User Account

All Pages

Develop an introduction to the security policy outline

Assignment Help Management Information Sys
Reference no: EM13933204

Project: Outline for an Enterprise IT Security Policy

Scenario: A client company has asked you to help it develop an outline for an Enterprise IT Security Policy which addresses the following Enterprise Areas:

1. Access Control
2. Application Development
3. Asset Management
4. Business Operations
5. Communications
6. Compliance
7. Corporate Governance
8. Customers
9. Incident Management
10. IT Operations
11. Outsourcing
12. Physical/Environmental
13. Policies & Procedures
14. Privacy
15. IT Security Program Implementation

The client has specifically requested that you address applicable elements of theFramework Core and protective technologies aslisted in the National Institute of Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity(see Table 2 inhttps://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf). The client has also requested that you address relevant security policies and controls from other sources, including NIST SP-800-53 and the CIS Critical Security Controls.

Note: Typical critical infrastructure organizations include: banks / financial institutions, regional healthcare providers (e.g. hospitals or urgent care providers), transportation providers (air, rail, water), telecommunications or Internet services providers or local energy utilities.

Read / Research:

1. Read the Week 1 & Week 2 readings.
a. https://www.nist.gov/director/speeches/20150204rominespeech.cfm
b. https://www.whitehouse.gov/the-press-office/2013/02/12/executive-order-improving-critical-infrastructure-cybersecurity
c. NIST Economic Case Study - Planning Report 13-2; The Impact of NSTIC on the Internal Revenue Service (See attachment)
d. Perspective on 2015 DoD Cyber Strategy Before the Committee on Armed Services, United States House of Representatives(See attachment)
e. Federal Register Notice. Part III, The President, Executive Order 13636 (See attachment)

2. Review the National Institute of Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity(pay special attention to Table 2 in https://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf)

3. Review the security controls as presented in NIST SP 800-53https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf and the CIS Critical Security Controls (https://www.sans.org/critical-security-controls ). Pay special attention to the types of risks / threats which the various controls or control families address or mitigate.

4. Choose an existing "client" company or create one of your own ("fictional"). Research (or develop) thefollowing:
a. mission statement for this client which provides a brief overview of the client's organization and the critical infrastructure sector in which it operates
b. types of information, information systems, and information infrastructure (networks, communications capabilities) included in its enterprise
c. regulations and laws which it must comply with (paying special attention to those which impact the use of information and information systems)
d. products / services which the organization provides to its customers

5. Research each of the 15 areas which the client has asked you to address. For each area, you must identify major risks or threats to confidentiality, integrity, and availability. You must also identify security controls which can be used to mitigate these risks. Where appropriate, you must list two or more technologies which will implement those controls.

Write:

1. Develop an introduction to the security policy outline which you will present in your deliverable.

2. Develop an overview of the client company (mission, functions, information / information systems which need to be protected, laws and regulations, etc.).

3. Using your research, write a 2 - 3 page outline for an Enterprise IT Security Policy. This outline should address all of the areas requested by the client. For each major area in the outline you must provide a brief introduction which explains what is covered in each area. You must also identifyrisks / threats to confidentiality, integrity, and availability which are addressed in each area. Provide at least two examples of policies which would implement applicable security controls and, as appropriate, identify two or more protective technologies.

4. Use the following format for your outline:

I. Enterprise Area
[Descriptive paragraph about this enterprise area and policies required to implement appropriate security for it.]

a. Policy Area #1
b. Policy Area #2
Example:
I. Access Control
[Brief descriptive paragraph for this enterprise area]

a. Implement Separation of Duties [one sentence explanation]

b. Control the Use of Administrative Privileges[one sentence explanation]

Verified Expert

This paper talks about any real client and how to deal with maintaining the security of the organization. It talks about the mission, vision, and the goals of that organization and also develops a strategic plan for maintain the security of the firm. The chosen client here is US bank and a strategic plan is developed to maintain the security and the confidentiality of information within the firm. It also talks about what policies need to be implemented to maintain its security and what are talks about protective policies as well. The paper is written in Microsoft word and is of 1300 words.

Reference no: EM13933204

Questions Cloud

Csr relevant to australian businesses : Corporate Social Responsibility (CSR) is referred to as a triple approach that considers the economic, social and environmental aspects of corporate activity. Describe why and how is CSR relevant to Australian Businesses.
Character in the workforce-from education to work : Write an essay on one of the following topics :- Future employability , Meaningful work, attributes to succeed, character in the workforce , From education to work. Write an annotated bibliography on any of these topics and present a seminar on an..
Write an application that will allow user to input a string : You need to provide a way to exit the program gracefully.
Apparent quality of the social accounting approach : Assess the apparent quality of the social accounting approach utilized by each company according to Zadek et al.'s (1997) criteria.
Develop an introduction to the security policy outline : Develop an introduction to the security policy outline which you will present in your deliverable. Develop an overview of the client company (mission, functions, information / information systems which need to be protected, laws and regulations, et..
Define frequency polygon and frequency curve : Indicatethe method ofconstructing histogram, frequency polygon and ogive. Define Frequency polygon and Frequency Curve. Explain clearly the relation that exists n them.
Framework of a research proposal in accordance : Set up the framework of a research proposal in accordance with the following guidelines.
Wriite program using ms visual basic express edition ide : You must center all forms on the screen.
Conceptual framework for the research question : 1. Identify and describe the conceptual framework for the research question. 2. Review the relevant theoretical and empirical literature both for the system being studied and related systems.

Reviews

Write a Review

Management Information Sys Questions & Answers

  Information technology and the changing fabric

Illustrations of concepts from organizational structure, organizational power and politics and organizational culture.

  Case study: software-as-a-service goes mainstream

Explain the questions based on case study. case study - salesforce.com: software-as-a-service goes mainstream

  Research proposal on cloud computing

The usage and influence of outsourcing and cloud computing on Management Information Systems is the proposed topic of the research project.

  Host an e-commerce site for a small start-up company

This paper will help develop internet skills in commercial services for hosting an e-commerce site for a small start-up company.

  How are internet technologies affecting the structure

How are Internet technologies affecting the structure and work roles of modern organizations?

  Segregation of duties in the personal computing environment

Why is inadequate segregation of duties a problem in the personal computing environment?

  Social media strategy implementation and evaluation

Social media strategy implementation and evaluation

  Problems in the personal computing environment

What is the basic purpose behind segregation of duties a problem in the personal computing environment?

  Role of it/is in an organisation

Prepare a presentation on Information Systems and Organizational changes

  Perky pies

Information systems to adequately manage supply both up and down stream.

  Mark the equilibrium price and quantity

The demand schedule for computer chips.

  Visit and analyze the company-specific web-site

Visit and analyze the Company-specific web-site with respect to E-Commerce issues

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd