CYB/405 Information Systems Governance The Latest Version A+ Study Guide
**********************************************
CYB 405 Entire Course Link http://www.onlinehelp123.com/cyb-405 **********************************************
CYB 405 Wk 2 Team - CISO vs. CIO Conflict Role Play Note: This assignment is intended to support the work you will do in your individual assignment this week. You are a newly appointed CISO who reports directly to the CIO. In the past, the security team reported directly to the CIO. One of your first initiatives was to run a penetration test against the company to better understand its security posture. The results show that the company is severely lacking in security controls, putting the company at high risk for a breach. The CIO asks you about your pen test. Working as a group, write a 1-page role-play script in Microsoft® Word depicting a conflict that may arise as you inform the CIO of the deficiencies and how you would turn a possible conflict into a positive interaction with recommendation for information security improvements. Include the supporting roles of the senior security manager and/or information security auditor. Cite all sources using APA guidelines. Submit your assignment.
CYB 405 Wk 2 - Roles, Responsibilities, and Governance of Security One of the roles of the Chief Information Security Officer (CISO) is to translate technical jargon into business language that senior leadership and executives can understand to support business decisions. As the CISO, the board of directors has asked you to share your ideas for developing a cybersecurity program for the company. The board has specifically requested that you base your recommendations on the major components that make up a cybersecurity program, including personnel.
Part 1 Develop a 2- to 3-page table in Microsoft® Word that lists the roles and responsibilities of each of the following with respect to security. Use the following column headings:
Title
Role
Responsibilities Use the following row headings:
Chief Executive Officer (CEO)
Chief Operations Officer (COO)
Chief Financial Officer (CFO)
Chief Information Officer (CIO)
Chief Information Security Officer (CISO)
Senior Security Manager
Information Security Architect
Information Security Engineer
Information Security Auditor
Information Security Analyst
Security Technician/Specialist
Part 2 Develop a 10- to 12-slide presentation using your choice of software for the board of directors. Include a title slide, a reference slide, and detailed speaker notes. In your presentation:
Concisely describe cyber security governance, including major components like organizational oversight and security processes.
Recommend an information security control framework.
Logically explain how an information security control framework benefits a business.
Describe one organizational challenge of implementing information security and provide an example of how you, the CISO,would address the challenge. Include supportive graphics and appropriate backgrounds and styles. Don't use images unless you obtain permission from the copyright holder or you use copyrightfree images. Format all citations according to APA guidelines. Submit your assignment.
CYB 405 Wk 3 - PCI Compliance Your father has a private retail pharmacy in a small rural town. He accepts credit cards and holds customer information on a small database server. He wants to know if he should be concerned about PCI compliance, as well as HIPAA, and has asked you for a summary so he can decide if he wants to hire an outside consultant to help him comply with government regulations. Write a 3- to 4-page summary in Microsoft® Word of the important aspect of PCI and HIPAA regulations to help him make his decision. In your summary:
Accurately describe what PCI is and why it is important to a small business.
Explain why a small business needs to comply with PCI. Provide at least two reasons.
Outline the ramifications of noncompliance to a small business. Provide two examples.
Concisely describe who is covered under HIPAA.
List the information protected under HIPAA.
List the administrative requirements under HIPAA.
Cite all sources using APA guidelines. Submit your assignment.
CYB 405 Wk 4 Team - Security Strategic Plan Versus a Security Policy Research examples of cyber security strategic plans and cyber security policies, and then compare the two using the Security Strategic Plan Versus a Security Policy Template. Your comparison should be 1 to 2 pages. Compile 1 file for the team. Cite all sources using APA guidelines. Submit your assignment.
CYB 405 Wk 4 - Comparing a Security Strategic Plan to a Security Policy and Aligning to Security Controls The information security strategic plan and security policies are strongly interrelated within an organization’s information security program. The security plan and security policies will drive the foundation and selection of security controls to be implemented within the organization.
Part 1 Write a 1- to 2-page summary of the comparison chart of strategic plans and security policies you completed in this week’s Learning Team assignment.
Part 2 Review the control families described in this week’s reading, NIST SP 800-53a Revision 4, Assessing Security and Privacy Controls for Federal Information Systems and Organizations.
Review the controls from this week’s reading, CIS Controls V7.1. Develop a 2- to 3-page matrix using Aligning Security Controls to NIST Security Controls Matrix Template that accurately maps CIS controls to NIST security control families. Note that some CIS controls may map to multiple NIST control families. Cite all sources using APA guidelines. Submit your assignment.
CYB 405 Wk 5 Team - Plan of Action and Milestones Note: This assignment will help you develop your individual assignment this week. Your company recently reviewed the results of a penetration test on your network. Several vulnerabilities were identified, and the IT security management team has recommended mitigation. The manager has asked you to construct a plan of action and milestones (POA&M) given that the following vulnerabilities and mitigations were identified:
The penetration test showed that not all systems had malware protection software in place. The mitigation was to write a malware defense process to include all employees and retest the system after the process was implemented.
The penetration test indicated that the data server that houses employee payroll records had an admin password of “admin.” The mitigation was to perform extensive hardening of the data server.
The penetration test also identified many laptop computers that employees brought to work and connected to the internal network,some of which were easily compromised. The mitigation was to write a bring your own device (BYOD) policy for all employees and train the employees how to use their devices at work. Complete the 1- to 2-page Plan of Action and Milestones Template. Cite all sources using APA guidelines. Submit your assignment.
CYB 405 Wk 5 - HIPAA Compliance Planning Your company is a security service contractor that consults with businesses in the U.S. that require assistance in complying with HIPAA. You advertise a proven track record in providing information program security management, information security governance programs, risk management programs, and regulatory and compliance recommendations. You identify vulnerabilities, threats, and risks for clients with the
end goal of securing and protecting applications and systems within their organization. Your client is Health Coverage Associates, a health insurance exchange in California and a healthcare covered entity. The Patient Protection and Affordable Care Act (ACA) enables individuals and small businesses to purchase health insurance at federally subsidized rates. In the past 6 months, they have experienced:
A malware attack (i.e., SQL Injection) on a critical software application that processed and stored client protected health information (PHI) that allowed access to PHI stored within the database
An internal mistake by an employee that allowed PHI to be emailed to the wrong recipient who was not authorized to have access to the PHI
An unauthorized access to client accounts through cracking of weak passwords via the company’s website login Health Coverage Associates would like you to develop a security management plan that would address the required safeguards to protect the confidentiality, integrity, and availability of sensitive data from the attacks listed above and protect their assets from the vulnerabilities that allowed the attacks to occur. Write a 1- to 2-page high-level executive summary of the legal and regulatory compliance requirements for Health Coverage Associates executives. The summary should provide
Accurate information on the HIPAA requirements for securing PHI
FISMA and HIPAA requirements for a security plan
Scope of the work you will perform to meet the Health Coverage Associates’ requests Compile a 1-to 2-page list of at least 10 of the CIS controls that provide key alignment with the administrative (policies), physical (secured facilities), and technical safeguards required under HIPAA to protect against the attacks listed above. Include corresponding NIST controls mapped to the selected CIS controls. Write a 1- to 2-page concise outline of the contents of the security management plan. Include
Policies Health Coverage Associates will need to manage, protect, and provide access to PHI
The recommended risk management framework Health Coverage Associates should adopt
Key elements Health Coverage Associates should include in its plan of actions and milestones Cite all sources using APA guidelines.
Submit your assignment.