Fill in Order Details

  • Submit paper details for free using our simple order form

Make Payment Securely

  • Add funds to your account. There are no upfront payments. The writer will only be paid once you have approved your paper

Writing Process

  • The best qualified expert writer is assigned to work on your order
  • Your paper is written to standard and delivered as per your instructions

Download your paper

  • Download the completed paper from your online account or your email
  • You can request a plagiarism and quality report along with your paper
Posted on by admin

INFORMATION SECURITY STANDARDS

INFORMATION SECURITY STANDARDS
Paper instructions:
a writter completed this work…but it was plagarised i work… i need this re-done. Exactly in the same format with at least 3 sources. single spaced 2 pages at least

Project #2: Information Security Standards for an Organization

Overview – Every organization must consider the mandatory and recommended practices when creating their information security program and/or security policies. Legislative documents such as FISMA are mandatory, yet standards documents such as FIPS 200 can also be mandatory. Your selected organization used one or more standards when creating its information security program. For the project, you will identify a standard used by your organization in its information security program, then compare and contrast with another similar standard.

Learning Objective – After completing this project students will be able to 1) identify at least two technical standards, 2) describe at least two technical standards, 3) compare and contrast technical standards, and 4) describe how the technical standard(s) impact their selected organization’s information security program.

Media – Students will use the Internet and Microsoft Word. Students will use their selected organization’s information security program documentation. Students will use the NIST website. Students may use the VA CIO’s Technical Reference Model website.

Deliverable – Your research paper should be at least three (3) full pages, double-spaced, 1-inch margins, New Times Roman 12-Pitch font, include a cover page (name, course number, date, title of paper) and a reference page. The cover page and reference page are not included in the three-page minimum. Papers not meeting the three full-page minimum will lose points. You must have at least three (3) sources, correctly formatted per APA guidelines. Submit your research paper to the appropriate assignment area by the due date.

Detailed Description of Learning Activity
1. Review your organization’s information security program documentation and determine what standard(s) the organization used to create the program.
2. Select one standard used by your selected organization and select another standard (similar in content) not used by your selected organization. For example, your organization may have used FIPS 200 to determine minimum security requirements. ISO/IEC 27002:2005 is another standard covering security requirements.
3. Identify three to five points of analysis from your selected organization’s standard (i.e., FIPS 200) that you will compare and contrast against the second standard (i.e., ISO/IEC 27002:2005).
4. Research the security issues related to or solved by the three to five items you selected in #3. Make sure that you check to see what type of security control each item addresses (use NIST Security Controls catalog SP-800-53).
5. Write your research paper. At a minimum, the paper should include:
a.) An introduction that includes the purpose of your paper and introduces your organization
b) A standards section that describes the two standards you selected for the paper
c) A Points of Analysis section that describes your three to five points and why you selected them (#3 above)
d) A Compare and Contrast section comparing and contrasting the details of each standard for t
Project #2: Information Security Standards for an Organization

Overview – Every organization must consider the mandatory and recommended practices when creating their information security program and/or security policies. Legislative documents such as FISMA are mandatory, yet standards documents such as FIPS 200 can also be mandatory. Your selected organization used one or more standards when creating its information security program. For the project, you will identify a standard used by your organization in its information security program, then compare and contrast with another similar standard.

Learning Objective – After completing this project students will be able to 1) identify at least two technical standards, 2) describe at least two technical standards, 3) compare and contrast technical standards, and 4) describe how the technical standard(s) impact their selected organization’s information security program.

Media – Students will use the Internet and Microsoft Word. Students will use their selected organization’s information security program documentation. Students will use the NIST website. Students may use the VA CIO’s Technical Reference Model website.

Deliverable – Your research paper should be at least three (3) full pages, double-spaced, 1-inch margins, New Times Roman 12-Pitch font, include a cover page (name, course number, date, title of paper) and a reference page. The cover page and reference page are not included in the three-page minimum. Papers not meeting the three full-page minimum will lose points. You must have at least three (3) sources, correctly formatted per APA guidelines. Submit your research paper to the appropriate assignment area by the due date.

Detailed Description of Learning Activity
1. Review your organization’s information security program documentation and determine what standard(s) the organization used to create the program.
2. Select one standard used by your selected organization and select another standard (similar in content) not used by your selected organization. For example, your organization may have used FIPS 200 to determine minimum security requirements. ISO/IEC 27002:2005 is another standard covering security requirements.
3. Identify three to five points of analysis from your selected organization’s standard (i.e., FIPS 200) that you will compare and contrast against the second standard (i.e., ISO/IEC 27002:2005).
4. Research the security issues related to or solved by the three to five items you selected in #3. Make sure that you check to see what type of security control each item addresses (use NIST Security Controls catalog SP-800-53).
5. Write your research paper. At a minimum, the paper should include:
a.) An introduction that includes the purpose of your paper and introduces your organization
b) A standards section that describes the two standards you selected for the paper
c) A Points of Analysis section that describes your three to five points and why you selected them (#3 above)
d) A Compare and Contrast section comparing and contrasting the details of each standard for the three to five points of analysis (#3 above)
e) A conclusion that summarizes what you wrote
6. Use Spell and Grammar Checker before submitting. It is also a good idea to have someone else read your paper. You should also review the below grading rubric to ensure you have all the graded components.
7. Submit the project to the appropriate assignment area by the due date.

NOTE: A template has been made available to you in Course Content. The use of this template is mandatory!

he three to five points of analysis (#3 above)
e) A conclusion that summarizes what you wrote
6. Use Spell and Grammar Checker before submitting. It is also a good idea to have someone else read your paper. You should also review the below grading rubric to ensure you have all the graded components.
7. Submit the project to the appropriate assignment area by the due date.

NOTE: A template has been made available to you in Course Content. The use of this template is mandatory!

Rubric – The below rubric is used when grading this assignment.

Rubric – Project #2: Information Security Standards for an Organization
Qualities & Criteria Good (3-4) Excellent (5)
Introduction
Title; Objective or Thesis; Problem statement; Topic.

weight: 5% of assignment grade
a. The writer makes the reader aware of the overall problem, challenge, or topic to be examined.
b. Thesis is stated but clarity and/or focus could be better.
c. The title does not adequately describe the topic. a. The writer introduces the topic and its relevance to (1) the discipline; and (2) the chosen audience. The introduction lays groundwork for the direction of the assignment.
b. Thesis or objective is clearly stated and appropriately focused.
c. Main idea stands along with details.
d. The title is appropriate and adequately describes the topic.
Standards and Points of Analysis
Structure; Flow; Organization and Development

weight: 15% of assignment grade
a. The paper includes a description of one standard and/or the description of both standards is not accurate.
b. The paper includes three (3) or four (4) points of analysis.
c. Ideas are clear, but there is a lack of extra information.
d. Information relates to main topic. Details and amount of information are sparse.
e. Sentences and paragraphs generally though not always relate to the thesis or controlling idea.
f. Examples are included, though not always; reader needs specific details or quotes that the writer does not provide. a. The paper includes an accurate description of both standards.
b. The paper includes five (5) points of analysis.
c. Ideas are clear, original, and focused. Main idea stands along with details.
d. Sufficient information included. Information clearly relates to the main relates to the main thesis. It includes several supporting details and/or examples.
e. Sentences and paragraphs clearly and effectively relate to and support the thesis.
f. Writer provides examples and quotes that answer the reader’s questions and add depth to the writer’s ideas.
Conclusions
Synthesis of ideas.

