Overview Every organization must create a System Security Plan (cybersecurity profile) for all of its major and minor information systems. The SSP documents the current and planned controls for the system and addresses security concerns that may affect the system’s operating environment. The SSP includes security categorizations and security controls, and is included in the certification and accreditation (C&A) package. For this project, you will create a sample SSP describing the security posture of your selected organization that you used in previous assignments. Learning Objectives After completing this project, students will be able to Select and incorporate appropriate management, technical, and operational security controls into a SSP. Integrate and evaluate management, technical, and operational controls in the context of an information security program. Develop a sample System Security Plan for an information system Deliverable Your sample SSP should be at least five full pages, double spaced, 1-inch margins, in New Times Roman 12-pitch font, with a cover page (name, course number, date, title of paper) and a reference page. The cover page and reference page are not included in the five-page minimum. Papers not meeting the five full-page minimum will lose points. You must have at least three sources, correctly formatted per APA guidelines. Detailed Description of Learning Activity Read NIST Special Publication 800-53 Rev 4 Guide for Assessing the Security Controls in Federal Information Systems and Organizations, Building Effective Security Assessment Plans. Review the sample SSP 800-53 Template Example (for Project 3) in the Project Description area of the classroom. Select one management, one technical, and one operational control from the eighteen controls that apply to your selected organization (i.e., AU – Audit and Accountability). Describe each control family. Include why these controls are required. For each control family select two associated identifiers (i.e., AU-3 Content of Audit Records). Describe each associated family identifier, describe the implementation status as it relates to your selected organization’s security program, and describe how your selected organization implements the family identifer. Write your sample SSP (cybersecurity profile). At a minimum, the profile should include: Introduction that includes the purpose of your paper and introduces security profiles as they relate to your selected organization Analysis section that includes Items 3–6 above Conclusion that summarizes what you wrote Using the sample SSP 800-53 Template Example (for Project 3) copy and paste your selected controls from this document into your Word document Use spell and grammar check before submitting. It is also a good idea to have someone else read your paper. You should also review the grading rubric below to ensure that you have all the graded components. Submit the project to TurnItIn by the due date. It cannot exceed 20%
"Looking for a Similar Assignment? Get Expert Help at an Amazing Discount!"
