Answered You can buy a ready-made answer or pick a professional tutor to order an original one.

QUESTION

ScenarioYou have just been hired as the security manager of Medical Credentials Company (MCC), reporting to the Chief Information Officer (CIO). MCC is a kind of clearinghouse for doctors, hospitals,S

ScenarioYou have just been hired as the security manager of Medical Credentials Company (MCC), reporting to the Chief Information Officer (CIO). MCC is a kind of clearinghouse for doctors, hospitals,

Scenario

You have just been hired as the security manager of Medical Credentials Company (MCC), reporting to the Chief Information Officer (CIO). MCC is a kind of clearinghouse for doctors, hospitals, and group practices. It stores and distributes information on its clients, including sensitive information on previous malpractice lawsuits or disciplinary action. MCC is converting from an in-house database to a distributed database, which can be queried by telecommuting employees and clients. This change requires a high level of security. It is your responsibility to provide your engineers with the security requirements and at the same time convince senior management that the system being developed is robust and secure enough to protect this sensitive information. After careful examination of the database requirements and security requirements, you decide that compliance with the current accreditation/authorization process (NIST 800-37 RMF) would sufficiently protect the database from intrusion and tampering.

Project Background

The CIO is concerned with the number of security controls that they will have to implement for the database. She wants to know if all of the controls have to be implemented all at one time or if a phased approach can be used. Luckily, you know about the priority codes assigned to each control, which are explained in the NIST 800-53 Rev 4, Appendix G. Explain this process along with the Plan of Actions and Milestones (POA&M) process to the CIO. Don’t forget to illustrate how this relates to the Continuous Monitoring (Step 6: Monitor) Phase of RMF.

The project deliverables for week 4 are as follows:

Week 4: The Common Criteria System (600-700 WORDS)

  • The NIST 800-37 RMF
  • Common Criteria Rationale
  • Explain the priority codes assigned to security controls
  • Explain the POA&M process and how it relates to Continuous Monitoring
  • C-2 Orange Book Protection Profile

·       REFERENCE

Show more
prof. Ben
prof. Ben
  • @
  • 45 orders completed
ANSWER

Tutor has posted answer for $10.00. See answer's preview

$10.00

****** **** ******** Thank *** **** **** belongs ** ** *** it ****** ** **** **** ********** apologies *** the previously uploaded ********

Click here to download attached files: INFORMATION SYSTEM PROJECT.docx
or Buy custom answer
LEARN MORE EFFECTIVELY AND GET BETTER GRADES!
Ask a Question