Login
Menu

I choose NASA as my project so please use NASA. Please follow all directions and the rubric as well. No plagrisim.

Home / Blog / I choose NASA as my project so please use NASA. Please follow all directions and the rubric as well. No plagrisim.

I choose NASA as my project so please use NASA. Please follow all directions and the rubric as well. No plagrisim.

I choose NASA as my project so please use NASA. Please follow all directions and the rubric as well. No plagrisim.

I choose NASA as my project so please use NASA. Please follow all directions and the rubric as well. No plagrisim. I will have to turn it in into TURNITIN.com.

 

 

Overview

During Week 1, you selected an organization (or your professor assigned an organization) that you will use for your authentic assessment projects. You must use the same organization throughout the course. Do not ask to change organizations. The purpose of project 1 is to research and evaluate the legislative drivers for information security programs within an organizational context and then write a well-researched critical analysis of legal and regulatory compliance of an organization’s information security program.

 

Learning Objectives

At the completion of this project, students should

 

1.Be familiar with current legislative and regulatory (passed or proposed) requirements for information security programs

2.Be able to interpret and apply legislative and regulatory requirements for information security programs within an organizational context.

3.Be able to develop criteria for assessing legislative and regulatory compliance for an organization’s information security program.

 

Deliverable

Your research paper should be no more than three (3) full pages, double spaced, 1-inch margins, in New Times Roman 12-pitch font, with a cover page (name, course number, date, title of paper) and a reference page. The cover page and reference page are not included in the three-page minimum. Papers not meeting the three full-page minimum will lose points. You must have at least three scholarly sources, correctly formatted per APA guidelines. Submit your research paper to the appropriate TurnItIn assignment area by the due date.

 

Detailed Description of Learning Activity

1.Review the following four documents (see course content): 1) May 2011 Cyber Security Legislative Proposal, 2) the proposed Cyber Security Act of 2012, 3) Executive Order (EO) 13636 Improving Critical Infrastructure Cybersecurity, and 4) Presidential Policy Directive (PPD) 21 Critical Infrastructure Security and Resilience.

2.Review the selected organization’s information security program and program evaluation reports.

3.Select three (3) to five (5) points of analysis from the resources listed in item 1 above. Your points of analysis must be specific items from the legislative proposals, the EO, or the PPD.

4.Research the impacts of the points of analysis on the selected organization’s information security program.

5.Write your research paper. At a minimum, the paper should include

1.An Introduction that includes the purpose of your paper, describes your selected organization, and introduces your points of analysis.

2.A Points of Analysis section that describes your points of analysis and explains why you selected each point of analysis

3.An Analysis/Research section associated with each point of analysis explaining how the selected point of analysis will impact/did impact your selected organization’s security program (be specific)

4.A Conclusion that summarizes the purpose of your paper and describes the key findings from each point of analysis.

6.Use spell and grammar check before submitting. It is also a good idea to have someone else read your paper. You should also review the grading rubric (Appendix C) to ensure that you have included all the graded components.

