Reference no: EM132244306
Question
This will be a basic research paper that further explores one of the case studies at the end of the Chapter 7. Select one and see what information is available in addition to what is in your textbook. What changes have happened since each of these incidents or studies?
Remember to ask a research librarian for assistance.
The focus of this assignment is to write a 2 to no more than 3 page paper in your own words.
cite your sources
use spell and grammar check
Safe Assign will be on - you will have 3 attempts to correct any plagiarism spotted
note that generally 25% or lower I ignore
draw your own conclusions as to what was or was not effective.
what would you suggest they do
Be sure to have
an introduction stating the problem and company
a discussion
a conclusion
Private Sector Case Study
During an internal review, American Imaging Management (AIM) decided it needed to improve its due diligence practices. AIM decided to expand its corporate security program. The company began by performing a risk assessment on its current security program.
The assessment used the ISO 27001 gap assessment methods. When complete, AIM delivered a recommended course of action. These activities were intended to address and remediate areas that were either under- or over-controlled.
Using the Plan-Do-Act-Check cycle from the ISO standards, AIM's activities included:
Defining more detailed roles and responsibilities
Identifying all relevant security requirements (legislative, regulatory, and contractual)
Defining all supporting policies, standards, and procedures
Defining and establishing a security awareness program
Expanding the organization's vulnerability management program
Collaborating with the business continuity/disaster recovery (BC/DR) team to integrate security program objectives
Improving the incident response program
Implementing an internal security control audit program
By the end of the project, AIM was able to create a road map for building a security program that could be registered to the ISO 27001 standard.