SECURITY POLICY & STANDARDS Competency 427.3.4: Certifications and Accreditations - The

SECURITY POLICY & STANDARDS
Competency 427.3.4: Certifications and Accreditations- The graduate identifies and discusses the Information Assurance certification and accreditation (C&A) process.

Task 4: Certification and Accreditation
Scenario:
You have been hired to review a conducted risk assessment for the Healthy Body Wellness Center since information security management systems should be regularly reviewed, updated, and maintained. To prepare for an upcoming audit and accreditation review, you will use current guidelines from ISO 27002, COBIT, NIST, or ITIL (e.g., NIST Special Publication 800-37,Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach)and the attached “Healthy Body Wellness Center Risk Assessment” case study.
You will apply the current guidelines to the risk management framework for the Healthy Body Wellness Center’s information systems. The organization has recently had a risk assessment completed that includes recommendations for implementing security controls and mitigating risks. In your new role, a team of people will be assigned to help you with the task. You are tasked with creating a to-do list by completing the "Task 4 RMF To-Do List" attachment for the specific tasks outlined in each of the six steps in the risk management framework (RMF). The first row of the "Task 4 RMF To-Do List" has been completed for you.
You will then evaluate and create a document that compares the ISO 27002, COBIT, NIST, and ITIL standards with regard to the certification and accreditation process.
Requirements:
Your submission must be your original work. No more than a combined total of 30% of the submission and no more than a 10% match to any one individual source can be directly quoted or closely paraphrased from sources, even if cited correctly. Use the Turnitin Originality Report available in Taskstream as a guide for this measure of originality.
You must use the rubric to direct the creation of your submission because it provides detailed criteria that will be used to evaluate your work. Each requirement below may be evaluated by more than one rubric aspect. The rubric aspect titles may contain hyperlinks to relevant portions of the course.

A.Complete the attached “Task 4 RMF To-Do List” by using the attached “Task 4 Healthy Body Wellness Center Risk Assessment” and doing the following:

1.Identify whether the tasks are done or not done based on the attached “Task 4 Healthy Body Wellness Center Risk Assessment”.

2.Discuss how you determined the status of the tasks if they are done, and include the page numbers from the risk assessment to support that discussion; or, if the tasks are not done, provide recommendations for completing the tasks in compliance with current guidelines from ISO 27002, COBIT, NIST, or ITIL, including where the results should be saved.

3.List the external documents needed foreachtask that is not done.

B.Compare the ISO 27002, COBIT, NIST, and ITIL frameworks by creating a document in which you do the following:

1.Discuss howeachframework is most commonly used.

2.Analyze the purpose ofeachframework design.

3.Compare the strengths ofeachframework.

4.Compare the weaknesses ofeachframework.

5.Discuss the certification and accreditation process foreachframework.

6.Explain which type of businesseachframework applies to according to the certification and accreditation process.

C.Acknowledge sources, using in-text citations and references, for content that is quoted, paraphrased, or summarized.

D.Demonstrate professional communication in the content and presentation of your submission.