Answered You can buy a ready-made answer or pick a professional tutor to order an original one.
Hello, Please look at the attached file and let me know your conset. And no plagiarism please.
Hello,
Please look at the attached file and let me know your conset. And no plagiarism please.
- @
- 966 orders completed
- ANSWER
-
Tutor has posted answer for $30.00. See answer's preview
** ******** Risk ********** ************* NameInstitutionDateEXECUTIVE ************* ** Research and ************ ***** ******* ******* is ** ******* the American ********* **** *************** intelligence The agency *** the obligation ** ******** **** *** the activities associated **** ********* *** consistent **** the American ******* ****** *** ********** ** * **** ************ level The ****** ********* *** ************ ******** **** * ******** ************* ** the ******** of *** ** ******* ****** ******** with *** **** of *********** ******** ** *** ********* *** *** **** ******** to collect *** ******* **** **** **** ******* *** ******* **************** ** ******* New **** ***** ******** *** ****** *** **** ********* to be the ****** *** ******* ******** of ******** ** follow ** ** the ***** ** ********** ************** ****** (GAO) *** performed a ************* evaluation ** *** *** ******** on its *********** security and ***** **** ******** ***** ***** As * ****** *** ****** *** ******* ** ******* ** IT ******** risk ********** ** *** *** it does *** ********** *** ********** ** ***** ** ****** *** **** ****** *** agency ******** *********** ***** *** to ********* the necessary ******* ** ***** *** **** ********* **** ***** focuses on the IT risk assessment ******** ** **** ********** findings *** *** IT **** ********** recommendations together **** the overall ************ ******* **** ASSESSMENT PLANNING ******* Purpose ** *** assessmentThis risk ********** ******* is ** ***** the Bureau ** ******** *** ************ ***** together **** *** ****** leaders *** ********* ************* **** the ******** required to decide the **** **** ** ***** the ********** ***** *** *********** **** **** ******* the ****** ******* ********** continuingly ** ******** ** ***** **** ******** to ************ ****** and **** ********* the ****** **** ********* ******* ** al ***** As an initial ********** the ******* **** ******** * *** ******* ** * baseline assessment of **** ** ************ *************** and ******* ******* to *** ****** ********* *** ****** ******** other ****** and *** ****** ** **** ** various **** issues ** ** followed ****** time ** **** ** **** ************ precise **** ******* **** ******* * ********* *** ******** every step in *** ********** The ********* **** ******** assessment *********** ******** the ********** ************* *** outcomes ******** with maintaining *** *********** *** ***** *** ***** of *** assessment **** ***** the ********** * ********* *** ********** ** *** levels; II *** ***** ** *** ****** ** be affected by *** ********** *** The ********* supported ** *** assessment ******* ** **** ***** for *** ********** ******* to ** ******** * ******* that affect *** ********* for *** ********** ******** **** inform ********* **** ****** *** *********** ******* that ******* *** *** **************** function or ******* ** **** ******* ********* **** ******** *** ********* ********* ** ******** controls supplementation for ******** *********** systemsThe scope will ******* the ***************** ********* ***** the agency ***** ******* ***** ******* *********** ************ **** ****** ******* *** ****** ** *********** within ***** architectural ******* **** that *** *********** ** ********** controls will ** considered3 *********** *** **************** **** ** *** ************** of *********** in ******* ***** ** *** which *** *********** ** *** **** ********** ***** **** *********** ****** ********** ****** ************ ************ ********** *** ******************* potential ********** ******** ********** *** *************** **** also ** *** ************** ** *********** in the ****** *** areas *********** ** *** **** ********** ***** will *********** Properties ********** for *** *************** ********* *** knowledge ***** *** the ************** *********** ************** associated with **************** events4 *** ********** approach and ******** **** model *** ** ** ******* **** ***** ******** *** analytical approach ** ** **** **** **** ******* *********** that ****** threats ** **** therefore involve ********* factors ******** **** ******** ****** ** ******** ********* *** **** ***** will require ********* ********** ****** ******** *** *** agency ***************** ********* *** systems ** ****** ****** ** *** ****** expansion **** ***** and various ******* ** information systems (Grance et al ***** *** *********** ********* ***** threats and *************** will ** ****** ********* *** *********** Therefore *** risk model will involve a *********** assessment **** **** **** * *** factors ** will **** ** **** ******** ** *** security ******** with estimates of ******* ******** A ***************** ********** **** **** **** moderate *** *** scales **** ** **** *** ****** ***** *********** *** risk ***** ** be **** **** ******** *** ******** **** ******* ******** ************ **** ***** **** ******* risk ********* ******* **** ********** ******** ******** ****** sources *** ****** In general *** ***** ** ****** sources and ********** within the ****** ******************* Threat ********* Nation-State; ******* ******* was ******** by * ****** who *** ********* ** *** nation **** the assaults ***** ***** ** ***** they got access ** *** ************ data that ******** the ** *********** ******** * dissatisfied ****** ** agency’s ********** **** ***** ********** ********* ** the ****** ** ******** *** ****** **** ************ correspondence ** President *** ** diplomats **** ******** * ************* Threat Source;· ***** *** ****** ***** made use ** ******** ****** ********* to ******* the **************** ******** ** well ** *** *** *********** Privileged ***** * ********** took **** * ****** that ********* ********** ************ material ** *** taken away ******* ******** and ***** recuperatedStructural ****** ********* ********* A ******** ***** ** *** ********** human ******** ****** ********** permitted ********* to observe private *********** of *** organizational ******* that ******** ***** others *** ********* *** **** ******* ******* ************ *** direct ******* ** the ************ paychecks ***** ***** ***** *** breach ***** *** ********** *********** ** *** evidence; thus ** ************* of *** attackers ** ***** ** *** ******************* ****** ************** access ** ******* ******* ** ****** the ****** ************* ** ********** ****** **** **** “tailgating” ** ********* ** ******** ******** ******* ***** getting **** *** secure data ************* ********* ********** **** movement ********* across the *********** ********* ****** the ********** ***** *** allowed ** ******* social ***** **** ******** ***** ** ****** ** ** **** as the **** of *** ****** ******** ************** ** the ******************* ************* ** * ***** ************** ********* are ********* ** ******* ****** ****** **** ******* *** *** ******* *** Google ***** *** ******** data storageExploit ***** ************ *** ******* *** ******* operators ** ***** ***** mobile devices *** **** connectivity **** *** ****** *************** challenged ******* **** ********** locations ** *** agency;· *** evaluation ********* ********* ******* ** * data ****** ***** ********* ** identify * ****** who *** no ****** * ****** of *** ****** *** was ***** ******* ** ****** advantaged ******** The ****** accessed *** ********** ***** for more **** ***** ****** **** ***** her departure· *** ***** ****** developers for *** ********* ******* **** ********* ** ******** **** as well as *** ***** ** ***** of ********** codeConduct ************** ************ ********** *** ****** fails to use *** **** ********** **** *** ************ *** **** **** *** *** *** **** ************* ******* material through ******* sniffing ** exterior ********** ***** ********** ******* ***** standard ** used *** ******** ******* for making **** that the ************ ** data is ************ to **** ** severe *** ********* ******** ** ******** ************ A ****** ******* ********** *********** ***** ** ********** ************ **************** ******** ***** ***** ************** predicting ************ Lack of ***** ** expiry ** *** ************ ******* *********** Reduced ********* ********* ***** were *** *** **** **** eight characters· ****** **** **** ****** **** ******** active ** ******** applicationsObtain ************ ********** ****** ** configure ****** ********* that *** ** * ****** supporting ******** applications *** *** ******** ********* **** ******** ** a ****** ******* **** ** * ****** ******* Therefore ******* ** ************** ********* ***** *********** *********** ***** phishing ********* data manager ****** * given division ***** control freely *** **** elements ** *** ********** ************ data ********** **** is collected ** *** *** ** ************ *********** manager ****** a **** ****** possess *** **** for recovery ***** *** ***** ****** ****** *** rest operators ********* for *** servers **** *** **** ********** but in *** minds ** *** ****** ***************** ** directed ******* **** *** agency’s *********** ********** *** constituents;All of *** ********* ******* ****** *** were ******** **** ******* ******* ****** and losses **** internally *** externallyExploit poorly ******* **** deletion ****** *** agency’s *********** setting;Lack ** ******** testing *** controls ****** *** ******** ************* ** servers’ ********* *** ****** *** ******* manager’s ****** ******** ** ******* databases *** ********* modules **** *** either *** ********* ** **** ***** ******* ******** *** *** *************** *** done once ** * ******************** ****** *************** privilege ********* the organization have permitted ********* ********* ****** to *** ************ ********* ***** they **** right ** ***** ** alter *** ************ ****** *************** *** ************ ************************ ** *************** *** ****************************************************** ******* ************* ** ** great ***** ******** ** *** ********** of the vulnerability and comfort ** ************ and ** *** ******** of effects **** could ****** **** *** ******************************* vulnerability is of ********** ******* based on *** ******** ** *** ********* *** **** ** ************ *** ** *** ******** ** effects **** ***** result **** *** ****************** **** ************* ** of negligible ***** but the ******** ** *********** ***** be upgradedApplicable ******** ********* or other *********** ** ***** ******* *** ******** ************************* ** predisposing ******************************************************************* ** maximum ************** ***************** roles **************** ********* or ******** structuresModerate34791314Relates ** numerous agency ***************** ***** **************** ********* or *********** ************************ ** some ****** ***************** roles mission/business ************ or *********** ************ Determine *** likelihood ** occurrenceLevelSemi-QuantitativeValuesLikelihood ************************ threat-source ** *********** driven *** ************ proficient *** controls to ***** *** vulnerability **** ***** ******* *** ****************************** ************* ** driven *** capable *** ******** *** ** ***** that *** ******** *** positive ******** ** *** liabilityLow1112The ************* ***** ********** ** ********** ** ******** *** ** ***** to ***** ** at ***** ************ hinder *** ************* **** ***** ********* ********* ********* of *************** of ImpactSemi-QuantitativeValuesImpact DefinitionHigh1356814Exercise ** *** ************* *** *** result in the extremely costly ****** ** *** ******** ****** ** *********** *** considerably ******* **** ** obstruct ** ********** ******* **** ** interest *** *** *** in * ***** loss or ****** ***************************** of the vulnerability – can ****** ** the ********* damage ** ******** ****** ** possessions; may damage ** ******** ** agency’s ******* name ** concern; or *** ****** ** human ******************** ** the ************* *** *** ****** ** *** damage ** some ******** ****** ** ************ *** ********** shake the ********** ******* status ** ********** ********* ************* ** ImpactSemi-QuantitativeValuesRisk ***** DefinitionHigh5683There ** * strong *********** *** ************* actions * ******* ****** ***** ***** ** ** ******** *** * counteractive ****** strategy needs to ** put in ***** *********************************** ******* are ******** *** * ******** must ** established to integrate ***** ******* within * reasonable periodLow41311The ********** ********** Approving Authority need to ******** ******* counteractive ********** are ***** ***** or ***** ** ***** *** ****** ******* ******** *************** ************** Awareness *** Training ******* *** ************** ** ********* Regarding *********** ** ******* for the agency ** **** * ******** awareness program **** makes **** **** *** ******* *** **** ***** ** *** ************ of *********** ******* protection ** *** BRI ********* information ******* ** ** ***** *** ******** ********* ******* ****** also **** all the ****** stakeholders ***** ** *** to **** with the *********** *** technology ******** together with *** ***** ********** **** improper ******** ** *********** systems ********* for *** program ** succeed ** ****** ******* the following;· It ****** *** ******** a ******** ************* **** security awareness ***** is ********** ******* ******** ******** sessions *** security ********* ************* in *** ******** Security ************* ** ** ******* ** * ********** ******* ** make **** that **** *** ********* *** training *** used to keep ******* ******** ********* level ***** ***** ********** ****** ********** the ********** both the ******** ****** ******** *** ************ ******* ** ******* *** underpin *** message ** *** **** ** the ****** stakeholders· *** ***** of security ************* ** *** ************ management should include ******* ******** ** the ********* ***** ** security requirements· The ******* ****** establish a minimum ***** ** ********* *** *** *********** Security ********* ** ** conveyed ** ******* ways which will include **** formal and ************** ******** e-mails ******** **** ***** ****** ***** **************** ********** ********** ******* security training program *** ***** employee ****** ******* ****** **** ***** ** **** ******* *** privacy protection of **** ********* ************** **** ***** *** ********** **** ***** **** should ** made ***** ** how the agency **** ** protect the two ***** of **** ***** ***** ***** workers **** ********** to ****** *********** systems should **** ******** ** the ********** of ******** the *********** system for the ******* ********** ** the ****** ********* *** crucial *********** The following practices and program ****** ****** ** ** ** ******* privacy ********** ** *** ****** ********* and ******* ************************* ************* Every *** of *** **** availabilityb ******* ** ******* ************ ****** the **** of *** ***** ************** of **** ** ** done ****** ** ***** in **** **** ***** ******** ** the ******** should ** ***** ****************** Prerequmentsa ****** ******** *** ******** ************** *** *** operatorsb Cryptography methodsc Security **************** ***************** ********** *** *********** ******* ** ** ******** ** driving ******** devicesStrict Access Controls ******** Agency to implement strict control *** of its systems ******* ****** ******* to be performed *** apply robotized *********** to **** ************* ** the coveted ************** ********* ********** All *** ********* ** *** ******* ******* and databases ** ****** ** strict ******** ************* ******* ** ** ***** ******** ********** ** ** done ** ***** **** **** *** ****** ** any ***** ************ ********* ******** ********* *** and storage)– All *************** ****** ** disconnected *** ***** ****** to ****** the **** ** unintended information ************ Security and IntegrityThe ****** should ********** ********* ** different ********** ********** **** secure data ********* **** ********* ********* Managing *************** of *** ********** ****** ******** accurate records ** ********** *************** *** *** to ****** themBusiness ******************* ******** *************** ******** ******* **** **** ** ******* *** ********* ********** sequence ** ************ The **** for plan development ***** to ******* **** the *********** team ******** ********** **** *** ******* ********** ** ********* *** activity scope **** ******** ******** *** external assets2 The ****** ****** ******* *** *********** ******* ************** ********* **** ******* ********* configurations network ******** *** ********** *** **** ****** get ******** ******* ** *** ** *** ******** ******* ************** ** **** ********** ******** ** ** *** **** severe ******* to *** ********** IT ************** **** ***** ***** *** *********** ******* threats5 ********* what *** organization ********** recognizes as *** **** ****** vulnerabilities to *** agency *************** ********** ** *** ********** *********** *** ******* previous history and *** *** organization ****** ***** Identify what management perceives as *** most ******** IT ****** ** call center ****** farms Internet access8 ****** the ******* ****** time management *** ***** incasing the ******** ** ****** are *** present9 ********* the *********** ******** ********* **** to reply to severe outages10 ******** **** the ******** **** **** ******** ** ******* their ************* ****** ******* from *** *********** **** a gap *********** ****** that ********** **** *** ****** ** presently ***** ******* **** ****** be done ******** **** *************** ** *** ** attain the best ************ ***** ** **** ** *** ********* investment necessary12 The agency ********** ****** ****** *** ****** *** ****** ** *** *********** activities13 Formulate ** ******** ******** ******* **** ****** *** ********* ** ******** *** ********* Perform plans’ ***** and system ******** assets ** confirm ***** ********* ****** ** **** certification ** reflect fluctuations16 Plan *** **** ****** ** ** ******** ******** proficiencies(Source: **** ** ********* ***** ************ *** ******** ** adopt *** *************** named ***** ** ***** *** security control ****** ***** **** ****** ******* effect to *** ********** mission ********** ******** and mission/vision ******** *** ****** requires to *** * productive security ********* ******* **** makes **** **** *** ******* *** **** aware ** *** ************ of maintaining ******* ********** ** *** BRI ********* information The ******* ******** ******** ******* *** ***** ******** should ******* ****** **** ***** of what ******* the ******* ********** of *** sensitive ************** together with proper ******** ** *********** systems Lastly *** ****** ******** ** ******* * ******** continuity program **** * *************** sequence ** ********** ** ****** ******* in its operationsReferences **** R ****** ******** *** ******* ******** *** federal *********** ******* and ***************** ******* Publication 800-53Retrieved ************************************************ * **** A Pope L ****** T Hash * ***** ****** * ****** *********** ******** guide *** *********** ********** systemsNIST ******* *********** *************** ******************************************************************** * ***** Hash J ****** Building ** *********** technology ******** ********* *** training *********** ******* *********** *************** **** ************************************************