Chat with us, powered by LiveChat Assignment 1: Developing the Corporate Strategy for Information Security | Academics Zen
  

Assignment 1: Developing the Corporate Strategy for Information Security 
 
Imagine that you are working for a startup technology organization that has had overnight success. The organization’s immediate growth requires for it to formulate a corporate strategy for information security.  You have been recruited to serve as part of a team that will develop this strategy.
As part of the Information Security Strategy development, you are required to define specific Information Technology Security roles that will optimize and secure the organization’s data assets.
Review the “Cybersecurity: The Essential Body of Knowledge (EBK)” textbook for information necessary to complete this assignment. 
Write a five to seven (5-7) page paper in which you do the following, based on the scenario described below:
 
1. The Chief Information Security Officer (CISO) is responsible for several functions within an organization.
     a. Examine three (3) specific functions a CISO and provide examples of when a CISO would execute these functions within the 
         organization.
     b. Specify at least three (3) competencies that the CISO could perform using the provided Website titled, “ Information Technology 
         (IT) Security Essential Body of Knowledge (EBK): A Competency and Functional Frame-work for IT Security Workforce 
         Development.”
 
2. The Chief Information Officer (CIO) is responsible for several accountability functions within an organization:
     a. Identify at least four (4) functions of the CIO using the EBK as a guide. Provide examples of how the CIO would execute these 
         functions within an organization. 
     b. Classify at least two (2) security assurances that could be achieved by the CIO developing a formal security awareness, training, 
         and educational program.
     c. Suggest methods, processes, or technologies that can be used by the CIO to certify the security functions and data assets of an 
         organization on a day-to-day basis.
 
3. Describe how the digital forensics function complements the overall security efforts of the organization.
4. Evaluate the operational duties of digital forensic personnel and how these help qualify the integrity of forensic investigations within the enterprise and industry.
 
5. List at least three (3) technical resources available to the digital forensics professional to perform forensic audits and investigations. 
 
6. Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources. 
Your assignment must follow these formatting requirements:
parper 2
Case Study 2: SCADA Worm

Protecting the nation’s critical infrastructure is a major security challenge within the U.S.  Likewise, the responsibility for protecting the nation’s critical infrastructure encompasses all sectors of government, including private sector cooperation. Search on the Internet for information on the SCADA Worm, such as the article located at http://www.theregister.co.uk/2010/09/22/stuxnet_worm_weapon/.

Write a three to five (3-5) page paper in which you:

Describe the impact and the vulnerability of the SCADA / Stuxnet Worm on the critical infrastructure of the United States.
Describe the methods to mitigate the vulnerabilities, as they relate to the seven (7) domains.
Assess the levels of responsibility between government agencies and the private sector for mitigating threats and vulnerabilities to our critical infrastructure.
Assess the elements of an effective IT Security Policy Framework, and how these elements, if properly implemented, could prevent or mitigate and attack similar to the SCADA / Stuxnet Worm.
Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources. 

 
paper 3
Assignment 1: IT Security Policy Framework

Establishing an effective Information Technology Security Policy Framework is critical in the development of a comprehensive security program. Additionally, there are many security frameworks that organizations commonly reference when developing their security programs. Review the security frameworks provided by NIST (SP 800-53), ISO / IEC 27000 series, and COBIT. Assume that you have been hired as a consultant by a medium-sized insurance organization and have been asked to draft an IT Security Policy Framework.

You may create and/or assume all necessary assumptions needed for the completion of this assignment.

Write a three to five (3-5) page paper in which you:

Select a security framework, describe the framework selected, and design an IT Security Policy Framework for the organization.
Describe the importance of and method of establishing compliance of IT security controls with U.S. laws and regulations, and how organizations can align their policies and controls with the applicable regulations.
Analyze the business challenges within each of the seven (7) domains in developing an effective IT Security Policy Framework.
Describe your IT Security Policy Framework implementation issues and challenges and provide recommendations for overcoming these implementation issues and challenges.
Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.