System Security Certification and Accreditation (CS662 -1604B -01)
Official (ISC)2 Guide to the CAP CBK 2 Howard Taylor & Francis 9781439820766

Individual Project
Due Date: Mon, 11/21/16 - at 1030PM Central Time

Deliverable Length: 3-4 Pages, Microsoft Word document 
Description:


Throughout this course, you will be working on several aspects of System Security Certification and Accreditation through the following scenario and you will produce a 
case study report. Each week, you will complete a part of the report. The final report is due at the end of the course. Additional information and the deliverables for each Individual Project will be provided in the assignment description for the project. This is the course's Key Assignment that you will make contributions to each week.
Scenario

You have just been hired as the security manager of Medical Credentials Company (MCC), reporting to the Chief Information Officer (CIO). MCC is a kind of clearinghouse
for doctors, hospitals, and group practices. It stores and distributes information on its clients, including sensitive information on previous malpractice lawsuits or disciplinary action. MCC is converting from an in-house database to a distributed database, which can be queried by telecommuting employees and clients. This change requires a high level of security. It is your responsibility to provide your engineers with the security requirements and at the same time convince senior management that the system being developed is robust and secure enough to protect the this sensitive information. After careful examination of the database requirements and security requirements, you decide that compliance with the current accreditation/authorization process (NIST 800-37 RMF) would sufficiently protect the database from intrusion and tampering.
Project Background

After your initial meeting with the CIO, she is close to agreeing that the database system needs to comply with an accreditation/authorization process. She needs to
understand that the Orange Book is the precursor to current methodologies. She understands the general ideas behind the process, but needs you to explain the NIST
800-37 (RMF) process: the different roles and how the process works in six steps.

Assignment Description
Your first task in this project is to review the provided scenario and create the shell for the case study. This case study will be used as the basis for each of the
assignments throughout the course. As you proceed through each project phase, you will add content to each section of the final document to gradually complete the final
project delivery.

The project deliverables for week 1 are as follows:
◦Case Study Report Shell (document detailed below) ◾Title page: Should include course name and number, project name, student name, and date
◾Table of contents: Auto-generated, in a separate page and should be updated in each phase
◾Section headings (Create each heading on a new page with TBD as content except for sections listed under "New content" below.) ◾Case Study Outline
◾Assurance and the Orange Book
◾The DITSCAP Process
◾Appendix Development
◾The Common Criteria system
◾The EAL ratings in the Common Criteria

◦New content (needs to be filled in for phase 1) ◾Case Study Outline: Material can be taken from the provided scenario
◾Assurance and the Orange Book: ◾Explain how the Orange Book is the precursor to current accreditation and authorization methodologies. ◾Explain the NIST 800-37 (RMF)
process: it’s 6 steps and the roles involved in each step. 

 

 

 

Answers

Related Questions

Statistics : FIND P 30X THE BONE DENSITY...

FIND THE 30X THE BONE DENSITY TEST SCORE SEPARATING THE BOTTOM 30% FROM THE TOP 70%...

Science : can someone help me solve this question...

A disk between vertebrae in the spine is subjected to a shearing force of 725 N. Find its shear deformation, taking it to have a shear mod...

Mathematics : A Manufacturing company...

A manufacturing company is thinking of launching a new product. The company expects to sell $950,000 of the new product in the first ye...

Computer Science : Failed Technology Projects" Ple...

...

Computer Science : Scope Creep" Please respond to...

...

Computer Science : Standardization of HTML...

...

If you didn't find the right answer

Ask Your Questions, We'll notify you once someone answers it