Sample Cyber Security Profile (System Security Plan)
Every organization must create a cyber security profile (System Security Plan (SSP)) for all of its major and minor information systems. The cyber security profile documents the current and planned controls for the system and addresses security concerns that may affect the system’s operating environment. The cyber security profile includes security categorizations, security controls, and is included in the certification and accreditation package. For this project, you will create a sample cyber security profile describing the security posture of your selected organization.
After completing this project, students will be able to 1) explain security categorizations, 2) explain management, technical, and operational controls, 3) provide examples of management, technical, and operational controls, and 4) create a security profile.
11 12/11/2012 9:58 AM
Students will use the Internet and Microsoft Word. Students will use the NIST website. Students will use their selected organization’s information security program documentation. Students will use NIST Special Publication 800-53A Rev 1.
Your sample cyber security profile should be at least three (3) full pages, double-spaced, 1-inch margins, New Times Roman 12-Pitch font, include a cover page (name, course number, date, title of paper) and a reference page. The cover page and reference page are not included in the three-page minimum. Papers not meeting the three full-page minimum will lose points. You must have at least three (3) sources, correctly formatted per APA guidelines. Submit your research paper to the appropriate assignment area by the due date.
Detailed Description of Learning Activity
1. Read NIST Special Publication 800-53A Rev 1, June 2012, Guide for Assessing the Security Controls in Federal Information Systems and Organizations, Building Effective Security Assessment Plans.
2. Review the sample System Security Plan template provided by your instructor.
3. Select one management, one technical, and one operational control that applies to your selected organization (i.e., Risk Assessment – RA).
4. Describe each control. Include why these controls (and family controls) are required.
5. For each management, technical, and operational control, select three to five family controls (Vulnerability Scanning – RA-5).
6. Describe each family control, state the implementation status as it relates to your selected organization’s security program, and describe how your selected organization implements the control.
7. Write your sample cyber security profile. At a minimum, the profile should include:
a. An introduction that includes the purpose of your paper and introduces security profiles as they relate to your selected organization
b. An analysis section that includes items 3, 4, 5, and 6 above
c. A conclusion that summarizes what you wrote
8. Use Spell and Grammar Checker before submitting. It is also a good idea to have someone else read your paper. You should also review the below grading rubric to ensure you have all the graded components.
9. Submit the project to the appropriate assignment area by the due dat