weight: 10% of assignment grade
a. The writer provides concluding remarks that show an analysis and synthesis of ideas and information. Some of the conclusions, however, are not supported in the body of the review. a. The writer makes succinct and precise conclusions based on the review of literature.
b. Insights into the problem/topic are appropriate.
c. Conclusions are strongly supported within the assignment.
Research and Analysis (Compare/Contrast)
Weaving together literature through assignment that provide exploration/explanation

weight: 50% of assignment grade
a. The writer includes all the sections of pertinent content, but does not cover them in as much depth or detail as the audience/reader expects.
b. The writer cites sources when specific statements are made.
c. The significance to the discipline is evident.
d. Ideas are clear, but more information is needed.
e. Ideas in the assignment are mostly (but not all) relevant and worthy of the reader’s consideration.
a. The writer covers the appropriate content in depth without being redundant.
b. The writer cites sources when specific statements are made.
c. The significance of quotes, when used, is apparent.
d. The length is appropriate.
e. Ideas are clear, original, and focused. Main idea stands out, along with details.
f. Ideas in the assignment are compelling, even original; they are not self-evident.
Clarity and Correctness of the Writing

weight: 10% of assignment grade
a. The writing is generally clear, but unnecessary words are occasionally used. Meaning is sometimes hidden.
b. Paragraph or sentence structure is repetitive.
c. Much of the writing is generally clear, but meaning is sometimes hidden.
d. There are between 10 and 20 mistakes in grammar, spelling, and/or punctuation, but they do not cause confusion; they suggest negligence, not indifference.
e. Writing might ramble; the assignment is not carefully written. a. The writing is clear and concise.
b. There are less than 10 mistakes in grammar, spelling, and/or punctuation.
c. The writing does not ramble; the assignment is carefully written and edited.
Sources & Citations & Proper APA Format

weight: 10% of assignment grade
a. The writer cites sources within the body of the review and includes a corresponding References list. Some formatting problems exist or some elements are missing.
b. Less than three (3) sources are cited. All sources are accurately documented, but some are not in the desired format.
c. Assignment is in APA style but with some errors.
d. The body of the assignment consists of a review of the literature.
e. There is evidence of attention to people-first, non-discriminatory language.
f. Most sources are scholarly and cited, but with some errors.
g. Personal opinions are kept to a minimum though may not be delayed in the assignment. a. The writer includes at least three (3) citations in the body of the review.
b. The references in the list match the in-text citations and all are properly cited in APA style.
c. Numerous sources are cited. All sources are accurately documented.
d. Accurately adheres to APA style in formatting, organization, and construction, including full review of relevant literature.
e. There is consistent use of people-first, non-discriminatory language.
f. The majority of sources are scholarly and cited correctly in both text and reference list.
g. Personal opinions are delayed and stated succinctly in the conclusion.

 

Resource

Organization Web Site Strategic Plan Information Security Program Program Evaluation Report
National Aeronautics and Space Administration http://www.nasa.gov

http://www.nasa.gov/pdf/516579main_NASA2011StrategicPlan.pdf

http://www.nasa.gov/offices/ocio/itsecurity/

http://www.gao.gov/new.items/d104.pdf

 

 

 

INFORMATION SECURITY STANDARDS For NASA

CSIA 412

Sabruna Afrin

October 6, 2013
1. Introduction.
The National Aeronautics and Space Act of 1958 (Space Act), as amended, established NASA as the civilian agency that exercises control over U.S. aeronautical and space activities and seeks and encourages the fullest commercial use of space. Recognizing the importance of securing federal agencies’ information and systems, Congress enacted the Federal Information Security Management Act of 2002 (FISMA) to strengthen the security of information and information systems within federal agencies. FISMA requires each agency to use a risk-based approach to develop, document, and implement an agency wide security program for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source.
The purpose of this paper is to establish the information security requirements for the National Aeronics and Space Administration NASA) relative to the policy set forth in NASA policy set forth in NASA policy directive (NPD) 2810.1. In this paper FIPS-200/FISMA has been chosen as the security standard used by NASA. On the other hand, ISO/IEC 27002 is the other standard not used by NASA, which has been discussed as a contrast standard.
2. Standards

