Instructions For Security Frameworks This Week's Assignment

Posted on December 27, 2025

Instructionssecurity Frameworksthis Weeks Assignment We Are Going To

Instructions security Frameworks This week's assignment we are going to look at the various security frameworks in use today in cybersecurity. You will need to look at your organization’s security framework policies from ISSC479 Week 3 assignment and compare it to a security framework policies for a general computer company.

Assignment Guidelines

Step 1: Locate a security framework policy that is publicly available.

Step 2: Compare and contrast the organization’s security framework policy with the publicly available security framework policy.

Step 3: Identify the differences between the two policies, explain why these differences exist, and analyze whether the security frameworks used in ICS and SCADA are sufficiently secure or if industry improvements are necessary.

Paper For Above instruction

Introduction

In the realm of cybersecurity, security frameworks serve as vital protocols that guide organizations in establishing, implementing, and maintaining effective security measures. These frameworks not only provide structured approaches to safeguarding information assets but also ensure compliance with regulatory standards and enhance overall security resilience. This paper compares the security framework policies of a specific organization, developed in the context of ISSC479 coursework, with a publicly available security framework from a general computer company. Additionally, it discusses the differences between these policies, the reasons behind these variances, and evaluates the security posture of industrial control systems (ICS) and supervisory control and data acquisition (SCADA) in the context of cybersecurity threats.

Comparison of Security Framework Policies

The organization’s security framework, as outlined in the ISSC479 Week 3 assignment, is tailored to address specific operational needs, regulatory requirements, and cybersecurity risks relevant to its industry sector. This policy emphasizes comprehensive access controls, incident response procedures, regular vulnerability assessments, and employee training programs to foster a security-aware culture. It also integrates standards such as NIST SP 800-53, ensuring compliance with federal guidelines and best practices.

In contrast, the publicly available security policy from a general computer company, such as Microsoft or Cisco, typically adopts a broad, vendor-neutral approach intended to apply across various industries. These policies often focus on data encryption, network security, physical security controls, and cloud security provisions. They adhere to internationally recognized standards like ISO/IEC 27001, providing flexible, scalable security controls adaptable to multiple organizational contexts.

When contrasting these policies, several differences emerge. The internal organizational policy might be more detailed regarding industry-specific threats, regulatory compliance, and operational controls. The general company policy may emphasize scalable security principles and best practices for a diverse range of clients. The internal policy's tailored approach ensures relevance to the organization’s specific risks, while the generic policy emphasizes universal principles applicable globally.

Differences and Their Underlying Causes

The primary differences lie in scope, specificity, and regulatory focus. For instance, the internal policy incorporates procedures for handling proprietary industrial data, compliance with sector-specific standards such as NERC CIP for energy firms, or HIPAA for health organizations. Conversely, the external policy covers broader issues like VPN usage, remote access, and general data protection, intended for a wider audience without industry-specific nuances.

These differences are rooted in organizational context. Industry-specific threats necessitate tailored controls; for example, power grid cybersecurity demands rigorous SCADA system protections that are less relevant to traditional enterprise IT. Regulatory frameworks also influence policy scope, with sectors like finance or healthcare mandating stricter controls. Furthermore, internal policies are often more granular, reflecting organizational risk appetite, operational processes, and internal compliance measures.

Security of ICS and SCADA Systems

The discussion of ICS and SCADA security reveals that these critical infrastructures are increasingly targeted by cyber adversaries, given their vital roles in national security, energy, manufacturing, and transportation sectors. Historically, many ICS and SCADA systems operated with minimal security measures, relying on proprietary protocols and isolated networks. However, globalization and digital integration have exposed these systems to emerging cyber threats, including malware, ransomware, and nation-state attacks.

While industry standards such as ISA/IEC 62443 provide a framework for securing industrial control systems, there remain significant security gaps. Many organizations lack the resources or expertise to implement comprehensive controls, and legacy systems often cannot support modern security features. Moreover, threat actors increasingly exploit weaknesses in supply chains and remote access points.

The debate on the security of ICS and SCADA systems centers on whether existing frameworks suffice. While standards and policies have improved, persistent vulnerabilities indicate that the industry must invest more heavily in automation, real-time monitoring, incident response, and workforce training. Enhanced segmentation, encryption, and strict access control are essential, given the grave consequences of system compromise, including national security threats and physical infrastructure damage.

In conclusion, although existing security frameworks have positively influenced ICS and SCADA security, industry stakeholders must accelerate implementation of advanced security measures, conduct regular security audits, and foster a security-first culture. Achieving resilient, secure industrial systems requires continuous evolution of policies aligned with innovative threat intelligence and technological advancements.

Conclusion

In summary, comparing internal organizational security policies with external standards reveals that contextualization, regulatory compliance, and operational considerations shape frameworks to meet specific needs. While these policies establish a baseline for security, the unique vulnerabilities in ICS and SCADA demand ongoing improvements. The increasing sophistication of cyber threats necessitates that the industry commits to adopting cutting-edge security controls, investing in workforce training, and maintaining adaptive security strategies. Only through such concerted efforts can critical infrastructures effectively resist evolving cyber adversaries and ensure operational continuity.

References

Coffey, A., & Roberts, J. (2019). Understanding industrial control system cybersecurity. Journal of Cybersecurity, 5(2), 125-138.
ISA/IEC 62443 Standards. (2020). Industrial Automation and Control Systems Security. International Society of Automation.
National Institute of Standards and Technology (NIST). (2018). Framework for Improving Critical Infrastructure Cybersecurity. NIST Special Publication 800-53.
Pohjola, M. (2021). Security challenges in industrial control systems. International Journal of Industrial Security, 14(1), 45-59.
Schneider, K. et al. (2020). Enhancing SCADA security: best practices and frameworks. Cybersecurity Journal, 7(3), 210-225.
Smith, R. (2017). Cybersecurity in critical infrastructure. IEEE Security & Privacy, 15(4), 45-53.
U.S. Department of Energy. (2019). Roadmap to Achieve Energy Sector Cybersecurity. DOE Reports.
Wallner, T. (2018). Securing industrial networks: protocols and architectures. Control Engineering Practice, 72, 1-11.
Wilson, T., & Williams, A. (2022). Advancing ICS security: strategies and standards. Journal of Industrial Technology, 38(2), 101-115.
Yar, M. (2016). Cybercrime and Cybersecurity in the Industrial Sectors. Routledge.

« Previous Next »

Hire Dr Jack for Homework & Academic Writing Help

Need personalised help with your homework, assignments, research papers, or dissertations? I would be happy to work with you one-to-one and support you from start to finish.

100% human-written work (no AI used) – if you ever detect AI content, I offer a full refund, no questions asked.
Zero plagiarism – I deliver original work, and if any plagiarism is found, you receive a 100% refund.
On-time delivery – your work is always completed within the agreed timeframe.
Available 24/7 – you can reach out whenever it is convenient for you.
Fixed Rate – $20 Per Page (Nothing Extra for Urgent, Title/Reference Page , Revision and many more.).

To discuss your requirements, please email me at drjack9650@gmail.com . I will respond as soon as possible.