User Account

All Pages

Information security program management

Assignment Help Management Theories
Reference no: EM13759544

What is the importance of "policy" with respect to information security program management

1. What is the importance of "policy" with respect to information security program management? What is the role of policy enforcement? What are the possible effects of "lack of" policy enforcement? Research and provide details of a recent security incident that may have resulted in lack of policy or policy enforcement. Be sure to state the possible policy violation. What happens when technology moves faster than policy? And has anyone experienced this first hand.

2. TOPIC: The FISMA Legislation - Title III Information Security

Answer the following questions regarding Annual Independent Evaluations
Each evaluation must include what three components? Describe the three components and explain why each component is required.  Who is authorized to complete an independent evaluation? List who is authorized to complete an evaluation and describe the circumstances in which each individual would perform the evaluation.  Describe how and why national security systems are treated differently during an evaluation?

3. Read the May 2011 proposed cyber legislation during week 1. Answer the following questions:

If the legislation had been approved, how do you think this proposed legislation would impact the current security program of the organization you selected for this course? Which parts of the proposal will have the biggest impact? Why?
Provide three (3) recommendations to your selected organization's leadership to ensure the spirit and intent of the proposal is used. Describe why you would make these recommendations?

4. DoD 8570 creates standards whereby IA Workforce personnel, at all levels and functions, obtain a uniform level of competency with regard to DoD information and networks. Focusing on the selected organization for your learning portfolio, what are some advantages and disadvantages of implementing a similar directive for your organization? If the organization you selected is already in scope for DoD 8570, please provide information in regards to the challenges faced so far.

Of the categories outlined on Table AP3.T1: Initial Training, Certification, OJT Evaluation, CE Certification, Maintain Certification Status, Continuous Education or Sustainment Training, Background Investigation, Sign Privileged Access Statement and Experience. Please identify the top 3 you would consider most important for your organization and explain why.

5. To answer this question:

Read Payment Card Industry (PCI) Data Security Standard (DSS) Visit the debit/credit protection policy on your bank's or credit union's website (If you cannot find the required information on your own bank's website you can use Bank of America or Navy Federal Credit Union - They both have plenty of information.)

Read the PCI/DSS material assessing/describing your your bank's policy

Answer the following questions:

How does the bank/credit union card policy comply with the standard? How does the bank/credit union card policy not comply with the standard? What recommendations would you make to close the gaps between the standard and the policy? Should the government force banks/credit unions to comply with all aspects of the standard? Why or why not?

6. One of the toughest challenges for business leaders is that cyber security professionals often "talk in a different language". Some professionals refer to concepts in technical terms (e.g. intrusion prevention, firewalls, malware), while other speak in "auditspeak" (e.g. control regime, risk, business impact analysis). While business leaders easily understand audit/business concepts they have a much harder time with technical references. What can cyber security professionals do to help business leaders understand the true risk of security threats? Give specific examples of what you would do to communicate more effectively with business leaders (especially C?O's).

7. Answer the following: Do NIST policies/standards help or hinder organizations? Why or why not? Are NIST policies/standards easy to use and understand? Why or why not? Should the NIST policies/standards apply to commercial organizations not involved in government contracting? Why or why not?

8. The system development life cycle puts a lot of emphasis on working with the user to get all their objectives and functional requirements.

Research and find one scholarly article that discusses user interaction with system developers.

Summarize the article.

Include a link to the article and/or upload the article to your response. List and describe 3 pros and 3 cons of working so closely with the user.

9. Answer the following:

Is the organization you selected for the learning portfolio FIPS 200 compliant? Why or why not? From a FIPS 200 perspective, what are the weakest areas of the cyber security policy associated with the organization you selected? Discuss at least two weak areas and describe why.

10. If you were the Federal CIO what would you do about organizations that are not FIPS 200 compliant? Why? An enterprise risk management framework should include both program risk and institutional risk.

Define program risk. Define institutional risk.

