ComputerScienceExpert
$18/per page/
System Security Certification and Accreditation
Weekly tasks or assignments (Individual or Group Projects) will be due by Monday and late submissions will be assigned a late penalty in accordance with the late penalty policy found in the syllabus. NOTE: All submission posting times are based on midnight Central Time.
Throughout this course, you will be working on several aspects of System Security Certification and Accreditation through the following scenario and you will produce a case study report. Each week, you will complete a part of the report. The final report is due at the end of the course. Additional information and the deliverables for each Individual Project will be provided in the assignment description for the project. This is the course's Key Assignment that you will make contributions to each week.
Scenario
You have just been hired as the security manager of Medical Credentials Company (MCC), reporting to the Chief Information Officer (CIO). MCC is a kind of clearinghouse for doctors, hospitals, and group practices. It stores and distributes information on its clients, including sensitive information on previous malpractice lawsuits or disciplinary action. MCC is converting from an in-house database to a distributed database, which can be queried by telecommuting employees and clients. This change requires a high level of security. It is your responsibility to provide your engineers with the security requirements and at the same time convince senior management that the system being developed is robust and secure enough to protect the this sensitive information. After careful examination of the database requirements and security requirements, you decide that compliance with the current accreditation/authorization process (NIST 800-37 RMF) would sufficiently protect the database from intrusion and tampering.
-Please See Attachment
Â
CS662-1604System Security CerTfcaTon and AccreditaTonSystem Security CerTfcaTon and AccreditaTon - Assurance and the Orange BookThroughout this course, you will be working on several aspects of System Security Cer±Fca±on andAccredita±on through the following scenario and you will produce a case study report. Each week, youwill complete a part of the report. The Fnal report is due at the end of the course. Addi±onal informa±onand the deliverables for each Individual Project will be provided in the assignment descrip±on for theproject.±his is the course's Key Assignment that you will make contribuTons to each week.ScenarioYou have just been hired as the security manager of Medical Creden±als Company (MCC), repor±ng tothe Chief Informa±on O²cer (CIO). MCC is a kind of clearinghouse for doctors, hospitals, and groupprac±ces. It stores and distributes informa±on on its clients, including sensi±ve informa±on on previousmalprac±ce lawsuits or disciplinary ac±on. MCC is conver±ng from an in-house database to a distributeddatabase, which can be queried by telecommu±ng employees and clients. This change requires a highlevel of security. It is your responsibility to provide your engineers with the security requirements and atthe same ±me convince senior management that the system being developed is robust and secureenough to protect the this sensi±ve informa±on. A³er careful examina±on of the database requirementsand security requirements, you decide that compliance with the current accredita±on/authoriza±onprocess (NIST 800-37 RM´) would su²ciently protect the database from intrusion and tampering.Project BackgroundA³er your ini±al mee±ng with the CIO, she is close to agreeing that the database system needs tocomply with an accredita±on/authoriza±on process. She needs to understand that the Orange Book isthe precursor to current methodologies. She understands the general ideas behind the process, butneeds you to explain the NIST 800-37 (RM´) process: the diµerent roles and how the process works in sixsteps.Assignment DescripTonYour Frst task in this project is to review the provided scenario and create the shell for the case study.This case study will be used as the basis for each of the assignments throughout the course. As youproceed through each project phase, you will add content to each sec±on of the Fnal document togradually complete the Fnal project delivery.The project deliverables for week 1 are as follows:Case Study Report Shell (document detailed below)o±itle page:Should include course name and number, project name, student name, anddateo±able oF contents:Auto-generated, in a separate page and should be updated in eachphaseoSecTon headings(Create each heading on a new page with TBD as content except forsec±ons listed under "New content" below.)
Case Study OutlineAssurance and the Orange BookThe DITSCAP ProcessAppendix DevelopmentThe Common Criteria systemThe EAL ra±ngs in the Common CriteriaNew content(needs to be flled in For phase 1)oCase Study Outline: Material can be taken From the provided scenariooAssurance and the Orange Book:Explain how the Orange Book is the precursor to current accredita±on andauthoriza±on methodologies.Explain the NIST 800-37 (RM²) process: it’s 6 steps and the rolesinvolved in each step.oBe sure to update your table oF contents beFore submission.oDocument needs to be Forma³ed according to APA standardsoName the document yourname_CS662_IP1.docoSubmit the document For grading
Attachments: