User Account

All Pages

Create an agency-wide security awareness program

Assignment Help Computer Network Security
Reference no: EM131270783

Assignment: Final Project Milestone One: Statement of Work

The CISO of the organization reaches out to you, the senior information security officer, and tasks you with creating an agency-wide security awareness program. He states that he will give you all of his support to complete this project (remember, this is the first component of security awareness program). He hands you a security gap analysis (the second component of a security awareness program) that was conducted, which shows 10 major security findings. These 10 deficiencies will be translated into deliverables in the SOW. The CISO asks you to develop the SOW in order to establish the foundation for developing the agency's security awareness program. (See the Case Document for more details on the gap analysis.)

Based on the scenario provided in the Case Document, develop the SOW. Be sure to include the purpose of the proposal, address the security concerns of the chief executive officer (CEO), explain why the security awareness proposal will be vital to the organization, describe how the security posture will be addressed, clarify how human factors will be assessed, and list any organizational factors that will contribute to the status of the security posture. The SOW should also address the scope of the work, project objectives, business needs, business goals, technical requirements, deliverables, tasks to achieve the deliverables, high-level schedule of completing the deliverables and tasks, and personnel and equipment requirements. The SOW will serve as the basis for developing the final proposal.

Project Guidelines

Overview

The final project for this course is the creation of a security awareness program proposal.

In any type of enterprise, the security of property, information, products, and employees is of critical importance. Many security threats are caused by malicious intent, but, more often than not, security threats occur because of unintentional human error. In the final project for this course, you will evaluate the current security climate of an organization and develop a plan for mitigating against both malicious and unintentional human errors that could compromise the security of the organization. In addition to developing mitigation strategies, you must appropriately communicate those plans to the diverse, affected stakeholder groups for effective implementation. Ultimately, this assessment prepares you to successfully develop security awareness programs that not only protect the security of an organization's information, but also enhance the health of the overall security culture.

In this assignment, you will demonstrate your mastery of the following course outcomes:

• Determine the current security postures of various organizations by evaluating relevant human factors and applicable information security policies, practices, and processes

• Devise mitigation strategies that effectively protect against potential malicious and unintentional threats to organizations' security postures

• Propose strategies for appropriately resolving inoperative organizational factors that contribute to unhealthy security cultures in organizations

• Communicate key components of information technology security awareness programs to diverse stakeholders for effectively fostering healthy security cultures in organizations

Prompt

You were just hired as the new chief information security officer for a large corporation whose security posture is low. The first thing your chief executive officer tells you is that he has recently seen a presentation by one of the information security team members emphasizing the importance of having a security awareness program. As a result, you have been asked to develop a security awareness program based on the specific needs of the organization. To that end, you will make recommendations for enhancing security policies, practices, and processes that are currently contributing to a dysfunctional security culture. Your chief goal is to build a program that will foster a healthy security culture and ensure continuous improvement. Your final project is to create a security awareness program proposal that addresses the needs of this case.

Specifically, the following critical elements must be addressed:

I. Introduction

a) What is the purpose of your proposal? Why is the new security awareness program vital for the organization? Use specific examples to illustrate your claims.

b) Overall, how would you characterize the security posture of the organization? What were the major findings in your risk assessment of the organization's current security awareness policies, practices, and processes?

c) Specifically, are there human factors that adversely affect the security climate within the organization? If so, how? Be sure to consider unintentional and intentional threats to a healthy security culture.

d) Specifically, are there organizational factors that contribute to an unhealthy security culture in the organization? If so, how? Be sure to consider organizational data flow, work setting, work planning and control, and employee readiness.

II. Proposal

a) What is your proposal for mitigating the identified human factors that pose a threat to the organization's security posture? Describe the specific policies, processes, and practices that must be in place to address each of the following.

i. Unintentional Threats: What strategies can protect against human errors made due to cognitive factors? What strategies can protect against human errors made due to psychosocial and cultural factors?

ii. Intentional Threats: What strategies can protect against social engineering?

b) What is your proposal for resolving inoperative organizational factors that pose a threat to the organization's security posture? Describe the specific policies, processes, and practices that should be in place to address each of the following.

i. Data Flow: How do you make sure that the data sender and the data receiver have a sound connection? How do you ensure that data is not tampered with or altered from its intended meaning? What strategies do you propose to address poor communication?

ii. Work Settings: What strategies do you propose to address distractions, insufficient resources, poor management systems, or inadequate security practices?

iii. Work Planning and Control: What strategies do you propose to address job pressure, time factors, task difficulty, change in routine, poor task planning or management practice, or lack of knowledge, skills, and ability?

iv. Employee Readiness: What strategies do you propose to address inattention, stress and anxiety, fatigue and boredom, illness and injury, drug side effects, values and attitudes, or cognitive factors (e.g., misperception, memory, or judgment)?

III. Communication Plan

a) What messaging strategies should be used to ensure that stakeholders understand, buy into, and support the continuous improvement of your proposed security awareness program? Provide specific examples of the types of communication you are proposing.

b) In a broader sense, how would you convince diverse stakeholders of the overall need for a healthy security culture? How do you make it real and relevant for nontechnical audiences?

Milestone One: Statement of Work

In Module Two, you will create a statement of work (SOW) based on the scenario provided in the Case Document. Be sure to include the purpose of the proposal, address the security concerns of the chief executive officer, explain why the security awareness proposal will be vital to the organization, describe how the security posture will be addressed, clarify how human factors will be assessed, and list any organizational factors that will contribute to the status of the security posture. The SOW should also address the scope of the work, project objectives, business needs, business goals, technical requirements, deliverables, tasks to achieve the deliverables, high-level schedule of completing the deliverables and tasks, and personnel and equipment requirements. The SOW will serve as the basis for developing the final proposal. The format of this assignment will be a two- to four-page Word document.

