Write a research paper that addresses how organizations can leverage information technology as a part of the strategic plan to comply with “Federal Information Security Management Act” (FISMA) reg

***** **** to *********** LeverageStudent’s **************** ** **************************** ************ *** * ***** **** ** ******** that it ******** **** *** federal *********** ******** ********** *** ******** data in *** ******* ********** ****** abide ** *** **************** and policies ********* ** FISMA ***** ** *** *** ***** *** ******** programs that **** an intent ** ******** that ***** *** ***** the expected ********* **** *** *********** ** ******* ** ******* ************** *** *** ** ******** ******** **** organizations comply **** ***** *** ******* ** ********** *** implement *********** security ******** ** **** ** *** ********* ** ********* assistance ******* ********** **** ******** amending *** ************* ** *** ********* authority *** ensure **** federal ******** comply **** the security ******** and ********* ********* *** *** ************ ** ******** *********** ***** is * need ** ********** *** information ****** *** ******* baseline controls as **** ** ********* *** ******* *** ******** ************ ***** ****** be the creation of *********** ********* ******* ******** plans *** controls ** well as *** ************* ******* ******** ***** **** *********** **** ************** ** well ** **** **************************** ** *********** system inventories can **** to the ************** of information Federal ******** **** * ******* ** ******* **** *** government in ensuring *** information ** ********* **** ******** *** *********** ** *********** ******* ****** the ******* ******* ** is ******** **** the organization ********** and *********** *** ************ *********** ** be ********* **** ************* have ********** ** ********** ************ *********** **** **** to secure the data ***** ** *** ******* ** ***** information ********** ** ************ *********** ******** that ********* ******** security ******* ****** card ******* ** well ** ***** structured protection ********** **** *** ** ******* *** ******* *********** ** may involve *** ***** of *** current *********** Understanding the ******* ********* ***** to the ******** of ************ information flows ****** *** ************ **** the appropriate ****** *** *********** ************ ******** *** ********* ** becomes **** to ******* *** confidential *********** within *** organization *** *********** ************ policies *** ***** ** intellectual property employee ******* ** well ** customer *********** ******* ******* ***** ********** ***** **** when there ** *** ************** ** *** ********** *** enforcement ******* ** ******* **** to protect and ******** *** ************ *********** ****** the ********************* of ******* **** controls ** ** ********** step ** ******** that an organization ********* *********** *** ******** **** ***** ******* **** ******** ****** ** *** ******* ******** measures **** **** be ********** ** an ************ ********* of *** ******** control ********* ***** to *** ************** ** *** *** ******* for **** *********** system *** National ********* ** ******** and ********** encourages **** ****** ****** to ********* ******* ******** in *** ************** of *** ********** ** ***** ** ******* **** ***** ** *********** ** *** ******** ******** controls **** ***** ** ************ can ******** * ******** security control panel *** ***** ********** in ************ the ********* ******** ** *** ***** *** ************* **** ***** ******** ******** *** compensating ******** ***** act as ************ *** *** ******** objectives *** ************ ******** *** termed ** those **** ** organization ********** that **** in ********* **** *** either *** **** ** **** ** ******** **** *** organization ****** ** risks **** *** substitute *** ************ ******** *** *** ******** baseline ******** ********* ***** ****** ***** Thus **** **** ************** *** assessment **** ** **** **** ************ *** ******** security controlsLeveraging ******** that organizations ******** **** ********** procedures through ************** *** *** ** of the ******** ******** ** ****** that *********** is ******* there **** be ******* measures **** prioritize **** ********* **** assessment is ** ********** **** ** *** **** ******* ******** The members ** *** ************ must be involved ** setting ** risk ********** measures Commitment ** *** ****** **** ******** ***** to *** ********** ** *** ******* ******** *** range of risks ****** ** *********** and ******** hierarchically **** ***** ** the ************** of *** ***** ** the ***** ** ****** occurrence ********* **** *** low risks is * **** ** ****** control ******** **** risks *** categorized ********* *********** ****** be ******** *** ******* level ** security ********* ** *** **** *** ********* of security categorization ****** give * ***** ** the **** ****** **** ***** ** *** placement of *********** ***** on ******* information systems ******* ************ consider risk ********** ** ** ********* part ** leveraging *********** ******** ****** conduct the **** assessment that is ************ ** ****** that *** risks *** *********** at *** ******** ***** ************ ***** as **** ** *** *********** system ***** ******* ***** **** *** **** controls *** ********* it ** **** ** *** *** standards ** ************ ***** ********* **** **** *** be used ** ******** *********** as *** *** ***** ********* ** *** ************* of ******** *** controls **** be ** *** ****** security **** ********* to ***** ***** should ** a ******** plan **** is ********** *** **** updated ******** the *********** leads ** *** emergence of information **** ** ******** *** meets the ******* requirements ****** the ******** plan there ***** ** ** *** ************** ** *** security ******** Thus the ******** ensure **** *** ********* *** *********** ****** the ******* are regularly ******* ***** ****** be room *** *** ************ of ***** controls within *** ************ *** FISMA requirements limit an ****** of implementing single ******* ** ****** the documentation of the ******** controls ***** ** * **** *** *** agency to ****** ************ that **** in *** implementation ** controls **** *** ***** to *** ************* as **** ** *** ******* ******* This ***** ** **** ** ******** the ******** ******** ** **** ** the security plan **** with a ****** ******** plan ********* ******** information ** realistic ** ****** ** the basis of ************* of *** ********* and ********** **** ******* *********** systems ******* ******* ***** Pillitteri ***** Thus system ************* ** well ** *** ******** ********** ********** ****** ** ** *** National *********** standard and Technology risk ********** ********* *** **************************** *********** ****** ******** **** *** ******** ****** **** *** ***** ************ ** the ********** **** *** ******* Risk ********** **** ******** ** **** as the ******** ******* ********* **** ** ensuring that *** information in the ****** ** ********* and **** documented The ******** of ********** ****** *** type ** information **** is available in *** ************ ** ** also ******* **** *** ******** ** accessed to ****** that ***** ** ************* ** the *********** systems It ********** the ********** **** *** ***** as **** and failure ** ******* the *********** systems may ******* * ********* Thus ***** ****** ** ********* by *** ******** *********** to ****** that ***** ** a success ** *** ********************* ******** ********** FISMA ** ****** ************* *** required to ********* adequate ******** ******** ********** ***** *** ************** ** ******** ******** will ***** ** ********** ******** *********** ******** *** ********* ******** *** security ******** **** ***** on the management risk **** ******* *********** ******** *********** ******** *** ***** ******* **** **** be *********** *** executed ** ****** Technical ******** *** *********** ** the system ******* ******** ******** ** firmware Much ** *** ******* **** be attributed ** *** system Adequate ******** **** ******** ** *********** access **** ** ********* Software ******** will be ********* to prevent unauthorized ****** to *** system ** **** **** ** prudent to install ** to date ******** ** ******** the ******* ******* ** **************** authentication process **** ********* on the use ** *********** ********** ** ***** for ********* ****** security *** ************** ******** ****** *** user Id’ s *** ********* * ****** *** system User ** *** password **** ** *** most ****** and ********* *** ******** ******** ** *********** ******* ******* it ** ***** ************** The ****** **** be ********** ***** it **** ****** levels ** ****** ***** ** ** ************** **** ** *** ************ The approach helps ***** *** ****** of ****** **** *** access sensitive *********** ** *** ************ ** ** **** ideal ***** ** ** **** ** identify the source ** * ****** if ** ** *********** by * ****** ** *** ******************** security devices are **** ***** *** ******** ********* ***** ** the organization Physical security ******* **** ***** ********* ****** to *** **** ********* and other rooms in *** ************ **** ******* *** also **** based ** secure *** compartmentalize *********** ************* **** require ****** ****** ** ******** should consider *** use ** ********** ** **** of ***** security controls ********* ************** ******** *** *** of * ********** ******** characteristics ** identify them ** *** ****** ********** ** * **** selective ******** that ******** ************ voice ************ facial ***** *** **** eye ***** ************* ******* *** ******* *** ***** **** in manipulating *** data **** *** ****** **** ***** **** **** **** access ** view *** **** ***** ****** **** **** the ******* ** ********** *** dataAssessing the Effectiveness ** Security *********** ************* can ** ********* ******* operational ********** *********** ******** ******** audits *** goal ********** *********** start6istic ***** ******* identifying *** ***** ** ********* *** members ** *** ************ **** ** *** ******** ******* ******** implemented *********** ********** *** **** assess *** ****** ** ******** threats *** *** ******** ****** ** ********* ******** *********** ******** *** the approach ** *********** how the system works ******* *** ******** ***** ******** & Valverde ***** *** instance *** ************ *** ******** *** **** ** ***** ******** ********* ******* ***** *********** **** ************ *** ******* ****** The ************ ****** frequently ******* an ***** ** *** ****** ****** **** identify *** vulnerabilities ** *** ****** ******* emerging threats ************* ********** is ********* in *********** areas that need *********** ****** ***** ******* *********** ******* *** ********* *** *** *** ****** ******** Audits ****** be ********* ************ ********* on *** **************** ******** to information ******** ******* Compliance goals *********** **** **** in ********* *** ********* security controls *** ************ ****** ********** assess the *********** system ******* FISMA *************** Good ******** ******** ******* ****** **** *** ******** ******************** ************ ******* ************ ****** ***** **** *********** *** *** ***** that *** ******* ** its operational *********** *** ************ ******* ** **** risk should **** be *********** ************ ****** ** ***** on **** ******** *** ****** ** performance amongst ***** ******** ******** ******** ***** will be employed ** ********** *** risk ***** ** *** most ******** to *** ***** critical ************* ****** then design **** ********** strategies by focusing on the ********* ********** ****** ******** the ******** *********************** *** ProcessingThe ************* of *** ******* ****** **** ****** ** the robustness ** *** ******** system *********** *** ************* ** a ***** **** determines *** organization’s ******** ***** *** ********* ******** ************* ******** aspects such as *** integrity ** the ****** configuration *** *********** ***** as well ** assess the ***** ****** ********** *** ************* ******* ** designed to allow **** *** ********** ********* Authorization ** should have * *** ****** **** ********** the undesirable ******* ********* ***** minimizing **** ****** ** **** minimizes ************* ******** *** *** ******** of *** configuration driftsMonitoring ******** ControlsA ********** monitoring ******** ****** ** ******* **** ************* ** the **** ********* ** *** ************ The ********** ****** consider ****** *** vulnerabilities ** the ************ ********** ******* ****** ** ***** on ******* ****** information Several measures *** ******* ****** ** considered *** *** establishment ** *** ******* ** ****** at *** changes to *** ****** control ************* and ********* ** ********** ***** of **** ********* ** ********* ********** program should ** ********* ** *** ************ *** ********** ******* ****** ****** ** *********** ******* ** ******* *** **** The ******** **** *** ********** session ****** be ******** to ******** *** appropriate improvement ******** It ** **** *********** to ******* ** *** ******** ** *** ******* *** ******** **** depend ** *** ******* and ********** ** the ************ *** monitoring ******* ****** be ********** reviewed *** possible updatesReferencesNieles * ******* K ***** Pillitteri V ****** ** ************ ** Information ******** *** NIST ******* *********** **** 800-12 Rev * (Draft)) ******** ********* ** ********* and ****************** * ***** ****** * ****** Tailoring **** ******** ******** for *** ****** ******* ********* *** Implementation-Recommendations *** Information ****** Owners ** AIAA SPACE 2016 ** *********** * * ****** CHAPTER ***** ********* **** ********** for *** Future: ********** and ****** *** ********** ******* ********** * ****** ******** * NIST **** ********** ********* for ***** *** ***** **********

Click here to download attached files: Federal Information Security Management Act.docx

Click here to download attached files: FISMA.pptx

Click here to download attached files: Federal Information Security Management Act.docx