PROJECT ESSAY: Cyber Security: Organization Security Controls
Identify resources to reference/use for different types of IT security controls (below) and organize by administrative, technical, and physical controls. Also, how/if those controls apply to end-user (beginner/moderate), technical user (moderate/advanced), and executive users (advanced/expert). (FEEL FREE TO USE OTHER SOURCES)
CompTIA Network+ N10-008 (Mike Meyers)
CompTIA Security+ Get Certified Get Ahead SY0-501 (Darril Gibson)
CompTIA Security+ SY0-601 (Mike Meyers)
https://csrc.nist.gov/search?keywords=security+controls&ipp=25&sortBy=relevance&showOnly=publications%2Cprojects%2Cnews%2Cevents%2Cpresentations%2Cglossary%2Ctopics&topicsMatch=ANY
https://www.sans.org/#addsearch=security%20controls
https://www.sans.org/cyber-security-skills-roadmap/
https://www.eccouncil.org/information-security-management/
CISSP – Sybex Book 8th Edition
ISO IEC 27001/ISO 27002
NIST Cybersecurity Framework
COBIT
Center for Internet Security (CIS) Controls
Identify resources for analysis/data collection (some listed below – feel free to use others) for improper use or lack of security controls and consequences. Use examples of real-world consequences for improper use/lack of security controls.
ISO IEC 27001/ISO 27002
NIST Cybersecurity Framework
COBIT
Center for Internet Security (CIS) Controls
https://purplesec.us/
Use compiled data (attached) and interpret the the 1st/2nd/3rd attempts of users taking the same quiz when being presented no data, appropriate level data, and a last attempt after 10 days (to verify retention of knowledge).
Pooling of different resources to establish a clear and concise understanding of data collected (from exams, resources) to create a working policy for all focus groups (user, technical, executive) and establish baseline.
Research paper that clearly and more details the scope of each deliverable and responsibilities of focus group.
The goal here is establish a more refined, one stop, easily digestible, graphic and/or
presentation.
