Red Clay Renovations RCR programming homework help

/in /by

Response needed:

Red Clay Renovations (RCR) has two field offices located in downtown Baltimore and suburban Philadelphia with each office.  The CISO has declared the System Security Plan (SSP) for the field offices are obsolete and served no purpose for the current security control state of the company.  The field offices can’t continue to operate without the SSP in place.  It is essential for each field office to have separate SSP because each field office operates and maintains its own IT infrastructure.  By having separate SSP; RCR will have a broader overview of its assets in each field and recognizes the need for security system and controls requirements.

RCR processes credit card data and sometimes involves in the handling of patient health information (PHI) plus maintains employees and customers PII.  The SSP will help maintain the minimum set of security control to protect sensitive information and the network systems.  The fact that each field office operates and maintains its own IT infrastructure the Chief Information Officer should have designated a senior agency information security officer (SAISO) at each field office to be responsible for SSP.  The SAISO at a minimum should

  • Develop and maintain information security policies, procedures, control techniques to address system security planning.
  • Manage the identification, implementation, assessment of common security controls.
  • Ensure that personnel with significant responsibilities for system security plans are trained.
  • Assists senior agency officials with their responsibilities for system security plans.
  • Identify and coordinates common security controls for the agency (Swanson, Hash et la.

2006).

  Another reason why a separate SSP is viable is because RCR must follow the local rules and regulations of the state that it is working.  Each field office needs to abide by the building codes for the states of MD and PA.  Moreover, each field office handles PHI, PII and sensitive data.  The separate SSP will help RCR headquarter to pinpoint which field office is in good standard with HIPAA privacy and security compliance, PCI DSS compliance, the Privacy Act and Gramm-Leach-Bliley Act (FCC, 2014).

  Each field office is unique therefore the security level might be different.  The SSP needs to reflect the latest guidelines of NIST SP 800-18 Rev 1, NIST SP 800-53, NIST SP 800-100,  FIPS 199, 200.  RCR shall implement its SSP using the family controls table below, it contains eighteen security controls.  These Security controls may highlight aspects of policy, oversight, supervision, manual processes, actions by individuals, or automated mechanisms implemented by information systems/devices (NIST, 2013).

 
Do you need a similar assignment done for you from scratch? We have qualified writers to help you. We assure you an A+ quality paper that is free from plagiarism. Order now for an Amazing Discount!
Use Discount Code "Newclient" for a 15% Discount!

NB: We do not resell papers. Upon ordering, we do an original paper exclusively for you.