Vol. 78 Tuesday, No. 33 February 19, 2013 Part III The President Executive Order 13636—Improving Critical Infrastructure Cybersecurity VerDate Mar<15>2010 17:57 Feb 15, 2013 Jkt 229001 PO 00000 Frm 00001 Fmt 4717 Sfmt 4717 E:FRFM19FEE0.SGM 19FEE0 srobinson on DSK4SPTVN1PROD with MISCELLANEOUS VerDate Mar<15>2010 17:57 Feb 15, 2013 Jkt 229001 PO 00000 Frm 00002 Fmt 4717 Sfmt 4717 E:FRFM19FEE0.SGM 19FEE0 srobinson on DSK4SPTVN1PROD with MISCELLANEOUS Presidential Documents 11739 Federal Register Vol. 78, No. 33 Tuesday, February 19, 2013 Title 3— The President Executive Order 13636 of February 12, 2013 Improving Critical Infrastructure Cybersecurity By the authority vested in me as President by the Constitution and the laws of the United States of America, it is hereby ordered as follows: Section 1. Policy. Repeated cyber intrusions into critical infrastructure demonstrate the need for improved cybersecurity. The cyber threat to critical infrastructure continues to grow and represents one of the most serious national security challenges we must confront. The national and economic security of the United States depends on the reliable functioning of the Nation’s critical infrastructure in the face of such threats. It is the policy of the United States to enhance the security and resilience of the Nation’s critical infrastructure and to maintain a cyber environment that encourages efficiency, innovation, and economic prosperity while promoting safety, security, business confidentiality, privacy, and civil liberties. We can achieve these goals through a partnership with the owners and operators of critical infrastructure to improve cybersecurity information sharing and collaboratively develop and implement risk-based standards. Sec. 2. Critical Infrastructure. As used in this order, the term critical infrastructure means systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters. Sec. 3. Policy Coordination. Policy coordination, guidance, dispute resolution, and periodic in-progress reviews for the functions and programs described and assigned herein shall be provided through the interagency process established in Presidential Policy Directive–1 of February 13, 2009 (Organization of the National Security Council System), or any successor. Sec. 4. Cybersecurity Information Sharing. (a) It is the policy of the United States Government to increase the volume, timeliness, and quality of cyber threat information shared with U.S. private sector entities so that these entities may better protect and defend themselves against cyber threats. Within 120 days of the date of this order, the Attorney General, the Secretary of Homeland Security (the ‘‘Secretary’’), and the Director of National Intelligence shall each issue instructions consistent with their authorities and with the requirements of section 12(c) of this order to ensure the timely production of unclassified reports of cyber threats to the U.S. homeland that identify a specific targeted entity. The instructions shall address the need to protect intelligence and law enforcement sources, methods, operations, and investigations. (b) The Secretary and the Attorney General, in coordination with the Director of National Intelligence, shall establish a process that rapidly disseminates the reports produced pursuant to section 4(a) of this order to the targeted entity. Such process shall also, consistent with the need to protect national security information, include the dissemination of classified reports to critical infrastructure entities authorized to receive them. The Secretary and the Attorney General, in coordination with the Director of National Intelligence, shall establish a system for tracking the production, dissemination, and disposition of these reports. (c) To assist the owners and operators of critical infrastructure in protecting their systems from unauthorized access, exploitation, or harm, the Secretary, consistent with 6 U.S.C. 143 and in collaboration with the Secretary of VerDate Mar<15>2010 18:55 Feb 15, 2013 Jkt 229001 PO 00000 Frm 00003 Fmt 4705 Sfmt 4790 E:FRFM19FEE0.SGM 19FEE0 srobinson on DSK4SPTVN1PROD with MISCELLANEOUS 11740 Federal Register / Vol. 78, No. 33 / Tuesday, February 19, 2013 / Presidential Documents Defense, shall, within 120 days of the date of this order, establish procedures to expand the Enhanced Cybersecurity Services program to all critical infrastructure sectors. This voluntary information sharing program will provide classified cyber threat and technical information from the Government to eligible critical infrastructure companies or commercial service providers that offer security services to critical infrastructure. (d) The Secretary, as the Executive Agent for the Classified National Security Information Program created under Executive Order 13549 of August 18, 2010 (Classified National Security Information Program for State, Local, Tribal, and Private Sector Entities), shall expedite the processing of security clearances to appropriate personnel employed by critical infrastructure owners and operators, prioritizing the critical infrastructure identified in section 9 of this order. (e) In order to maximize the utility of cyber threat information sharing with the private sector, the Secretary shall expand the use of programs that bring private sector subject-matter experts into Federal service on a temporary basis. These subject matter experts should provide advice regarding the content, structure, and types of information most useful to critical infrastructure owners and operators in reducing and mitigating cyber risks. Sec. 5. Privacy and Civil Liberties Protections. (a) Agencies shall coordinate their activities under this order with their senior agency officials for privacy and civil liberties and ensure that privacy and civil liberties protections are incorporated into such activities. Such protections shall be based upon the Fair Information Practice Principles and other privacy and civil liberties policies, principles, and frameworks as they apply to each agency’s activities. (b) The Chief Privacy Officer and the Officer for Civil Rights and Civil Liberties of the Department of Homeland Security (DHS) shall assess the privacy and civil liberties risks of the functions and programs undertaken by DHS as called for in this order and shall recommend to the Secretary ways to minimize or mitigate such risks, in a publicly available report, to be released within 1 year of the date of this order. Senior agency privacy and civil liberties officials for other agencies engaged in activities under this order shall conduct assessments of their agency activities and