Decribe how your selected organization incorporates program risk and institutional risk in its security program. Offer examples of both types of risk.

11. This is a scenario based discussion.

Assume you are a technical advisor for the Chief Information Officer (CIO) of your organization. The CIO sends you an email communicating that she wants to be briefed on "OMB M-11-11" because the administrator has just added it to the list of priorities for the organization. She has limited knowledge of the policy, and needs to know how it will effect the organization, and what we have already accomplished towards meeting the requirements within the policy.

12. The damaging scandals of Wikileaks/Bradley Manning and Edward Snowden demonstrate a series of critical failures of existing security policy.

For both scandals describe the policy failures that you believe were responsible for the incidents. Describe what policy changes you would implement to mitigate future risks.

13. Answer the following questions:

What obligations do non-IT executives and managers have concerning cyber security? Should the obligations you discussed in the previous question include criminal charges when executives and managers fail to comply with cyber security polices and standards? Why or Why not?

14. Answer the following question:

Why is cyber security no longer only a technical issue? Provide three examples with sources to support your response.

 

Reference no: EM13759544

Questions Cloud

Define a dummy variable equal to 1 : Define a dummy variable equal to 1 for years after 1979. Include this dummy in equation (10.15) to see if there is a shift in the interest rate equation after 1979. what do you conclude ?
Effectively communicate with stakeholders orally : Effectively communicate with stakeholders orally, visually, and in writing to determine stakeholders' business requirements, explain how their requirements will be met, and provide ongoing audience-appropriate information
A sculpture : find a sculpture that resembles, but is not, an object.
Explain the major movements in american literature : Explain the major movements in American literature. Which of these movements do you see reflected in the novel you are reading?
Information security program management : What is the importance of "policy" with respect to information security program management? What is the role of policy enforcement?
Prepare the monthly sales unit and dollar budgets : Prepare the monthly sales unit and dollar budgets for the first quarter of 2014.
Major public health issues : Health statistics can be used to examine the functioning of a health care system within a nation.
Design and build a web site in html : Create your Implementation Plan: Design and build a web site in HTML that displays your Implementation Plan shown above.
Conflict situation utilizing participant observation : Identify how the sides in the situation originated. How, specifically, might the data gathered by a trained anthropologist code of ethics help each side understand each other - Conflict Situation Utilizing Participant Observation

Reviews

Write a Review

Management Theories Questions & Answers

  The internal revenue service for information concerning

Is it unethical for an attorney to comply with a letter request from the Internal Revenue Service for information concerning a client's personal injury lawsuit which had been settled, such request being for the following information:

  The lawyer background degrees and positions held

The lawyer's background, degrees and positions held, and areas of practice

  Organizational behavior

Business Department , Organizational Behavior (course 520 ), Personality, Attitudes

  Make a recommendation for a government regulation

Make a recommendation for a government regulation, or law that you would like to see enacted. Think of the consequences (good and bad) of the proposed regulation or law that you have suggested to businesses, and to consumers. Consider any unintended ..

  Enumerate some of the legal issues

Enumerate some of the legal issues that international business managers need to take cognizance of in host countries.

  The fundamental reasons for success

The Fundamental reasons for success, with a comparison to another successful and an unsuccessful company?

  Q1 - how will technology encourage collaboration and

q1 - how will technology encourage collaboration and sharing information internally?q2 - how can a website help a

  University library to conduct preliminary research

Using the Northcentral University Library to conduct preliminary research

  How users and it organizations should arm

How users and IT organizations should arm themselves against these phishing attacks.

  Promote ethical behavior in dealing with quality issues

How important is it for managers to maintain and promote ethical behavior in dealing with quality issues? Does your answer depend on the product or service involved?

  Evaluate the authors argument that the management

evaluate the authors argument that the management principles of tps can be applied beyond manufacturing to any

  The business becomes increasingly global

"As the business becomes increasingly global, human resource planning becomes more significant and complex." Analyse the statement.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd