Task:
Performance consistently met expectations in all essential areas of the assignment criteria, at times possibly exceeding expectations, and the quality of work overall was very good. The most critical goals were met.
Performance did not consistently meet expectations. Performance failed to meet expectations in one or more essential areas of the assignment, one or more of the most critical goals were not met.
Performance was consistently below expectations in most essential areas of the assignment, reasonable progress toward critical goals was not made. Significant improvement is needed in one or more important areas.
In this assignment you will be conducting a risk assessment. This will not be a technical risk assessment, but an assessment of your hypothetical organization/business. For your organization/business, take the NIST Cybersecurity Framework controls and reduce them to system configuration requirements and system test cases with pass/fail criteria. Refer to the "Framework for Improving Critical Infrastructure Cybersecurity," located within the Course Materials. Then, include the following in a report: Describe when some controls cannot be implemented (such as on a personal laptop). Explain what is to be done in each case identified above to compensate for controls that cannot be implemented (e.g., create an identification authentication scheme). Demonstrate how compensating controls can ensure the non-compliant system can continue to operate within the secured and compliant environment. Discern the likelihood of a cybersecurity breach within the compliant environment and the impact it might have on the organization (make sure to consider emerging risks, threats, and vulnerability).
