This assignment builds toward your final project and is due on Day 7 of this module
As part of the Risk Management Framework, you are now being asked to implement the security controls you previously selected. In a two- to three-page paper, not including title and reference pages, discuss how the security controls you selected work to achieve a desired solution based on the security controls you previously selected in the Module 3 assignment
Example: I have a wine opener that is not a corkscrew. It works perfectly for me but if I give it to someone, they cannot make it work. Describe how to make it work.
Your paper must be double-spaced, use a standard 12-point font and standard margins. At least two APA formatted in-text citations are required plus appropriate references must be listed. (Note: No wiki or blog references are allowed).
Your document should be free of spelling and/or grammatical errors.
This assignment builds toward your final project and is due on Day 7 of this module As part of the Risk Management Framework, you are now being asked to implement the security controls you previously
SECURITY CONTROL FOR THE PAYROLL CATEGORIES AND CIA TRIAD NAME: INSTITUTION COURSE: INSTRUCTOR: DATE: SECURITY CONTROLS FOR PAYROLL CATEGORIES AND CIA TRIAD Some of the payroll categories in St. John healthcare facilities comprise wages, taxes, deductions, expenses of the employers plus accruals. In reference to the law, the organization has to create the payroll category where different workers are assigned due to the amount of the finances. Within the company, the categories assist in determining specific amounts which are assigned to each employee as well as making the process automated for preventing the potential delay as well as errors related to the human. Nevertheless, it is essential to understand that before exposing, wages as well as accrual expenses as the paycheck they should be assigned from different employees. In ensuring that the payrolls function properly then security controls have to be implemented. Selecting and implementing the security control for the information system as well as an organization are vital tasks that could have major implications on the operation as well as assets of the company and the welfare of the people as well as the country. Security control is safeguarded which is prescribed for the information systems or the organizations they are designated towards the protection of confidentiality, integrity plus the availability of the information which is processed, stored as well as transmitted by the systems; Satisfying set of the defined security requirements. The unreasonable risks of harm as a result of malfunctioning behaviors of the technology systems are being addressed in the umbrella of the functional security, where the functional security is described as the freedom out of unacceptable risks (IEC,2010). Having an increase in the connectivity of the systems, risks of undesirable consequences increase as a result of the possibility of adversary intentionally resulting in undesirable consequences (Young & Leveson,2014). Security is defined as the systems property which allows system to achieve the mission or the serious function despite the risks being modeled by these threat. Security control is the countermeasure or the safeguard used to the reduction of chances that threats will exploit the vulnerability. In ensuring the security of the payroll system for the company three main types of security control can be implemented in this case that includes administrative, technical plus physical. The main goal for the implementation of security controls could be preventive, corrective, detective, compensation, or acting as deterrent. The control is used in protecting individuals as is case with the social engineering trainings or policies. Technical control or logic control uses technology for reducing vulnerability in the hardware as well as software. Software tools that are automated are installed as well as configured for protecting the assets. Example of technical control includes encryption, firewall, antivirus plus anti-malwares software, security information as well as event management, intrusions detection system, as well as intrusion prevention system. Technical controls they are divided into two types including an access control list (ACL) which is a network traffic filter which could control the incoming or the outgoing traffic. They are common in the routers or firewalls but could also be organized in a device which runs in network from the host, network device plus server. The other type is the configuration rule which is instructional code that guides the execution of system when the info passes through. The networks environment equipment’s vendor has exclusive configuring rules which manage operation of the ACL object. Administrative security control are the policies, procedure, or guidelines which defines the workers or the businesses practice in the accordance with company security goal. To be able to implementing administrative controls, security control is necessary for the continued monitoring as well as implementation. Processes which monitor as well as enforcing administrative control including management control which is a security control which focuses on the management of risks as well as management of information systems security and operational control which is security control which is mainly implemented as well as being executed by individuals. The company might have acceptable uses of policy which specify the conduct of the workers which includes not visiting any malicious website. Security controls for monitoring as well as enforcing can be in the form of web contents filters that could implement policies plus logs simultaneously. Remedying phishing attacks is the other example that employs a combination of management as well as operational control. This security control helps in thwarting phishing, besides management controls of acceptable using the policies themselves including the operational control which includes training the users not to fall for the phishing scam as well as technical control which monitors emails plus websites usage for the signs of phishing activities. Physical control is the execution of the security measure in clear structures castoff in deterring or preventing unauthorized access to the sensitive materials. Examples of the physical control are picture ID, security guard, motion systems, closed circuit surveillance cameras, locked and deadbolt steel doors, and biometrics. Though it’s vital for the security professional to understand definition of control that should recognize ultimate goal of implementation of control for strengthening the defense of the company to be able to lessen risks. Information security has to be preserved as program that require continued monitoring to be able to defending as well as protecting the valuable asset. References CENELEC, IEC (2010). Functional Safety of Electrical/Electronic/Programmable Electronic Safety-Related Systems. Parts 1-7. International Electro Technical Commission. Young W., & Leveson G., (2014). “An integrated approach to safety and security based on systems theory,” Commun. ACM, vol. 57, no. 2.