This is a paper that is focusing on the information security consultant initial assessment performance. The paper also provides further questions to discuss the assignment paper.
The information security consultant initial assessment performance
A government agency has hired you, “the information security consultant,” to perform an initial assessment. (as a part of the due diligence) on a new initiative they are to take on. This initiative will involve a strategic partnership with a Managed Security Services Provider (MSSP). The government agency will be outsourcing their security operations center (SOC) to the MSSP.
The outsourced SOC will be responsible to manage all security incidents pertaining to the government agency. Also, will be the first point of contact for all such incidents. The SOC also will also perform Identity and Access provisioning for the agency’s employees and as such will need privileged access to the agency’s critical access and data.
As a part of the due diligence, the senior management has an interest to know the following as it pertains to asset and access management:
Discuss the identity and access management issues that might arise due to the nature of the above engagement.
Discuss the role that asset and data classification will play in determining what information will the MSSP be allowed to access and how that determination is made.
Also, discuss how you will ensure that the MSSP complies with the best practices around identity and access provisioning lifecycle.
How will a determination be made as to what authorization mechanisms will be for the MSSP users that access the agency’s assets/data? (RBAC, MAC, DAC).
What considerations need to be discussion to prevent or mitigate access control attacks?
The purpose of an outline is to help the student think through the topic carefully. Also, organize it logically before starting to write. A good outline is the most important step in writing a good paper. The outline needs to make sure that the points covered flow logically from one to the other.