FISMA defines information security as the protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. To implement federal and NASA policies and requirements, FISMA allows for the delegation of responsibilities into various functional roles.
The Clinger-Cohen Act states that the NIST Federal Information Processing Standards (FIPS) are “compulsory and binding” 40 U.S.C. § 11331(b) (1) (C). FISMA also advocates that security be based on “periodic assessments of the risk and magnitude of the harm that could result from the unauthorized access, use, disclosure, disruption, modification, or destruction of information and information systems that support the operations and assets of the agency. Furthermore, FISMA provides flexibility regarding the application of security controls.
On the other hand, the ISO/IEC 27002 standard is aligned with ISO/IEC 9001 (the Quality Management System) and aims at meeting needs in the non-Government arena for scalability and needs to ensure that an organizations management system meets a basic best-practices management system. Its paradigm is, that by ensuring that the organization has an appropriately defined risk management process and assessment methodology, then the treatment of identified risks will mean that appropriate controls can be applied and hence assurance can be gained that the organization’s systems are also properly secured. It focuses on making sure that the organization has a management system that is capable of managing information security, a necessary approach for the non-government arena where a very wide variety of organizations need to be serviced. Hence, it adopts more of a “top down” approach.
3. Points of Analysis
a. Point of Analysis #1APPLICABILITY

Applicability describes the type of organizations in which the standard could be used. FIPS-200 is mandatory to the U.S government agencies, and is also referenced for agency contractors in the federal Acquisition regulation.
b. Point of Analysis #2BOUNDARIES

This describes the scope of coverage. The scope described by FIPS-200 is an IT system or group of systems.
c. Point of Analysis #3RISK MANAGEMENT

A risk management process is central to information security assurance no matter what the particular r needs of an organization are. The FISMA suite includes all the elements of risk management
Point of Analysis #4 BASELINE APPROACH
This describes specification of baseline control sets and how the risk management process drives them.
d. Point of Analysis #4 BASELINE APPROACH

This describes specification of baseline control sets and how the risk management process drives them.
e. Point of Analysis #5CERTIFICATION AND ACCREDATION
The assurance gained from participating in a scheme that is ensuring conformance to the standards is not drawn from security of the system but is related to the trust and reputation of the people and organizations making the assurance.

3. Compare and Contrast

The two standards discussed in this paper serve the same purpose of providing a general framework for managing IT security needed in an organization. There is the standards often used by Federal agencies to meet the FISMA requirements that have been developed by NIST and the standards developed internationally that are published by ISO/IEC and adopted by many commercial organizations in the ISO/IEC 27000 series. Moreover, they differ greatly in their places of application as described below in detail.

 

a. Impact #1 APPLICABILITY
FIPS-200/FISMA is mandatory to the U.S government agencies and also referenced for agency contractors in the Federal Acquisition Regulations. It is not formally recognized outside the U.S National Security Systems and the CIA is not mandated to use the FISMA related standards produced by NIST.
ISO/IEC’s 27000 frameworks are voluntary and applicable to large and small organizations. It is an international standard approved by over 60 different nations. A mutual agreement is in place between several accreditation agencies with the goal of ensuring conformity in assessment around the world.

b. Impact #2 BOUNDARIES

The boundary described by the FISMA related standards is an IT system or group of systems (and extends to include the organization which controls the systems). For ISO/IEC 27002 the scope is typically an organizational unit and includes the systems for which that unit is responsible and has control over. This amounts too much the same thing, but belies the history of the standards as the FISMA standards were originally very system focused/oriented often leaving organizational matters outside the boundary.

c. Impact #3RISK MANAGEMENT

The FISMA standard suite includes all the elements of the risk management process that must be used. ISO/IEC 27001, with focus on organizations, defines the attributes of a high-level risk management process. It does not provide a specific risk analysis or risk assessment method.

d. Impact #4BASELINE APPROACH

The FISMA framework differs significantly from that of the ISO/IEC ISMS framework in its specification of baseline control sets. The risk management framework proscribed includes categorizing the systems and the information they contain into low, medium or high impact according to FIPS 199. It then provides a minimum set of controls to protect them. These can be augmented or added to as a result of the risk assessment for the systems at hand, but they must implement the minimum set. ISO/IEC 27001 does not use such a concept, and the risk management process drives the entire control set applicable to a system.

