Preview

Security Framework For NIST

Good Essays
Open Document
Open Document
1286 Words
Grammar
Grammar
Plagiarism
Plagiarism
Writing
Writing
Score
Score
Security Framework For NIST
Security plays a significant role in today’s corporations and mitigating risks to a company’s most valuable asset, data, is important. With data breaches, such as the one experienced by Target, the Department of Homeland Security as well as the Internal Revenue System, it is becoming increasingly obvious that no one is immune. Securing data is complex and with the advent of cloud services where information is now gathered and stored in various locations throughout the globe, securing that data continues to be a challenge. Even as we implement policies and procedures to secure our environment, we are now partnering with many companies and vendors that must also follow the same guidelines to ensure a company’s assets.
While company’s work …show more content…
It is a non-regulatory government agency that develops technology, metrics and standards for innovation. It encompasses best practices across a range of industries at US based organizations. A widely adopted NIST standard is the NIST Cybersecurity Framework which is based on best practices from several security documents, organizations, and publications. This is a framework for federal agencies that require stringent security measure to follow. As these standards are endorsed by the government, companies comply with NIST standards as it helps them comply with other regulations such as HIPAA, FISMA and …show more content…
If the business is reviewing their business design and are evaluating vendors to contribute to an architectural design, they may require that the vendor be reviewed and approved by the Security team. If the business is merely contracting for a specific service, they may also request a review be completed by security before proceeding. Groups or business units may also approach the procurement department first before requesting a security review especially if they are in the process of requesting information for a final decision. In that scenario, the request will come from procurement for one or more of those potential vendors. Once the request is in the Security queue, the first step will be to contact the vendor and request a SOC 2 final report for review. If the vendor has not had a SOC 2 review done, the Security team will provide a questionnaire to be completed and submitted for review to the security team. The team will then review the document to identify any gaps in the reporting that must be addressed. If gaps are identified, the Security team will reach out to the vendor to review and discuss. Updates are made to the questionnaire until no further information can be provided or the form is complete. Once this is done, the Security team will complete a “Findings” document and determine if the vendor is “Approved” or “Denied”. If a vendor is “Approved”, then the procurement department is notified if the
Continue Reading
View Writing Issues

You May Also Find These Documents Helpful

  • Better Essays

    Kudler Fine Foods IT Security Report FINAL WEEK 5
    • 2101 Words
    • 8 Pages

    Kudler Fine Foods IT Security Report FINAL WEEK 5

    To properly secure an information system means protecting its files and other confidential information from misuse. The current speed of technological growth requires ever evolving security measures to follow these developments. As the members of Team “A” set out to address this need, it was necessary to discuss the requirements. The foundation of all concrete security plans require a detailed knowledge of all current systems, the tools needed to accomplish security needs and employee training. The implementation of these requirements will be outlined within a final Security Presentation.…

    • 2101 Words
    • 8 Pages
    Better Essays
    Read More
  • Satisfactory Essays

    Kenneth Sims IS3230 Unit 2 Global Acces
    • 406 Words
    • 2 Pages

    Kenneth Sims IS3230 Unit 2 Global Acces

    Global Limited has a reputation of being one of the world’s leading providers of infrastructure information systems, software, and services around the world. They are in need of a better business and security practices. They have identified a problem which has been likened to a game of Whack-a-mole. To help with its security problem, Global as called upon the knowledge of CIS-its own Security Division. One of the first steps is to understand what information is critical to the business initiatives. Global Cadence is front-end for over 40 applications and has for 200,000 registered users. Global is working to minimize its impact.…

    • 406 Words
    • 2 Pages
    Satisfactory Essays
    Read More
  • Better Essays

    Nt 1310 Unit 3 Analysis
    • 1188 Words
    • 5 Pages

    Nt 1310 Unit 3 Analysis

    NIST: The U.S. Congress established the National Institute of Standards and Technology (NIST) with several major goals in mind, including assisting in the improvement and development of manufacturing technology, improving product quality and reliability, and encouraging scientific discovery. NIST is an agency of the U.S. Department of Commerce and works with major industries to achieve its goals. (Oliviero & Woodward,…

    • 1188 Words
    • 5 Pages
    Better Essays
    Read More
  • Powerful Essays

    Term Paper Sec 402
    • 1192 Words
    • 5 Pages

    Term Paper Sec 402

    The Board of Directors request that their information security strategy be upgraded to allow greater opportunities of secure cloud collaboration. Also dress the concerns on the recent number of hack visit attacks that have caused the network to fail across the enterprise. The organization has know brand products across the world and expects top-secret methods for safeguarding proprietary information on its recipes and product lines…