Milestone Two: Security Policies Development

In Module Four, you will submit 10 security policies as part of the planned solution to mitigate the security gaps identified in the Case Document. This assignment will include a list of access control policies addressing remote access, encryption and hashing (to control data flow), auditing network accounts, configuration change management (to reduce unintentional threats), segregation of duties, mandatory vacation (to mitigate intentional threats), personally identifiable information breaches, media protection, and social engineering. This milestone focuses on security functionality, and each policy should be no longer than one page.

Milestone Three: Continuous Monitoring Plan

In Module Six, you will submit a continuous monitoring plan laying out the foundation for continuously monitoring the organization against malicious activities and intentional and unintentional threats. This milestone also focuses on work setting techniques and work planning policies to help employees improve their stress anxiety, fatigue, and boredom. As part of the planned solution, you will propose to mitigate the security gaps for the corporation given in the Case Document. You will need to explain what security tools (firewall, intrusion prevention system/intrusion detection system, antivirus, content filtering, encryption, etc.) and employee readiness strategies (training programs, rewards systems, physical wellness programs, etc.) will be used. The format should be a four- to five- page Word document.

Milestone Four: Communication Plan

In Module Eight, you will submit a communication plan that addresses and summarizes the importance of a security awareness program. How can it enhance the success of the organization? The goal of the communication plan is to find and implement messaging strategies to gain senior management's buy-in and support of the security program. Cyber laws, personally identifiable information breaches and implications, costs of security breaches, and advantages of awareness programs should be addressed. The plan should also include how the awareness training and the security policies and procedures will improve the security posture and culture throughout the organization. The format of this assignment will be a Word document.

Reference no: EM131270783

Questions Cloud

How would you explain skepticism to your colleagues : How would you explain skepticism to your colleagues? How could familiarity with skepticism benefit your colleagues and business culture? How could you integrate it into the workplace? Which philosopher would you recommend for people who want to learn..
Calculate displacement thickness and momentum thickness : Calculate the displacement thickness and the momentum thickness in terms of the local boundary-layer thickne
Briefly compare and contrast the leadership theories : Briefly compare and contrast the leadership theories. Select a historical figure (living or dead) who has been a leader - Use one of the theories to explain the successes and failures of the leader you selected.
Beverages from contract-managed food providers : All of us have consumed food and beverages from contract-managed food providers (e.g.,school cafeteria, theaters, sporting events, airline, etc.). Describe a time when you consumed food from a contract-managed food provider and determine what step..
Create an agency-wide security awareness program : The CISO of the organization reaches out to you, the senior information security officer, and tasks you with creating an agency-wide security awareness program.
Ethical and legal issues surrounding social media : This week you will discuss legal and ethical issues surrounding the use of social media in marketing. As discussed in Chapters 10 and 11 of the course text and this week's required article, the use of social media within marketing plans provides o..
Process for conducting an informal situational analysis : At point B (273K) the melting point of ice becomes achieved and the temperature becomes constant as ice changes state to liquid (water) - individuals experiences temperature changes
Estimate its drag assuming fully turbulent flow : An airplane tows a 2-m-tall advertising banner at a speed of 160 km/h. If the banner is flat and 5 m long, then estimate its drag assuming fully turbulent flow (μ = 1.8 × 10-5 N s/m2, ρ = 1.2 kg/m3).
Supply chain differ from materials management and logistics : What is a supply chain? How does a supply chain differ from materials management and logistics? In a short essay, discuss how companies use foreign exchange. Name two of the high cost conditions affected by the Hospital Readmission Reduction Program?..

Reviews

Write a Review

Computer Network Security Questions & Answers

  Airplane technology security

airplane technology security

  Calculate cost of goods sold

How would you calculate cost of goods sold? What items make up cost of goods sold? How does beginning and ending inventory affect cost of goods sold?

  Assess any potential malicious attacks and threats

Analyze and assess any potential malicious attacks and threats that may be carried out against the network.

  Problem regarding the digital computer crime

Explain the four (4) major categories of computercrimes, and provide at least one (1) example for each.Explain the most common forms ofdigitalcrime.

  Describe the sarbanes-oxley act

Describe the Sarbanes-Oxley (SOX) act and Committee of Sponsoring Organizations (COSO) framework - describe the process of performing effective information technology audits and general controls.

  List and explain key objectives of information security

Information security is used to describe the tasks of protecting information in a digital form. List and explain three key objectives of information security. Also list and explain at least two additional protections (concepts)to present a complete v..

  Concepts of information systems security as applied to an it

concepts of information systems security as applied to an IT infrastructure

  Important elements in learning about organizations security

Gathering requirements and collecting data are important elements in learning about the organization's security posture status. There are many methods of collecting data and information.

  What are some of the barriers to widespread connectivity

What are connectivity standards and how do they affect the ability of one provider to connect to another?

  Ids and ips overview

IDS and IPS Overview

  Which of risks gci faces are most significant to company

What measures would you propose to senior management to try to prevent a breach of data held by GCI? Your response should include recommendations for mitigating vulnerabilities identified in part (a).

  Trust computation in computer systems

Select and summarise an article from the University of Liverpool online library that addresses trust computation in computer systems. Analyse how trust is used in controlling access to resources. Evaluate the proposed solution used in emergent enviro..

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd