Download the Cloud Security Alliance (CSA) Cloud Controls Matrix spreadsheet. (A quick Internet search should give you the address of the most current version for download.) Under the “Scope Applicability” heading, select a category that is applicable to the organization for which you work. For example, if your organization handle personal medical data and uses the COBIT framework, you could choose either COBIT or HIPAA/HITECH. Once you select a category, choose row from “Control Domain” (that no other student has already selected!) Then, create a new thread in this week’s discussion with the title from column B (i.e. CCM V3.0 Control ID.) Explain the control domain, how it maps to your chosen scope, and specifically what your organization does to implement the stated control.
If you don’t know which scope applies to your organization, just use the University of the Cumberlands (UC) as your organization. As a university, we are under the domain of FERPA, So, is you choose UC, you would need to choose a Control Domain and explain how it maps to FERPA, and how UC implements the controls.
So, here’s an example. Let’s suppose I work for a large on-line retailer. We handle payment cards and are therefore under PCI DSS requirements. I’ll select BCR-03 control ID (Business Continuity Planning.) So I would create a new thread in this week’s discussion with the title “BCR-03.” Then I’d explain what BCR-03 is, what it maps to in PCI DSS (4.1, 4.1.1, 9.1, 9.2), and then I’d explain what my organization does to comply with this control requirement.
below is sample work
Organization: University of Cumberland’s (UC)
Control domain: DSC-07
Security is that the crucial parameter for the academic agency or organization. The management domain our institute are victimization was DCS-07(Distributed Control System).We will be discussing regarding knowledge Center MI space Authorization was engineered for our organization. And what institute will so as to accommodates with the management instrumentation.
The Family instructional Rights and Privacy Act (FERPA) could be a federal law that affords oldsters the correct to own access to their children’s education records, the correct to hunt to own the records amended, and therefore the right to own some management over the revelation of in person recognizable data from the education records. once a student turns eighteen years recent, or enters a postsecondary establishment at any age, the rights beneath FERPA transfer from the fogeys to the coed (“eligible student”).
Our educational establishment maps to FERPA -99.31.a.1.ii that states that organization should use cheap strategies to confirm that faculty officers acquire access to solely those education records during which they need legitimate instructional interests. An academic agency or establishment that doesn’t use physical or technological access controls should make sure that its body policy for dominant access to education records is effective which it remains in compliance with the legitimate educational interest demand.
In Order to go with the info security standards of our organization it ought to have the set of policies, precautions and practices adopted to avoid unauthorized access and manipulation of an information center’s resource, the licensed access list ought to be restricted coextensive to the restrictions the organization places on root level server access and Access ought to be restricted to those people and want to support the environmental and network infrastructure. Maintaining standalone or freelance systems provide you with additional management, however raise the complexities of tasks, However, some audit standards mandate this level of management.