    • 1192 Words
    • 5 Pages
    Powerful Essays
    Read More
  • Good Essays

    Nt1330 Unit 3 Assignment 1
    • 801 Words
    • 4 Pages

    Nt1330 Unit 3 Assignment 1

    This report gives a brief description the general security solutions planned for the safety of data and information that belongs to the organization. The outline will provide elements of a multi-layered security plan, and will indicate a general security solution for each of the seven domains of a typical IT infrastructure. Also I will describe a layer of security for each of the seven domains.…

    • 801 Words
    • 4 Pages
    Good Essays
    Read More
  • Better Essays

    KUDLER FINE FOODS
    • 3315 Words
    • 14 Pages

    KUDLER FINE FOODS

    Our goals subject themselves to technology that are very direct when considering information security, showcasing specific objectives that conforms to a more secure platform that is different, yet similar to what Kudler Fine Foods development team is familiar with; exercising an advanced and cost effective methodology that is needed to efficiently secure data during and after the implementation of its new customer loyalty program. We aim to intelligently convey the vast significance of properly securing sensitive data, the importance of following policies and procedures that conform to security risk and mitigation methods. Our ultimate objective is to put in place a thorough information security system, which substantially and effectively reduces threats and vulnerabilities to all Kudler’s electronic information.…

    • 3315 Words
    • 14 Pages
    Better Essays
    Read More
  • Good Essays

    NT2580 Project part 1
    • 606 Words
    • 3 Pages

    NT2580 Project part 1

    Safety of data and information is a real important aspect of a company. Before we can create an outline for general security solutions we must first define what is needed. I recommend that we use a multi-layered security plan. There are a total of seven domains of an IT infrastructure including user domain, workstation domain, LAN domain, LAN-to-WAN domain, WAN domain, remote access domain, and system/application domain.…

    • 606 Words
    • 3 Pages
    Good Essays
    Read More
  • Powerful Essays

    Nt1310 Unit 1 Assignment 1
    • 1434 Words
    • 6 Pages

    Nt1310 Unit 1 Assignment 1

    Information has become the most valuable asset of any organization. And keeping that information secure is a major factor in the design and development of any computer system. Security is defined by Merriam-Webster as “the state of being protected or safe from harm”. It is up to every organization to insure that their data is protected, and that nothing that is harmful to the company or its clients is compromised.…

    • 1434 Words
    • 6 Pages
    Powerful Essays
    Read More
  • Good Essays

    BSA/310
    • 674 Words
    • 3 Pages

    BSA/310

    In business, an information security is a set of policies to protect the companies and small businesses infrastructure, physical, and information technology assets, and to ensure that information technology users within the domain of the companies and small businesses comply with the rules and guidelines related to the security of the information stored digitally at any network within the boundaries of authority. In short, it can protect data from the outside and even inside threat. The data and information, which the companies and small businesses have, are arguably the most important assets. They should ensure the data confidentiality, integrity, availability, non-repudiation, authentication, and authorization. Most small businesses and companies must have information security to ensure their business and information assets. Information security protects data and controls how it should be distributed within or without the businesses boundaries. This means that information should be encrypted and may have restrictions placed on its distribution to the third party. Information security should protect the data from the outside threats such as:…

    • 674 Words
    • 3 Pages
    Good Essays
    Read More
  • Powerful Essays

    Nt1310 Unit 1 Assignment
    • 4104 Words
    • 17 Pages

    Nt1310 Unit 1 Assignment

    However, there is growing interest in protocols and other mechanisms for use with novel telecommunications services. Next-generation value-added services are bound to introduce new vulnerabilities. The interaction between all these communications and security protocols, and the mechanisms used for distributed systems security, is fertile ground for both interesting research. Ways to enhance these protection tools to make sure our technology is safe from IT attacks are evolving all the time. The systems or measures used to protect a company system at present might not be of any use in the future as technology is always enhancing to higher levels. Telecommunication businesses tend to be comparatively adept at managing information security risks. And many are taking action to achieve an enhanced level of ongoing insight and intelligence into ecosystem vulnerabilities and dynamic threats. Companies like Celcom must be ready to invest in this expensive research so as to be able to aggressively compete in the intense telecommunication market and to be able to sustain itself in this industry. Today, information security is a discipline that demands advanced technologies and processes, a skill set based on counterintelligence techniques, and the unwavering support of top executives. As telecom operators become more similar to technology companies, they will face a raft of new challenges. Core practices like employee awareness and training, policies and tools to reduce insider risks, and protection of data, including intellectual property, will need to be updated. The confluence of mobility, cloud, and social networking have multiplied risks, yet few operators have addressed these threats or deployed technologies that monitor user and network activity to provide insight into ecosystem vulnerabilities and threats. These…