provide those assessments to DHS for consideration and inclusion in the report. The report shall be reviewed on an annual basis and revised as necessary. The report may contain a classified annex if necessary. Assessments shall include evaluation of activities against the Fair Information Practice Principles and other applicable privacy and civil liberties policies, principles, and frameworks. Agencies shall consider the assessments and recommendations of the report in implementing privacy and civil liberties protections for agency activities. (c) In producing the report required under subsection (b) of this section, the Chief Privacy Officer and the Officer for Civil Rights and Civil Liberties of DHS shall consult with the Privacy and Civil Liberties Oversight Board and coordinate with the Office of Management and Budget (OMB). (d) Information submitted voluntarily in accordance with 6 U.S.C. 133 by private entities under this order shall be protected from disclosure to the fullest extent permitted by law. Sec. 6. Consultative Process. The Secretary shall establish a consultative process to coordinate improvements to the cybersecurity of critical infrastructure. As part of the consultative process, the Secretary shall engage and consider the advice, on matters set forth in this order, of the Critical Infrastructure Partnership Advisory Council; Sector Coordinating Councils; critical infrastructure owners and operators; Sector-Specific Agencies; other relevant agencies; independent regulatory agencies; State, local, territorial, and tribal governments; universities; and outside experts. Sec. 7. Baseline Framework to Reduce Cyber Risk to Critical Infrastructure. (a) The Secretary of Commerce shall direct the Director of the National VerDate Mar<15>2010 18:55 Feb 15, 2013 Jkt 229001 PO 00000 Frm 00004 Fmt 4705 Sfmt 4790 E:FRFM19FEE0.SGM 19FEE0 srobinson on DSK4SPTVN1PROD with MISCELLANEOUS Federal Register / Vol. 78, No. 33 / Tuesday, February 19, 2013 / Presidential Documents 11741 Institute of Standards and Technology (the ‘‘Director’’) to lead the development of a framework to reduce cyber risks to critical infrastructure (the ‘‘Cybersecurity Framework’’). The Cybersecurity Framework shall include a set of standards, methodologies, procedures, and processes that align policy, business, and technological approaches to address cyber risks. The Cybersecurity Framework shall incorporate voluntary consensus standards and industry best practices to the fullest extent possible. The Cybersecurity Framework shall be consistent with voluntary international standards when such international standards will advance the objectives of this order, and shall meet the requirements of the National Institute of Standards and Technology Act, as amended (15 U.S.C. 271 et seq.), the National Technology Transfer and Advancement Act of 1995 (Public Law 104–113), and OMB Circular A–119, as revised. (b) The Cybersecurity Framework shall provide a prioritized, flexible, repeatable, performance-based, and cost-effective approach, including information security measures and controls, to help owners and operators of critical infrastructure identify, assess, and manage cyber risk. The Cybersecurity Framework shall focus on identifying cross-sector security standards and guidelines applicable to critical infrastructure. The Cybersecurity Framework will also identify areas for improvement that should be addressed through future collaboration with particular sectors and standards-developing organizations. To enable technical innovation and account for organizational differences, the Cybersecurity Framework will provide guidance that is technology neutral and that enables critical infrastructure sectors to benefit from a competitive market for products and services that meet the standards, methodologies, procedures, and processes developed to address cyber risks. The Cybersecurity Framework shall include guidance for measuring the performance of an entity in implementing the Cybersecurity Framework. (c) The Cybersecurity Framework shall include methodologies to identify and mitigate impacts of the Cybersecurity Framework and associated information security measures or controls on business confidentiality, and to protect individual privacy and civil liberties. (d) In developing the Cybersecurity Framework, the Director shall engage in an open public review and comment process. The Director shall also consult with the Secretary, the National Security Agency, Sector-Specific Agencies and other interested agencies including OMB, owners and operators of critical infrastructure, and other stakeholders through the consultative process established in section 6 of this order. The Secretary, the Director of National Intelligence, and the heads of other relevant agencies shall provide threat and vulnerability information and technical expertise to inform the development of the Cybersecurity Framework. The Secretary shall provide performance goals for the Cybersecurity Framework informed by work under section 9 of this order. (e) Within 240 days of the date of this order, the Director shall publish a preliminary version of the Cybersecurity Framework (the ‘‘preliminary Framework’’). Within 1 year of the date of this order, and after coordination with the Secretary to ensure suitability under section 8 of this order, the Director shall publish a final version of the Cybersecurity Framework (the ‘‘final Framework’’). (f) Consistent with statutory responsibilities, the Director will ensure the Cybersecurity Framework and related guidance is reviewed and updated as necessary, taking into consideration technological changes, changes in cyber risks, operational feedback from owners and operators of critical infrastructure, experience from the implementation of section 8 of this order, and any other relevant factors. Sec. 8. Voluntary Critical Infrastructure Cybersecurity Program. (a) The Secretary, in coordination with Sector-Specific Agencies, shall establish a voluntary program to support the adoption of the Cybersecurity Framework by owners and operators of critical infrastructure and any other interested entities (the ‘‘Program’’). VerDate Mar<15>2010 18:55 Feb 15, 2013 Jkt 229001 PO 00000 Frm 00005 Fmt 4705 Sfmt 4790 E:FRFM19FEE0.SGM 19FEE0 srobinson on DSK4SPTVN1PROD with MISCELLANEOUS 11742 Federal Register / Vol. 78, No. 33 / Tuesday, February 19, 2013 / Presidential Documents (b) Sector-Specific Agencies, in consultation with the Secretary and other interested agencies, shall coordinate with the Sector Coor

Is this the question you were looking for? If so, place your order here to get started!