Even complicated and confusing topics will be easily developed and covered if you request our help writing an essay. Place an order today!

Question Description

Red Clay Renovations is an internationally recognized, awarding winning firm that specializes in the renovation and rehabilitation of residential buildings and dwellings. The company specializes in updating homes using “smart home” and “Internet of Things” technologies while maintaining period correct architectural characteristic.

With all the recent cybersecurity attacks and considering the speed technologies are evolving and the security risks related to the type of technologies (IoT, smart devices) used by the company , it will be important to reconsider Some of Red clay’s IT security practices. As a first step, a risk assessment was performed on Red Clay Renovation’s IT systems and infrastructure; according to the findings it was recommended for the company to formalize the security measures required to protect information, information systems, and the information infrastructures for the company’s headquarters and field offices. So this briefing paper will help propose a plan of action which will help develop system security plans including Security Control Classes and Security Control Families related to Red Clay risks.

When talking about system security plans for companies such as Red clay, we immediately touch bases with concepts such as Security Control Classes and Security Control Families. Security controls are safeguards or countermeasures to avoid, detect, counteract, or minimize security risks to physical property, information, computer systems, or other assets. According to recent studies, they are 3 well known classes of security control classes (Lord, 2018):

  • Management controls:The security controls that focus on the management of risk and the management of information system security.
  • Operational controls:The security controls that are primarily implemented and executed by people (as opposed to systems).
  • Technical controls: The security controls that are primarily implemented and executed by the system through the system’s hardware, software, or firmware.

All these 3 classes of controls are necessary for robust security. For example, a security policy implemented at the Wilmington, DE Offices (Red Clay’s Headquarters) (Bring Your Own Device policy) is a management control, but its security requirements are implemented by people (operational controls) and systems (technical controls) within the company. Think of phishing attacks, Red Clay Renovation may have implemented an acceptable use policy that specifies the conduct of users, including not visiting malicious websites. Security controls to help thwart phishing, besides the management control of the acceptable use policy itself, include operational controls, such as training employees and users from all the fields not to fall for phishing scams, and technical controls that monitor emails and web site usage for signs of phishing activity (MDNDocs, 2019).

According to the NIST Special Publication SP 800-53, there is a total of 18 security control families. But on this paper, we will focus on the following security control families (NIST, 2013):

  • Planning(management control class): this control addresses the establishment of policy and procedures for the effective implementation of selected security controls and control enhancements in the PL family. This family contains subfamilies such as PL4 Rules of Behavior (Establishes and makes readily available to individuals requiring access to the information system, the rules that describe their responsibilities and expected behavior with regard to information and information system usage) and PL-8 information security architecture (addresses actions taken by organizations in the design and development of information systems).
  • Identification & Authentication(Technical control class): the information system uniquely identifies and authenticates organizational users (or processes acting on behalf of organizational users). This control applies to all accesses other than: (i) accesses that are explicitly identified and documented in AC-14; and (ii) accesses that occur through authorized use of group authenticators without individual authentication. This family contains subfamilies such as IA-3 device authentication and identification (Organizational devices requiring unique device-to-device identification and authentication may be defined by type, by device, or by a combination of type/device) and IA-7 cryptographic module authentication (The information system implements mechanisms for authentication to a cryptographic module that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication).

  • Incident Response(Operational control access) :This control addresses the establishment of policy and procedures for the effective implementation of selected security controls and control enhancements in the IR family. Policy and procedures reflect applicable federal laws, Executive Orders, directives, regulations, policies, standards, and guidance. This family contains subfamilies such as IR-2 incidence response training (the organization provides incident response training to information system users consistent with assigned roles and responsibilities) and IR-3 incidence response testing ( the organization employs automated mechanisms to more thoroughly and effectively test the incident response capability).

testimonials icon
Teens like to eat at fast-food restaurants and food courts for a number of reasons. They also tend to be concerned about appearance, weight. and...
testimonials icon
 Identify and describe at least three different specialty areas in public health to include the actual roles/careers, responsibilities, and...
testimonials icon
This is for a discussion board post. Here are the questions that should be included in the answer. Please identify your selected theorist...
testimonials icon
Question Description Hi, I need...
testimonials icon
500words 1.0 space. due after 3 hours sharp! read full attachment for more instructions. will attach the chapters in few minutes. �...
testimonials icon
FOR PROFESSOR JANNET ONLY...
testimonials icon
Paragraph A List and define the eight perspectives of personality psychology that are discussed in this section. What is the usef...
testimonials icon
Discuss the changes made in the control mechanisms (external and internal) in order to control the management, financing, and quality in the lon...
testimonials icon
Which level of measurement would you preferred to utilize for a quantitative research? Defend your answer....
testimonials icon
NTC 362 Week 3 DQs.docx...
testimonials icon
Interest rates are the “cost” of money charged to borrowers and we look at what factors make up an interest rate this week.STUDY:...
testimonials icon
 PERSONAL “7 HATS” ASSESSMENTRead through the book’s profile of the different capabilities and attributes a...

Other samples, services and questions:

Calculate Price

When you use PaperHelp, you save one valuable — TIME

You can spend it for more important things than paper writing.

Approx. price
$65
Order a paper. Study better. Sleep tight. Calculate Price!
Created with Sketch.
Calculate Price
Approx. price
$65