The implementation of security controls for business organizations and information systems are crucial tasks that can have significant implications on the operations and properties of the organization. Security controls refer to the safeguards applied within an organization’s information system for integrity, confidentiality, and availability purposes. An organizational need to address several factors when determining which information security elements should be employed within the information system of the organization. The factors include establishing the right security controls that would be essential to adequately control risks incurred by using information and information systems during production. They further need to check whether the company has already implemented the selected security controls and assess the efficacy of the selected security controls. Mary Technology Consultants (MTC) is a company that deals in applicant tracking software. Below are the controls in NIST SP 800-53 Rev.4 Appendix F which are applicable at MTC.
In the access control family, the company would require the access control policy and procedures. The control develops, stores, and disseminates organizational or personal roles and reviews and updates the current access control policy and procedures. It addresses the establishment of policy and procedures to improve the implementation of selected security controls enhancements in the Access Control family. The company can include the policy in its general information security policy. In this control, I would recommend the enterprise version of Open-AudIT since the company would require the Antivirus features that it avails. From the same family, the company can also adapt to the separation of duties control, which helps prevent the potential for abuse of office and mitigate the risk of malicious activity without collusion. The control would use the enterprise version of Open-AudIT employing its Microsoft windows features and the role-based access controls (Islam & Zareen, 2014). The company may also pick the previous logon (access) notification control which would be useful to logons to information systems through the human user interfaces. The Enterprise version of the Open-AudIT will be useful in this control using the firewall features.
The company may also borrow several aspects of the Audit and accountability control family. MTC should apply the enterprise version of the Open-AudIT and use its hardware features of USB devices to store crucial information. The control helps in setting policies and procedures for the proper implementation of selected security controls in the AU family (Bodeau & Graubart, 2013). Moreover, the procedures can be implemented for the general security program and particular information systems if necessary. From the same family, the company MTC can implement the audit review, analysis, and reporting control which helps in reviewing and analyzing information system audit records and in reporting findings to the relevant people. The Open-AudIT professional version may help with security control since it also allows for reporting. The reports are available for different software, including Firefox versions and the operating systems type. The control covers information security-related auditing performed by the company, such as auditing resulting from monitoring wireless connectivity and reporting the findings to the company’s entities such as the incident response team or the help desk.
Since the company interacts with technology, it may implement several security controls from the awareness and training control family (NIST, 2013). For instance, the security awareness and training policy and procedures may be important in addressing the establishment of policy and procedures for the effective implementation of selected security controls in the family. This can be achieved using the system integration using custom fields that fall under the community version of the Open-AudIT tool. The company may also implement the security awareness training control from the AT family. The organization is likely to provide awareness training to its information system users as a pre-requisite training for new employees or when making changes in the information system. MTC will determine the appropriate content of the control and techniques based on its specific requirements. It may employ the enterprise version of the Open-AudIT tool to provide geographical maps to new employees working in the field.
The incidence response family contains security controls that might be essential for MTC. One of them is the incident handling control which implements the company’s incident handling capability for emergency events and coordinates handling incident activities with contingency planning techniques (Souppaya & Scarfone, 2013). The control would employ the enterprise version of Open-AudIT with the racks management and visualization aspects. MTC recognizes that incidence response capability depends on the capabilities of the company’s information systems and the business activities that the system supports. The company may, therefore, consider incorporating incident response during the definition, designing, and development of information systems. The incident monitoring control, from the same, family may also be crucial to MTC since the company has to track and document information security incidents. This is achievable using the professional version of Open-AudIT, which allows for IT asset tracking software and sending reports. Keeping the records and evaluating incident details helps in making decisions in the future.
Bodeau, D., & Graubart, R. (2013). Cyber Resiliency and NIST Special Publication 800-53 Rev. 4 Controls. MITRE, Tech. Rep.
Islam, N. N., & Zareen, F. (2014). Comparison analysis of wireless network audits using open source tools (Doctoral dissertation, BRAC University).
NIST, S. (2013). 800-53 Rev 4, Security and Privacy Controls for Federal Information Systems and Organization.Souppaya, M., & Scarfone, K. (2013). Guidelines for managing the security of mobile devices in the enterprise. NIST special publication, 800, 124.
Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.Read more
Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.Read more
Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.Read more
Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.Read more
By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.Read more