In this module, you explored selecting security controls as it relates to the Risk Management Framework used by the Federal Government and other organizations to manage risk. The security control baselines address the security needs of a broad and diverse set of constituencies and are developed based on a number of general assumptions, including common environmental, operational, and functional considerations. The baselines also assume typical threats facing common information systems.You have been tasked to brief your manager/CFO or CEO of your company (continue to use the one you have been referring to in the previous models) about selecting security controls. Prepare a three-four page paper, not including title and reference pages, describing how and why you selected and tailored a set of baseline controls based on the categorization of your company’s payroll system Discuss the security controls you selected (at a high level – families) based on impact levels of each security objective: confidentiality, integrity and availability and your justification for each. (Refer to NIST SP 800-53r5, Chapter 3 for assistance).Your paper must be double-spaced, use a standard 12-point font and standard margins. At least two APA formatted in-text citations are required plus appropriate references must be listed. (Note: No wiki or blog references are allowed).Your document should be free of spelling and/or grammatical errors.