    • 4104 Words
    • 17 Pages
    Powerful Essays
    Read More
  • Powerful Essays

    Paper on Physical Security
    • 4681 Words
    • 19 Pages

    Paper on Physical Security

    An important consideration of an information or operating system of a business or organization is to have a security system that protects information, data, and integrity of the company’s sensitive information and records. If a business or company does not have adequate security, financial, sensitive, and classified information may be compromised and prone to possible viruses and malware, hacking, or at risk of a cyber-attack to the company’s data resulting in possible financial loss. If this scenario is the case, extensive resources most likely will be required to repair or undo the damage caused by the breach of security or virus. This essay will discuss the Service Request SR-rm-013 for Riordan Manufacturing and address security issues and concerns. In addition, this document proposes solutions, methods, and options, and provide information that would best suit the company’s needs and requirements for the security and integrity of sensitive data, based on Riordan’s current security, operating system, and database.…

    • 4681 Words
    • 19 Pages
    Powerful Essays
    Read More
  • Better Essays

    Maintaining Security and Privacy of Business Records
    • 962 Words
    • 4 Pages

    Maintaining Security and Privacy of Business Records

    Businesses need to ensure the secure storage of company files and the guaranteed privacy of employee information. With the increased use and demand for network computing, information security has become a high priority. With all the ways in which someone can gain access to private and confidential information, the previous safe measures need to be enhanced and improved (Yaoxue Zhang; Laurenc T. Yang; Yuezhi Zhou; Wenyuan Kuang. 2010). For example, employee and company files are…

    • 962 Words
    • 4 Pages
    Better Essays
    Read More
  • Powerful Essays

    Hannaford Bros. Cyber Security Lessons Learned
    • 1647 Words
    • 7 Pages

    Hannaford Bros. Cyber Security Lessons Learned

    Virtually every business today uses at least one form of computer information technology. Business firms use computers to automate and assist in managing everything from operations, sales, finance, and logistics. Internal databases and intranets are used for internal controls and organizations are connected via the internet to conduct sales, marketing and many other communications and transactions. Electronic business, or e-business, is dominating modern markets and the business world. This new world of technological innovation has exponentially increased efficiency and globalized the world’s economies. Unfortunately criminals still exist and continue to exploit businesses, committing acts of theft, vandalism, and terror. E-business is not immune to criminal mischief and in fact can be quite vulnerable to sophisticated cyber criminals known as hackers. In early 2008 it was reported that the North East Supermarket mogul, Hannaford Bros. Company fell victim to a computer hacking attack that compromised approximately 4.2 million customer credit cards. This act created a financial nightmare for thousands of consumers and for the Hannaford Bros. grocery company. The incident was a black mark on Hannaford’s public image and a financial burden to their corporation. Cyber Security is a growing priority of today’s business leadership. Boon, Kurtz (2011)…

    • 1647 Words
    • 7 Pages
    Powerful Essays
    Read More
  • Better Essays

    Hacking Research Paper
    • 1378 Words
    • 6 Pages

    Hacking Research Paper

    Confidentiality, integrity, and availability of your systems are of extreme importance. Confidentiality of the data within your network is the thriving force of business. This data is pertinent to the company and consumer. The information could possibly entail financial records or even identifying information. All of which, if found in the wrong…

    • 1378 Words
    • 6 Pages
    Better Essays
    Read More
  • Good Essays

    security plan and procedures
    • 1383 Words
    • 6 Pages

    security plan and procedures

    Security in many organizations today is focused on technology and tools; this can be a benefit to organizations as much as it can be a risk. It can be benefit because it can facilitate things for the organization but, it can be harmful because it can backfire, it can facilitate the organizations percentage of being breached by a malicious hacker from either inside or outside the organization. Organizations don’t seem to focus enough on business requirements, physical and information assets, and risk assessment, this can be harmful since these are very important things you need when you have your own organization/company. In this paper I will be talking about the security plans and procedures for important things to an organization such as; E-mail, Acceptable use, Physical security, and last but not least Incident response.…

    • 1383 Words
    • 6 Pages
    Good Essays
    Read More

Related Topics