYB 407 Wk 3 - Risk Registry, Security Assessment Plan, and PHI/EPHI Policy Using the scenario presented in Wk 2 and the templates provided in the resources below, complete the following:
1- to 2-page Risk Registry accurately documenting the risk elements from the scenarios that can be used to track issues throughout the project
1- to 2-page Security Assessment Plan Worksheet 1-page PHI/EPHI Policy (Note: In Week Five, you will practice writing policies
again.) Submit your assignment.
CYB 407 Wk 3 Team - System Development Life Cycle (SDLC) Using the Wk 3 Team Template, develop a 1- to 2–page table of the Five Phases of the SDLC in NIST SP 800-64 Revision 2 that can be used in the development of a security assessment plan. Split the phases up between the members of the team, and then discuss each phase with the team members and create one document. The team will submit one document for the team. This assignment will help you complete your Wk 3 individual assignment. Submit your team assignment.
CYB 407 Wk 4 - Assessing Security Controls and Risk Based on the Assignment Scenario, determine the risk associated with the vulnerabilities. Use NIST SP 800-30 to calculate the risks for each vulnerability.
Part 1 – Report Risk Develop a 2- to -3-page Security Assessment Report (SAR) using the Wk 4 Assignment Template. The Security Assessment Report (SAR) should include the following for each vulnerability:
Vulnerability title A precise vulnerability description
Likelihood Impact Overall risk level Logical recommendations for mitigation
Part 2 – Communicate the Risk to Leadership Develop a 10- to 12-slide Microsoft® PowerPoint® presentation documenting the risks for each vulnerability to be presented to the leadership of Health Coverage Associates. The presentation should include:
An introduction slide A description of each of the three vulnerabilities An accurate illustration of the NIST SP-30 5x5 matrices A description of the likelihood and impact, with a justification of that determination (e.g., very low, low, moderate, high, very high)
An illustration of the overall, high watermark level of risk (e.g., very low, low, moderate, high, very high)
A logical recommendation for mitigation actions, including an explanation of risk tolerance and risk acceptance for the organization
A conclusion slide Detailed speaker notes Be sure to include supportive graphics and appropriate backgrounds and styles. All references need to adhere to APA guidelines. Images should not be copied, unless author permission is obtained or copyright-free images are used. Note: Other applications like Adobe® Spark® or Microsoft® Sway® or Mix can be used instead of Microsoft® PowerPoint®. Submit your assignment.
CYB 407 Wk 4 Team - Assessment and Monitoring Tools You have become familiar with the HSR Toolkit to track progress on the selected security controls in order to assist with conducting a risk assessment. After the risk assessment is conducted and documented in a Security Assessment Report (SAR), the implemented security controls must be monitored.
Research the various administrative tools (HSR Toolkit is one) and technical security monitoring tools (i.e., code scanners, vulnerability scanners, etc.) that help validate the effectiveness of implemented security controls. Develop, with your Learning Team, a 1-page listing using Microsoft® Word of at least two administrative and technical tools that are available to support control monitoring. The listing should include:
A description of each tool An explanation of how each tool assists with measuring control effectiveness and mitigating risks The team will submit one document for the team. This assignment will help you complete your Wk 4 individual assignment. Submit your team assignment.
CYB 407 Wk 5 - Password Policy and POA&M Based on the scenario for the Wk 2 individual assignment and utilizing the work you have done on the Security Assessment Plan and Security Assessment Report, develop a corresponding Plan of Actions and Milestones (POA&M).
Part 1 – Password Policy Complete a 1- to 2-page detailed Password Policy using the Wk 5 Assignment Template Password document.
Part 2 – POA&M Build the POA&M. Complete a 2- to 3-page POA&M using the Wk 5 Assignment Template POAM document and the information from the SAR you completed in Wk 4.
Part 3 – Communication to Leadership Communicate the POA&M to Leadership by developing a 10- to 12-slide Microsoft® PowerPoint® presentation documenting the POA&M specifics for each vulnerability, to be presented to the leadership of Health Coverage Associates. Include the following for each vulnerability as transcribed from the POA&M Template:
An introduction slide Accurately summarize the life cycle approach taken based on NISTSP 800-30 and including the Six Steps and Artifacts from each Step (e.g., SAP, SAR, POA&M) Summarize each line item in the POA&M For each vulnerability, logically justify the following: Policy Scheduled Completion Date Required Resources Organizational Department Milestones A conclusion slide Detailed speaker notes Be sure to include supportive graphics and appropriate backgrounds and styles. All references need to adhere to APA guidelines. Images should not be copied unless author permission is obtained or copyright-free images are used. Note: Other applications like Adobe® Spark® or Microsoft® Sway® or Mix can be used instead of Microsoft® PowerPoint®. Submit your assignment.
CYB 407 Wk 5 Team - Audit Plan and Policy Based on the scenario for the Assignment Scenario and utilizing the work you have done on the Security Assessment Plan and Security Assessment Report, create a 1- to 2-page Audit Plan and Policy using the Wk 5 Team Template. The team will submit one document for the team. This assignment will help you complete your Wk 5 individual assignment. Submit your team assignment.