Eknoor B.
asked • 12/11/20Each office and cubicle will be equipped with a telephone and network connection. In addition, many of the employees travel as part of their job roles and require portable computers. Other employees work with desktop personal computers.
The facility will house a cluster of computer servers and network devices that provide workflow and communications between all of the managers and employees. This architecture electronically manipulates, stores, and transmits all of the company’s important business information and data. This includes product descriptions, accounting information, legal records, customer records, employee records, and the company’s intellectual property.
Risk Assessment 2
From the information provided in the second scenario, consider the NIST functions detailed in this section and then write your observations as they relate to each category.
Identify
Create an inventory of physical assets (devices and systems) within the organization (NIST ID.AM-1).
Create an inventory of cyber assets (software platforms and applications) within the organization (NIST ID.AM-2).
Prioritize the organization’s assets based on their criticality or value to the business functions of the organization (NIST ID.BE-3).
Identify any assets that produce dependencies or provide critical functions for any of the organization’s critical services (NIST ID.BE-4).
Create a risk assessment of asset vulnerabilities identified (NIST ID.RA-1, 3).
Protect
Create a policy for managing access to authorized devices and resources based on the following items (NIST PR.AC-1).
Create a method for controlling physical access to secured assets (NIST PR.AC-2).
Create an action plan for informing and training general employees (NIST PR.AT-1).
Create a plan for helping privileged users understand their job roles and responsibilities (NIST PR.AT-2).
Detect
Which types of systems must be in place to identify occurrences of physical security breaches (NIST DE.CM-2)?
Which types of systems must be in place to monitor personnel activity to detect potential cybersecurity threats (NIST DE.CM-3)?
Respond
Which type of response plan might be necessary when general physical security is breached at the facility (NIST RS.AN-1, 2, 3)?
Considering the information kept on the company’s servers, which type of response plan might be necessary when physical security is breached in the server room (NIST RS.CO-4, 5)?
Recover
Which type of recovery plan might be needed for general physical security breaches that occur at one of the cubicles in the facility (NIST RC.RP-1)?
Which items might a recovery plan include if server security is breached at the facility (NIST RC.CO-1, 2)?
Jesse B. answered • 03/08/24
Capable of helping with basic computer science concepts and programmin
It really seems like you want someone to do this entire project for you - I don't see a specific question. What question would you like us to answer specifically?
Get a free answer to a quick problem.
Most questions answered within 4 hours.
Choose an expert and meet online. No packages or subscriptions, pay only for the time you need.
Answers · 1
Answers · 2
Answers · 1
Answers · 2
Answers · 6
Matt J.
5.0 (1,659)
Christian S.
5 (755)
Alex A.
5.0 (525)
