task 4 certification and accreditations
Scenario
You have been hired to review a conducted risk assessment for the Healthy Body Wellness Center since information security management systems should be regularly reviewed, updated, and maintained. To prepare for an upcoming audit and accreditation review, you will use current guidelines from ISO 27002, COBIT, NIST, or ITIL (e.g., NIST Special Publication 800-37, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach) and the attached “Healthy Body Wellness Center Risk Assessment†case study.
You will apply the current guidelines to the risk management framework for the Healthy Body Wellness Center’s information systems. The organization has recently had a risk assessment completed that includes recommendations for implementing security controls and mitigating risks. In your new role, a team of people will be assigned to help you with the task. You are tasked with creating a to-do list by completing the “Task 4 RMF To-Do List” attachment for the specific tasks outlined in each of the six steps in the risk management framework (RMF). The first row of the “Task 4 RMF To-Do List” has been completed for you. You will then evaluate and create a document that compares the ISO 27002, COBIT, NIST, and ITIL standards with regard to the certification and accreditation process.
Assumptions
Requirements
Your submission must be your original work. No more than a combined total of 30% of the submission and no more than a 10% match to any one individual source can be directly quoted or closely paraphrased from sources, even if cited correctly.
You must use the rubric to direct the creation of your submission because it provides detailed criteria that will be used to evaluate your work. Each requirement below may be evaluated by more than one rubric aspect. The rubric aspect titles may contain hyperlinks to relevant portions of the course.
A. Complete the attached “Task 4 RMF To-Do List†by using the attached “Task 4 Healthy Body Wellness Center Risk Assessment†and doing the following:
1. Identify whether the tasks are done or not done based on the attached “Task 4 Healthy Body Wellness Center Risk Assessmentâ€.
2. Discuss how you determined the status of the tasks if they are done, and include the page numbers from the risk assessment to support that discussion; or, if the tasks are not done, provide recommendations for completing the tasks in compliance with current guidelines from ISO 27002, COBIT, NIST, or ITIL, including where the results should be saved.
3. List the external documents needed for each task that is not done.
B. Compare the ISO 27002, COBIT, NIST, and ITIL frameworks by creating a document in which you do the following:
1. Discuss how each framework is most commonly used.
2. Analyze the purpose of each framework design.
3. Compare the strengths of each framework.
4. Compare the weaknesses of each framework.
5. Discuss the certification and accreditation process for each framework.
6. Explain which type of business each framework applies to according to the certification and accreditation process.
C. Acknowledge sources, using in-text citations and references, for content that is quoted, paraphrased, or summarized.
D. Demonstrate professional communication in the content and presentation of your submission.
File Restrictions
File name may contain only letters, numbers, spaces, and these symbols: ! – _ . * ‘ ( )
File size limit: 200 MB
File types allowed: doc, docx, rtf, xls, xlsx, ppt, pptx, odt, pdf, txt, qt, mov, mpg, avi, mp3, wav, mp4, wma, flv, asf, mpeg, wmv, m4v, svg, tif, tiff, jpeg, jpg, gif, png, zip, rar, tar, 7z
Rubric
A1
:
Task Statuses
|
Not Evident The status of each task in the “Task 4 RMF To-Do List†attachment is not indicated.
|
Approaching Competence The status of each task in the “Task 4 RMF To-Do List†attachment is not correct based on the risk assessment.
|
Competent The status of each task in the “Task 4 RMF To-Do List†attachment is correct based on the risk assessment.
|
A2:Discussion of Statuses
|
Not Evident A discussion is not provided, or, for tasks that are done, the discussion does not provide how the status of each task was determined. Page numbers from the risk assessment are not provided for each task that is done. Or, for tasks that are not done, the response does not include a recommendation for completing each task.
|
Approaching Competence For tasks that are done, the discussion provides information about how the status of each task was determined, but the discussion is not based on the risk assessment or does not include correct page numbers from the risk assessment to support that discussion for each task. Or, for tasks that are not done, the response includes a recommendation for completing each task, but the recommendations are not in compliance with ISO 27002, COBIT, NIST, or ITIL. For tasks that are not done, the location where the results should be saved is not provided for each task.
|
Competent For tasks that are done, the discussion provides how the status of each task was determined based on the risk assessment and includes page numbers from the risk assessment to support that discussion for each task. Or, for tasks that are not done, the response includes a recommendation for completing each task in compliance with ISO 27002, COBIT, NIST, or ITIL. For tasks that are not done, the location where the results should be saved is provided for each task.
|
A3:External Documents
|
Not Evident External documents are not listed for each task that is not done.
|
Approaching Competence External documents are listed for tasks that are not done, but 1 or more of the documents are inappropriate.
