Law homework help

Posted on | by Stevepiscles

Law homework help. You are to select a company (not attack type) of a major breach publicly announced within the last couple of years. Also, you are to conduct research about the breach at this company.,You are to select a company (not attack type) of a major breach publicly announced within the last couple of years,The steps required to complete the assignment are as follows:, 1.    You are to select a company (not attack type) of a major breach publicly announced within the last couple of years., 2.    Also, you are to conduct research about the breach at this company., 3.    Based on the information that you obtained from your research, you need to choose 2 controls per each ,category, of NIST framework that you believe were missing and contributed to the breach., 4.    There needs to exist a logical connection between the breach and missing controlsfor a specific company.  This connection can be established in two ways:,1.    The missing control was specifically mentioned in the publicly available research.,If this is the case, you can just reference the information that you found.,2.    You were able to make a case that this control was missing based on other information uncovered in the course of your research.  In this case, you need to explain how you reached this conclusion. For example, if the research specifically mentioned that the breach occurred because the data in the database was not encrypted, you could say that the control PR.DS-,1: Data-at-rest is protected was missing., You could, however, also probably extrapolate that ID.GV-4: Governance and risk management processes address cybersecurity risks was also missing. In this case, you would need to provide an explanation of why you think that was the case (provide logical connection between other information in the case and this specific control).,5.    Using the Framework provided in NIST Special Publication 800.30, you will create a risk assessment which will specify the risks arising from the lack of controls that you identified above.  You should follow the guidelines stated in the Appendix K of NIST 800.30. As per NIST 800.30, your report should have the following sections:,Executive Summary,List the date of the risk assessment.,Summarize the purpose of the risk assessment.,Describe the scope of the risk assessment.  For Tier 3 risk assessments, identify: the information system name and location(s), security categorization, and information system (i.e., authorization) boundary.,State that this is an initial risk assessment.,Describe the overall level of risk (e.g., Very Low, Low, Moderate, High, or Very High).,List the number of risks identified for each level of risk (e.g., Very Low, Low, Moderate, High, or Very High).,Body of the Report,Describe the purpose of the risk assessment, including questions to be answer by the assessment.,Summarize risk assessment results (e.g., using table I-4 in Appendix I).,Describe in detail how you arrived at the risks and risk levels contained within your report (you should plan to dedicate one (1) page per risk in the report).,Appendices,List references and sources of information.,Assessment, The assignment will be grade based on the following formula:, 10% Overall format and style of the paper.., 20% Thoroughness of the research conducted., 70% Quality of the reasoning related to the risks/controls selected.,Attachments,Click Here To Download,

Law homework help