Now that the C&A package has been introduced, the next incremental step for your internal federal C&A team will be to the identify the types of threats, vulnerabilities, exposure, and risks of the program and to add this information to the C&A package.
A successful virus, spyware program, or exploit would be a disaster for any government agency that is providing critical services to the United States and its citizens; therefore, your team must specifically outline the steps involved in the information system (IS) risk assessment and develop an actual IS security risk assessment report for the client.
Provide a report to the client with the following information:
- A title page
- Content that includes the following:
- Introduction to the contents of the report
- Description of the types of real threats and vulnerabilities that the government agency is facing
- Description of how the C&A team will determine risk and identify the specific level of risk for each vulnerability (1–2 paragraphs)
- Description of how the organization will track critical deficiencies and the actions that must be taken to mitigate those vulnerabilities
- Conclusion describing the approach taken with threats, vulnerabilities, tracking, and reporting to meet FISMA guidelines
- Reference list in APA format
The report should be a minimum of 3–5 pages in length (excluding the title page), and it should be neatly formatted. Post your document in your individual assignment upload area. Sources should be properly cited in APA style.
|Due By (Pacific Time)
||05/08/2015 06:00 pm