e. Impact #5 CERTIFICATION AND ACCREDITATION

Certification: assessors who have audited the IT systems compliance with the standards and the implementation of the appropriate controls certify In the FISMA model an IT system. A certificate is issued attesting to the correct implementation of the controls specified to protect the IT system in question.
A comprehensive assessment of the management, operational and technical security controls in an information system, made in support of security accreditation, to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system.
In the ISO/IEC 27001 ISMS framework, the term certification is used when an independent 3rd party certification body makes the assurance that the entire management system is conformant with the standard. A certificate is issued attesting to the management systems conformance to the standard.
Accreditation: In the FISMA scheme the term accreditation is used to indicate that the system has been certified and approved for operation. The IT system is accredited for operation.
In the ISO/IEC ISMS framework, the term accreditation is used to indicate that a certification body has met the standards of an accreditation body such as, in the U.S., ANAB.
The assurance gained from participating in a scheme that is ensuring conformance to the standards is not drawn solely from the security of the system in question but is also related to the trust and reputation of the people and organizations making the assurances. In the FISMA framework as applied to the U.S. Government, the trust is derived from the U.S. Government.
For the ISO/IEC 27001 scheme, the trust is derive
4. Conclusion

Both the FISMA and ISO/IEC 27000 ISMS frameworks have been discussed with their differences and similarities. Both are maturing frameworks and actively maintained by their relevant standards bodies. The FISMA framework is unlikely to be of relevance outside the mandates provided by the U.S. legislation whilst ISO/IEC is an international standard that can be relevant globally, and is often used by organizations with a global or international presence.
It may be appropriate for some organizations to consider conformance to both frameworks, and a brief discussion of this topic using NASA has been provided.


ORDER A SIMILAR PAPER AND DELEGATE FULFILMENT OF YOUR ASSIGNMENT TO EXPERT ACADEMIC WRITERS. PLAGIARISM-FREE, GUARANTEED A, TIMELY DELIVERY.

strategic planning visioning session

WHAT OUR CURRENT CUSTOMERS SAY

  • Google
  • Sitejabber
  • Trustpilot
Zahraa S
Zahraa S
Absolutely spot on. I have had the best experience with Elite Academic Research and all my work have scored highly. Thank you for your professionalism and using expert writers with vast and outstanding knowledge in their fields. I highly recommend any day and time.
Stuart L
Stuart L
Thanks for keeping me sane for getting everything out of the way, I’ve been stuck working more than full time and balancing the rest but I’m glad you’ve been ensuring my school work is taken care of. I'll recommend Elite Academic Research to anyone who seeks quality academic help, thank you so much!
Mindi D
Mindi D
Brilliant writers and awesome support team. You can tell by the depth of research and the quality of work delivered that the writers care deeply about delivering that perfect grade.
Samuel Y
Samuel Y
I really appreciate the work all your amazing writers do to ensure that my papers are always delivered on time and always of the highest quality. I was at a crossroads last semester and I almost dropped out of school because of the many issues that were bombarding but I am glad a friend referred me to you guys. You came up big for me and continue to do so. I just wish I knew about your services earlier.
Cindy L
Cindy L
You can't fault the paper quality and speed of delivery. I have been using these guys for the past 3 years and I not even once have they ever failed me. They deliver properly researched papers way ahead of time. Each time I think I have had the best their professional writers surprise me with even better quality work. Elite Academic Research is a true Gem among essay writing companies.
Got an A and plagiarism percent was less than 10%! Thanks!
prevnext

ORDER NOW

CategoriesUncategorized

Consider Your Assignments Done

“All my friends and I are getting help from eliteacademicresearch. It’s every college student’s best kept secret!”

Jermaine Byrant
BSN

“I was apprehensive at first. But I must say it was a great experience and well worth the price. I got an A!”

Nicole Johnson
Finance & Economics

ORDER NOW

Our Top Experts

See Why Our Clients Hire Us Again And Again!


OVER

10.3k
Reviews

RATING
4.89/5
Average

YEARS
13
Mastery

Success Guarantee

When you order form the best, some of your greatest problems as a student are solved!

Reliable

Professional

Affordable

Quick

See our Results

ORDER YOUR ASSIGNMENT NOW