In the readings this week, two ethics related principles were discussed– due diligence and due care. Your readings also included the RA (Risk Assessment) family of security controls (from NIST SP 800-53).
For this discussion, you are asked to construct a short handout (3-5 paragraphs — about one page if printed) which could be used to conduct a brown-bag lunch training presentation for individuals newly assigned to the Office of Risk Management under the Director of IT Security Services. Your training materials will be strengthened by the use of authoritative sources and examples — this means you need to cite your sources and provide a list of references at the end of your handout (your posting).
The handout and training should explain why due diligence and due care are important success factors for risk management efforts. You should specifically address the harm that could occur if the individuals performing risk assessment functions do not exercise both diligence and care. (e.g., efforts to identify and manage risk may not be sufficient to prevent or mitigate attacks or other adverse events which affect the security of information).
Your handout should provide examples of potential harm from a lack of diligence or care in the implementation of three or more Risk Assessment (RA) family security controls. You might consider RA-1 (policy), RA-2 Security Categorization, and RA-9 Criticality Analysis. There are other relevant controls in this family which are worth discussing.
Remember to submit your discussion response to the Turn It In for Discussions assignment folder. See the forum instructions for more information.
For your critiques, focus on providing suggestions for strengthening the original poster’s analysis of the RA controls. Include at least 3 examples and/or content suggestions supported by your own readings (include citations and references for authoritative sources). For full credit, a total of two critiques and two additional responses or follow-up postings are required in addition to your main posting
Readings:
Chapter 3 in the (ISC2) SSCP Systems Security Certified Practitioner Official Study Guide, 3rd Ed. Available from the UMGC online library (UMGC student login required). https://go.oreilly.com/umgc/https://learning.oreilly.com/library/view/isc-2-sscp-systems/9781119854982/
Review Chapter 1 (Data Governance) & Appendix A (FAIR) in CIPM Certified Information Privacy Manager All-in-One Exam Guide. https://learning.oreilly.com/library/view/cipm-certified-information/9781260474107/?ar
Review Section 3.16 Risk Assessment in NIST SP 800-53 rev 5. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5.pdf
Posted inUncategorized
In the readings this week, two ethics related principles were discussed– due di
