Question: RMF Step 3: Implement In RMF Step 3, Controls specified in the security and privacy plans are implemented. [Cybersecurity Framework: PR.IP-1] In this module we

RMF Step 3: Implement

In RMF Step 3, "Controls specified in the security and privacy plans are implemented." [Cybersecurity Framework: PR.IP-1] In this module we will back up a step to draft the Security Assessment Plan (SAP) to define what testing will be conducted in Step 3.

Assignment Requirements

  1. Download the SAP Template. Part of it has been filled in with the testing you are evaluating in Assignment 6.2.
  2. Complete the first tab with the information provided in your chosen RMF scenario.
  3. Based on your systems hardware and software list, use the DISA STIG library to determine which STIGs will be applied in RMF Step 3. Add those to the list on Tab 2.

Submission Requirements

  • Format: Microsoft Excel
  • Use the assignment link about to submit your spreadsheet

RMF Step 3: ImplementIn RMF Step 3, "Controls specified in the security

A B C D E F G H J 1 NAME: FILL IN THE SHADED BLOCKS SLE Frequency SLE Frequency ARO ALE (Pre) (Pre) ARO (Pre) ALE (Pre) (Post) (Post) (Post) (Post) Programmer Mistakes 52,001 1 per week 52,001 1 per month Loss of Intellectual Property $48,000 2 per year $48,000 1 per 2 year Software Piracy $1,000 1 per quarter $1,000 1 per year Theft of Information (External) $4,200 1 per month $4,200 2 per year Theft of Information (Internal) $5, 100 3 per year $5,100 1 per year Web Defacement $1,000 1 per week $1,000 1 per year 9 Theft of Equipment $4,000 1 per quarter $5,000 1 per 2 year 10 Viruses, Worm, Trojan Horses $500 1 per week $500 1 per month 11 DoS Attack $4,000 2 per year $4,000 1 per year 12 Earthquake $250,000 1 per 20 years $35,000 1 per 20 year 13 Flood $250,000 1 per 20 years $30,000 1 per 20 years 14 Fire $550,000 1 per 10 years $55,000 1 per 10 year 15 16 17 Cost of 18 Control Type of Control CBA 19 Programmer Mistakes $12,000 Training 20 Loss of Intellectual Property $6,500 FirewallIDS 21 Software Piracy $6,500 Firewall/IDS Theft of Information (External) 56,500 FirewallIDS 23 Theft of Information (Internal) $11,000 Phys. Security 24 Web Defacement $5,000 Firewall 25 Theft of Equipment 511,000 Phys. Security 26 Viruses, Worm, Trojan Horses $9,000 Antivirus 27 DoS Attack $4,500 Firewall 28 Earthquake $3,500 Insurance/Backup 29 Flood $8,000 Insurance/Backup 30 Fire $3,500 Insurance/Backup 21

Step by Step Solution

There are 3 Steps involved in it

1 Expert Approved Answer
Step: 1 Unlock blur-text-image
Question Has Been Solved by an Expert!

Get step-by-step solutions from verified subject matter experts

Step: 2 Unlock
Step: 3 Unlock

Students Have Also Explored These Related General Management Questions!

Q:

RMF Step 3: Implement In RMF Step 3, "Controls specified in the security and privacy plans are implemented." [Cybersecurity Framework: PR.IP-1] In this module we will back up a step to draft the...

Q:

Assignment Content As the team leader for Phoenix Security Services SureMarket account, you completed your SOX assessment of compliance. Now your company is being retained to monitor the status of...

Q:

Question: It is a common case that institutions to collect and store the personal data of staff and students from around the world, what are the additional considerations for Personally Identifiable...

Q:

Assignment Content Your company, Phoenix Security Services, is a managed security services contractor that consults with U.S. businesses that require assistance in complying with the Sarbanes-Oxley...

Q:

Wk 2 - NIST RMF Step 2: Select Security Controls [due Mon] Wk 2 - NIST RMF Step 2: Select Security Controls [due Mon] Assignment Content As the team leader for Phoenix Security Services SureMarket...

Q:

This policy will be reviewed no later than 5 years of its authorisation date. At this point it will need to be re-authorised by the relevant authority at Xxz Financial Services Version Published...

Q:

Hi- Please take a look at the attached Word document for detailed requirements on an 8-page evaluation. Let me know what you think, and we can discuss price, plus a healthy tip. Task: (1) The...

Q:

Solution Expert - verified 1 st step All steps Answer only Understanding the Assignment Task: Choose a cybersecurity threat or attack. Select a suitable information security management model or...

Q:

Need help with the following task below: Scenario Prior to commencing your role as site supervisor, you will need to ensure that you are familiar with Australia Wide Landscaping standards, values,...

Q:

QUESTION 1 Which of the following is not a step that would be performed in a vulnerabilty assessment? a. Apply security controls b. Testing the system for vulnerabilities, using a tool such as Nessus...

Q:

If the elasticity is greater than 1, is demand elastic or inelastic? If the elasticity equals 0, is demand perfectly elastic or perfectly inelastic?

Q:

In what ways is the term exchange related to the definition of marketing?

Q:

Mayflower, Inc. has $1,000 face-value, 7% semi-annual coupon bonds on the market selling at $1,012. The bonds have 9 years left to maturity. What is the effective annual yield on these bonds?...

Q:

You dissolve 16.0 g of calcium sulfate, CaSO4(s), into 475 mL of water. Determine the number of moles of calcium sulfate in this solution and calculate the molar concentration of this calcium sulfate...

Q:

LO10.1 Give the names and summarize the main characteristics of the four basic market models.

Q:

5. List several fixed and variable costs associated with owning and operating an automobile. Suppose you are considering whether to drive your car or fly 1,000 miles to Florida for spring break....

Q:

6. Use the concepts of economies and diseconomies of scale to explain the shape of a firms long-run ATC curve. What is the concept of minimum efficient scale? What bearing can the shape of the...