CYB 650 Information Security Frameworks Presentation
The main objective of information security frameworks is to lower the level of risk, reducing the possibility of a vulnerability and making the company more secure. The framework shows the details of the daily procedures to reduce exposure to risk.
Refer to your “Conduct a Risk Assessment,” assignment from CYB-650 and the “Develop a Business Impact Analysis Parts 1-3” assignments from CYB-630 and the “Business Continuity Plan” from the Topic 1 assignment.
Create a 10- to 12-slide digital presentation that demonstrates how to implement a security framework to identify and close gaps between an organization’s current cybersecurity status and its future target cybersecurity status. Make sure to align to an appropriate regulation (e.g., PCI DSS, HITECH, HIPAA, SOX, GLBA, or GDPR) and address the following:
Explain the current cybersecurity environment, such as development processes, paradigms, information, configuration management, and systems directly involved in the delivery of services.
Describe the current risk management practices, development threats, legal and regulatory requirements, business/mission objectives, and organizational constraints using the framework identified.
Describe how security best practices and frameworks can be used as a reference to develop a cybersecurity program.
Create a diagram related to the common workflow of information and decisions at the major levels within the organization.
Explain the critical cybersecurity needs that should be in place to ensure compliance with the appropriate regulation by differentiating from NIST, ISO/IEC 27000-series (e.g., PCI DSS, HIPAA, SOX, GLBA). Then, prioritize organizational efforts, business needs, and outcomes.
List and describe the elements of a software assurance maturity model.