Project #3: Sample Cyber Security Profile
The security controls introduced by the National Institute of Standards and Technology (NIST) (2014) provide a framework from which organizations can develop their information system security plans. While some organizations may struggle to implement all of the standards as outlined, many address the various controls through systems they already have in place. This paper seeks to analyze the implementation of security controls by the Department of Human and Health Services (HHS) and provide recommendations for improvements to the information security department as necessary. Specifically, this paper will explore the HHS’ implementation of risk assessment as it pertains to vulnerability scanning of privilege information and updating of tools, identification and authentication as it pertains to local access to privilege accounts and remote access, and incident response as it pertains to incident response training and incident handling.