explain how to implement a security framework to identify and close gaps between an organization’s current cybersecurity status and its future target cybersecurity status. Make sure to align to an appropriate regulation (e.g., PCI DSS, HITECH, HIPAA, SOX, GLBA, or GDPR) and address the following:
- Explain the current cybersecurity environment, such as development processes, paradigms, information, configuration management, and systems directly involved in the delivery of services.
- Describe the current risk management practices, development threats, legal and regulatory requirements, business/mission objectives, and organizational constraints using the framework identified.
- Describe how security best practices and frameworks can be used as a reference to develop a cybersecurity program.
- make a diagram related to the common workflow of information and decisions at the major levels within the organization.
- Explain the critical cybersecurity needs that should be in place to ensure compliance with the appropriate regulation by differentiating from NIST, ISO/IEC 27000-series (e.g., PCI DSS, HIPAA, SOX, GLBA). Then, prioritize organizational efforts, business needs, and outcomes.
- List and describe the elements of a software assurance maturity model.
Complete Answer: