security control frameworks

When performing a gap analysis, one must have an understanding of the desired future or “to be” state. For cybersecurity focused gap analyses, we frequently use IT security controls as the framework for describing the “to be” (or “should be”) state. There are a variety of guidance documents which list and define sets of security controls.

If you look at multiple sources, e.g. NIST, SANS, CSIS, you will see that IT controls come in a variety of “flavors”. Some sources use the People, Process, and Technology scheme to organize and define controls. Other sources define controls (safeguards) in terms of the phases of information security to which they apply (e.g, Preventive controls, Detective controls, Deterrent controls, Corrective controls (used in the Response or remediation phases)). A third framework which you used in earlier courses (CSIA 413) is “administrative or managerial, operational, and technical” controls.

Save your time - order a paper!

Get your paper written from scratch within the tight deadline. Our service is a reliable solution to all your troubles. Place an order on any task and we will take care of it. You won’t have to worry about the quality and deadlines

Order Paper Now

-Research and select a control grouping framework then populate the framework with some examples of the actual controls. Provide your rational as to why you selected your framework and identify an industry or industry vertical to which your framework is most applicable.