User Account

All Pages

Develop an introduction to the security policy outline

Assignment Help Management Information Sys
Reference no: EM13933204

Project: Outline for an Enterprise IT Security Policy

Scenario: A client company has asked you to help it develop an outline for an Enterprise IT Security Policy which addresses the following Enterprise Areas:

1. Access Control
2. Application Development
3. Asset Management
4. Business Operations
5. Communications
6. Compliance
7. Corporate Governance
8. Customers
9. Incident Management
10. IT Operations
11. Outsourcing
12. Physical/Environmental
13. Policies & Procedures
14. Privacy
15. IT Security Program Implementation

The client has specifically requested that you address applicable elements of theFramework Core and protective technologies aslisted in the National Institute of Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity(see Table 2 inhttps://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf). The client has also requested that you address relevant security policies and controls from other sources, including NIST SP-800-53 and the CIS Critical Security Controls.

Note: Typical critical infrastructure organizations include: banks / financial institutions, regional healthcare providers (e.g. hospitals or urgent care providers), transportation providers (air, rail, water), telecommunications or Internet services providers or local energy utilities.

Read / Research:

1. Read the Week 1 & Week 2 readings.
a. https://www.nist.gov/director/speeches/20150204rominespeech.cfm
b. https://www.whitehouse.gov/the-press-office/2013/02/12/executive-order-improving-critical-infrastructure-cybersecurity
c. NIST Economic Case Study - Planning Report 13-2; The Impact of NSTIC on the Internal Revenue Service (See attachment)
d. Perspective on 2015 DoD Cyber Strategy Before the Committee on Armed Services, United States House of Representatives(See attachment)
e. Federal Register Notice. Part III, The President, Executive Order 13636 (See attachment)

2. Review the National Institute of Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity(pay special attention to Table 2 in https://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf)

3. Review the security controls as presented in NIST SP 800-53https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf and the CIS Critical Security Controls (https://www.sans.org/critical-security-controls ). Pay special attention to the types of risks / threats which the various controls or control families address or mitigate.

4. Choose an existing "client" company or create one of your own ("fictional"). Research (or develop) thefollowing:
a. mission statement for this client which provides a brief overview of the client's organization and the critical infrastructure sector in which it operates
b. types of information, information systems, and information infrastructure (networks, communications capabilities) included in its enterprise
c. regulations and laws which it must comply with (paying special attention to those which impact the use of information and information systems)
d. products / services which the organization provides to its customers

5. Research each of the 15 areas which the client has asked you to address. For each area, you must identify major risks or threats to confidentiality, integrity, and availability. You must also identify security controls which can be used to mitigate these risks. Where appropriate, you must list two or more technologies which will implement those controls.

Write:

1. Develop an introduction to the security policy outline which you will present in your deliverable.

2. Develop an overview of the client company (mission, functions, information / information systems which need to be protected, laws and regulations, etc.).

3. Using your research, write a 2 - 3 page outline for an Enterprise IT Security Policy. This outline should address all of the areas requested by the client. For each major area in the outline you must provide a brief introduction which explains what is covered in each area. You must also identifyrisks / threats to confidentiality, integrity, and availability which are addressed in each area. Provide at least two examples of policies which would implement applicable security controls and, as appropriate, identify two or more protective technologies.

4. Use the following format for your outline:

I. Enterprise Area
[Descriptive paragraph about this enterprise area and policies required to implement appropriate security for it.]

a. Policy Area #1
b. Policy Area #2
Example:
I. Access Control
[Brief descriptive paragraph for this enterprise area]

a. Implement Separation of Duties [one sentence explanation]

b. Control the Use of Administrative Privileges[one sentence explanation]

Verified Expert

This paper talks about any real client and how to deal with maintaining the security of the organization. It talks about the mission, vision, and the goals of that organization and also develops a strategic plan for maintain the security of the firm. The chosen client here is US bank and a strategic plan is developed to maintain the security and the confidentiality of information within the firm. It also talks about what policies need to be implemented to maintain its security and what are talks about protective policies as well. The paper is written in Microsoft word and is of 1300 words.

Reference no: EM13933204

Questions Cloud

Csr relevant to australian businesses : Corporate Social Responsibility (CSR) is referred to as a triple approach that considers the economic, social and environmental aspects of corporate activity. Describe why and how is CSR relevant to Australian Businesses.
Character in the workforce-from education to work : Write an essay on one of the following topics :- Future employability , Meaningful work, attributes to succeed, character in the workforce , From education to work. Write an annotated bibliography on any of these topics and present a seminar on an..
Write an application that will allow user to input a string : You need to provide a way to exit the program gracefully.
Apparent quality of the social accounting approach : Assess the apparent quality of the social accounting approach utilized by each company according to Zadek et al.'s (1997) criteria.
Develop an introduction to the security policy outline : Develop an introduction to the security policy outline which you will present in your deliverable. Develop an overview of the client company (mission, functions, information / information systems which need to be protected, laws and regulations, et..
Define frequency polygon and frequency curve : Indicatethe method ofconstructing histogram, frequency polygon and ogive. Define Frequency polygon and Frequency Curve. Explain clearly the relation that exists n them.
Framework of a research proposal in accordance : Set up the framework of a research proposal in accordance with the following guidelines.
Wriite program using ms visual basic express edition ide : You must center all forms on the screen.
Conceptual framework for the research question : 1. Identify and describe the conceptual framework for the research question. 2. Review the relevant theoretical and empirical literature both for the system being studied and related systems.

Reviews

Write a Review

Management Information Sys Questions & Answers

  Consolidated data centers and branch office security

Consolidated Data Centers and Branch Office Security

  Sample question technologyi guess you can call technology

sample question technologyi guess you can call technology the gift and the curse. the gift would be the fact that at

  Discuss the effectiveness of the congruence model

Identify the political, economic, cultural and leadership factors that have influenced the implementation of this change (alliance with emirates) in Qantas Airline and discuss the effectiveness of the CONGRUENCE MODEL of change for Qantas airline.

  Management and it service providers

Source Selection, Negotiations, and Contract Management and this solution discusses interpersonal factors that come into play in a meeting between management and IT service providers. The elements of the meeting, ways to select the best contractor,..

  Hardware and software selection business decision

computer hardware and software for the organization an important business decision? What factors should be considered?

  Source selection negotiations and contract managementbuyer

source selection negotiations and contract managementbuyer organizations seeking it services usually require an oral

  What does phrase ethical behavior mean determine and

assignment explanation please respond to this question in the discussion area by wednesday at 1159 pm. the post should

  How do you know if system is meeting your security goals

How do you know if your system is meeting your security goals? You can verify that controls are working, but how do you know if they are getting the job done

  Examine the cannibalization strategy

Examine the "cannibalization" strategy and determine if it is or is not a better strategy compared to the DYB strategy for growth, competitiveness, and market leadership. Provide two (2) business examples

  Discuss the requirements for remote administration

Discuss the requirements for remote administration, resource management, SLA management and billing management of your chosen provider

  Determine the impact of potential logical threats

Determine the impact of at least five potential logical threats that require attention. Detail the security controls (i.e., administrative, preventative, detective, and corrective) that the pharmacy could implement in order to protect it from the ..

  Define operational excellence

Define operational excellence. How can information systems help achieve it

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd