Plan of Action and Milestones
Background Upon reaching Step-5 (Authorize) of the Risk Management Framework, all documents to this point are being compiled to establish a ″Body of Evidence) for accreditation. Based on system design, organization personnel structure, environmental limitations, and other factors, not all security controls can be implemented at a satisfactory level (if at all). While no system is expected to be perfectly secured, it is critical to identify failed controls that cannot be mitigated and develop a plan for correcting failed controls that fall within your purview. In addition to the documents submitted in your security baseline, the Plan Of Action and Milestones (POA&M) is among the first documents an authorizing official will look at to identify high areas of risk. Deliverables Submit an APA-formatted paper, 750 words minimum (at least 3 pages), that includes all deliverables listed below.[unique_solution] Reminder: Assume you are using your home computer for work, connecting to the company network through a Virtual Private Network (VPN). 1) Refer to your self-assessment from Unit-4 to create a Plan of Action and Milestones (POA&M): a) Identify failed security controls that cannot be mitigated and explain your rationale. b) Identify failed security controls that can be corrected. c) Provide a plan, including timelines, for mitigating correctable controls. 2) Mitigation through system development: a) Calculate your system′s annual loss expectancy (Asset Value x Annual Rate of Occurrence). b) Identify technologies could mitigate the uncorrectable controls you identified, along with their annual cost. c) Assess how much the annual loss expectancy is reduced. Are the new technologies financially feasible? d) Recommend whether the company should implement the new technologies, or accept current risks. APA Requirements Standard APA formatting is required. This includes in-text citations, references page, title page, section headings, running head, etc.