Cyberspace and Cybersecurity Foundations

computer science

Description

Security Assessment Report (SAR)

CYB 610: Cyberspace and Cybersecurity Foundations


Dr. Stephanie Carter


University of Maryland University College


Security Assessment Report (SAR) 2


Abstract


The purpose of the security assessment plan (SAR) is to communicate the results of security

assessments of the information technology (IT) infrastructure to include its: people,

processes, policies and information systems (NIST, 2010). The SAR is one of the main

documents included in the system authorization package, along with the system security plan

(SSP) and plan of actions and milestones (POA&Ms). These documents are used to provide

the authorizing official (AO) with necessary feedback on the security state and posture of the

system to make a risk-based decision if the system should operate or continue operations.

The SAR provides the overall state of security of the IT infrastructure detailing the

infrastructure’s ability to meet the security objectives: Confidentiality, Integrity, and

Availability (CIA) when protecting the data that is transmitted, stored, or processed by and

through it. Although the SAR is s document that captures a snapshot in time of the security

state of the information system; to support continuous monitoring activities, the SAR is

updated whenever subsequent security assessments are performed. To support document

revision, the SAR should be annotated with updated versions each time it is changed and

these changes should be annotated within the SAR itself. According to NIST (2014), the key

elements to an assessment report is outlined in Appendix G (pp G-2); however, for this SAR

the following elements will be included: Operating System (OS) Overview, OS

Vulnerabilities, Assessment Methodologies, Risk, and Recommendations.

Instruction Files

Related Questions in computer science category


Disclaimer
The ready solutions purchased from Library are already used solutions. Please do not submit them directly as it may lead to plagiarism. Once paid, the solution file download link will be sent to your provided email. Please either use them for learning purpose or re-write them in your own language. In case if you haven't get the email, do let us know via chat support.