Office of Personnel Management OPM CMP 610 Project 1:

Office of Personnel Management OPM

CMP 610

Project 1: Security Models

• 5.1: Define and appropriately use basic cybersecurity concepts and terminology.
• 6.2: Create an information security program and strategy, and maintain their alignment.
• 7.3: Evaluate enterprise cybersecurity policy.
• 9.2: Rank the vulnerabilities of a system from a disaster-management perspective.

Step 1: Review Assigned Organization

organization description

Step 2: Cybersecurity Background Summary

• Compare and contrast cybersecurity and computer security.
• Discuss Data flows across networks. (Review Bits and Bytes, Non-Textual Data, Evolution of Communication systems, Computer Networks, Network Devices & Cablesand Network Protocols if you do not already have a working understanding of these topics.)
• Discuss basic cybersecurity concepts and vulnerabilities, including flaws that can exist in software. (Review Systems Software, Application Software, Software Interaction and Programming if you do not already have a working understanding of these topics.)
• Discuss common cybersecurity attacks. (Review A Closer Look at the Web and Web Markup Language if you do not already have a working understanding of these topics.)
• Discuss penetration testing.
• Discuss how to employ Network forensic analysis tools (NFAT) to identify software communications vulnerabilities.

• List and discuss the major concepts of enterprise cybersecurity.
• Discuss the principles that underlie the development of an enterprise cybersecurity policy framework and implementation plan.
• List the major types of cybersecurity threats that a modern enterprise might face.

Step 3: Analyze Weaknesses

1. a technology perspective
2. a people perspective
3. a policy perspective

Step 4: Risk Summary

1. Classify risks according to relevant criteria.
2. Explain system and application security threats and vulnerabilities.
3. Prioritize risks from internal and external sources.
4. Assess the cybersecurity threats faced by your entity.

Step 5: Security Weakness Assessment

Step 6: Security Models Summary

• Bell-LaPadula
• Biba's Strict Integrity Policy
• Clark-Wilson
• Chinese Wall

Step 7: Continuation of Security Models Summary

• Clinical Information Systems Security
• Noninterference Security
• Deducibility Security
• Graham-Denning

Step 8: Security Model Analysis

Step 9: Identify Relevant Model Features

Step 10: Design a Custom Security Plan

• The security plan should coincide with your organization's IT vision, mission, and goals.
• Include an information security program that aligns with business strategy.
• Incorporate all internal and external business functions within the organization's security programs.
• Classify risks according to relevant criteria.
• Prioritize threats from both internal and external sources.
• Rank the most relevant security attributes for your organization and list them in priority order. This list will serve as Appendix B to your final assignment.

Step 11: Develop a Business Case for Your Organization

Step 12: Identify Security Model Attributes

Step 13: Assess Security Improvement Potential

Step 14: Develop a Security Plan Recommendation Memorandum

• a description of the security model attributes
• an assessment of the weaknesses in your organization that the security features will address
• your rationale for selecting the specific security attributes and your prognosis of success, noting risks and impacts to include a high-level assessment of financials
• the policies and procedures that will need to be in place for the security plan to work
• the infrastructure that will need to be in place for the security program to operate and to align with each entity within the organization
• a plan for evaluating the security plan's effectiveness