|
Competent External documents are listed for tasks that are not done, and all of the documents are appropriate.
|
|
Not Evident A discussion is not provided, or the submission does not discuss how the ISO 27002, COBIT, NIST, and ITIL framework is used.
|
Approaching Competence A discussion of the ISO 27002, COBIT, NIST, and ITIL frameworks is provided, but the discussion for at least 1 framework does not accurately describe how it is most commonly used.
|
Competent A discussion of the ISO 27002, COBIT, NIST, and ITIL frameworks is provided, and the discussion accurately describes how each framework is most commonly used.
|
|
Not Evident A submission is not provided, or the submission does not attempt to describe the purpose of the ISO 27002, COBIT, NIST, and ITIL framework designs.
|
Approaching Competence The submission describes the reasons for the ISO 27002, COBIT, NIST, and ITIL framework designs but does not analyze the purpose of the design by explaining how each framework design is suited to its use.
|
Competent The submission analyzes the purpose of the ISO 27002, COBIT, NIST, and ITIL frameworks by explaining how each framework design is suited to its use.
|
|
Not Evident A submission is not provided, or the submission does not compare the strengths of the ISO 27002, COBIT, NIST, and ITIL frameworks.
|
Approaching Competence The submission does not accurately compare the strengths of the ISO 27002, COBIT, NIST, and ITIL frameworks.
|
Competent The submission accurately compares the strengths of the ISO 27002, COBIT, NIST, and ITIL frameworks.
|
|
Not Evident A submission is not provided, or the submission does not compare the weaknesses of the ISO 27002, COBIT, NIST, and ITIL frameworks.
|
Approaching Competence The submission does not accurately compare the weaknesses of the ISO 27002, COBIT, NIST, and ITIL frameworks.
|
Competent The submission accurately compares the weaknesses of the ISO 27002, COBIT, NIST, and ITIL frameworks.
|
B5:Certification and Accreditation
|
Not Evident A discussion is not provided, or the submission does not discuss the certification and accreditation process for the ISO 27002, COBIT, NIST, and ITIL frameworks.
|
Approaching Competence The submission inaccurately discusses the certification and accreditation process for the ISO 27002, COBIT, NIST, and ITIL frameworks.
|
Competent The submission accurately discusses the certification and accreditation process for each of the ISO 27002, COBIT, NIST, and ITIL frameworks.
|
|
Not Evident An explanation is not provided, or the response does not attempt to explain which type of business each framework applies to.
|
Approaching Competence The response explains which type of business each framework applies to, but the response is irrelevant to the certification and accreditation process.
|
Competent The response explains which type of business each framework applies to according to the certification and accreditation process.
|
C:Sources
|
Not Evident The submission does not include both in-text citations and a reference list for sources that are quoted, paraphrased, or summarized.
|
Approaching Competence The submission includes in-text citations for sources that are quoted, paraphrased, or summarized, and a reference list; however, the citations and/or reference list is incomplete or inaccurate.
|
Competent The submission includes in-text citations for sources that are properly quoted, paraphrased, or summarized and a reference list that accurately identifies the author, date, title, and source location as available.
|
|
Not Evident Content is unstructured, is disjointed, or contains pervasive errors in mechanics, usage, or grammar. Vocabulary or tone is unprofessional or distracts from the topic.
|
Approaching Competence Content is poorly organized, is difficult to follow, or contains errors in mechanics, usage, or grammar that cause confusion. Terminology is misused or ineffective.
|
Competent Content reflects attention to detail, is organized, and focuses on the main ideas as prescribed in the task or chosen by the candidate. Terminology is pertinent, is used correctly, and effectively conveys the intended meaning. Mechanics, usage, and grammar promote accurate interpretation and understanding.
|
#Essaywriting #Academicwriting #Assignmenthelp #Nursingassignment #Nursinghomework #Psychologyassignment #Physicsassignment #Philosophyassignment #Religionassignment #History #Writing #writingtips #Students #universityassignment #onlinewriting #savvyessaywriters #onlineprowriters #assignmentcollection #excelsiorwriters #writinghub #study #exclusivewritings #myassignmentgeek #expertwriters #art #transcription #grammer #college #highschool #StudentsHelpingStudents #studentshirt #StudentShoe #StudentShoes #studentshoponline #studentshopping #studentshouse #StudentShoutout #studentshowcase2017 #StudentsHub #studentsieuczy #StudentsIn #studentsinberlin #studentsinbusiness #StudentsInDubai #studentsininternational #accountingassignmenthelp #accountingassignment #assignmenthelp #buyaccountingassignment #accountingassignmentwriter #domyassignment #assignmentguide #expertwriters 