Description
This project will consist of two deliverables:
1- Risk Profile
2- Risk Threat Matrix: Please see the detailed instructions document for more information
Develop the Risk Profile (Two Page)
Conduct independent research on the U.S Federal Government sector and determine and report the Cyber risks to this sector and your organization in the form of a two-page Risk Profile.
Think about security controls for your sector and support your strategy by providing risk management techniques through the selection of security controls. These security controls will inform your risk profile.
In order to maintain National Security, a balance between Security Controls, Profits and Downtime will have to be achieved.
From the attached documents on attack vectors and attribution, the international domain, include nation state actors that have been deemed threats to the U.S Federal Government. You can use different sources of threat intelligence to gain deeper understanding of your sector and its methods for critical infrastructure protection. Many sectors are remotely monitored using industrial control systems (SCADA), and if this is found to be true in your team sector, this description should be included in the risk profile. Also, include an analysis of possible sources and situations of insider threats and if at any time your sector was exploited by an insider threat. Include how this was detected and what means were used to recover from that type of exploitation. These measures and countermeasures could be part of a security plan and may be incorporated in your selection of security controls.
Develop the Risk Threat Matrix (Excel Xlsx)
You are familiar with the cybersecurity standards organizations “See attached” and understand policy objectives U.S. Federal Government and the resulting cyber defense strategy that provides the security of communications while meeting goals and objectives. As a leadership representative for your sector, work create a Risk Threat Matrix that incorporates what was learned from the security risk profile with the cyber defense strategy of the sector and uses that to select security controls to be implemented for the U.S. Federal Government Sector.
Risk Threat Matrix (Three Tables on Excel Xlsx )
A risk threat matrix is a tool used to assess potential threats, assess the impact of those threats, and assist with decision making. The tables below provide a description of potentially useful inputs to the risk determination task, including considerations for uncertainty of determinations and assessment scales for assessing the levels of risk.
