Reference no: EM13756052
Management of Information Security
Project Description: Carry out a security self-assessment of an organization using the NIST Special Publication 800-26 as a guide. This may be your current or previous employer or your own organization. You must seek permission from the individual responsible for the information security of that organization.
The SP 800-26 document is a self-assessment guide used to assess the IT system of an organization. This document is no longer available from NIST but it is contained in Appendix A at the end of the textbook (pp. 471-491). You may use this appendix as a guide. It is recommend that you use primary areas such as Management controls, Operational controls, Technical controls, etc., as a guide to assess a system.
A new publication, SP 800-53A "Guide for Assessing the Security Controls in Federal Information Systems,".
At the moment this document is in draft form. Those of you who are working or are experienced in Federal IT Systems, may use this publication as an alternative to SP 800-26.
Basically you have a choice of using SP 800-26 or 53A.
Report
Write a report based on the self-assessment of an organization. It should be 4-5 pages long, 12 point character size, single line spacing, and have 1" margins on all sides. It is recommended that you do not use the actual name of the organization in the report; use a title, such as "ABC, Inc." Your report should include a brief description of the organization, nature of the business, analysis of the results, and recommendations for improvement in the form of an action plan.
You should also prepare a PowerPoint presentation (10-15 slides) explaining the results and recommendations of your assessment to senior management of the organization.
Deliverables:
1. Word document containing report
2. PowerPoint file containing presentation.
|
How would you calculate cost of goods sold
: How would you calculate cost of goods sold? What items make up cost of goods sold? How does beginning and ending inventory affect cost of goods sold?
|
|
Main purpose of a financial statement worksheet
: What is the main purpose of a financial statement worksheet and its benefits? How has automation aided the preparation, accuracy, and use of the financial statement worksheet?
|
|
Define disaster-recovery processes
: Develop an incident-response policy that covers the development of an incident-response team, disaster-recovery processes, and business-continuity planning.
|
|
Various allocation methods
: At least one scholarly source, describe how service center costs are allocated using the various allocation methods. Illustrate its use by using a health care example.
|
|
Nature of the business
: Your report should include a brief description of the organization, nature of the business, analysis of the results, and recommendations for improvement in the form of an action plan
|
|
What is the difference between a policy and a procedure
: What is the difference between a policy and a procedure. How do regulations affect network policies
|
|
Improve security on its network
: You were hired as a security consultant for a medium-sized organization. You and your team need to help the organization to improve security on its network
|
|
What are the four closing journal entries
: What are the four closing journal entries? Why are they necessary? What are reversing entries? Why are they used? What are the pros and cons of using reversing entries? Why are reversing entries optional?
|
|
Examine the proposed business ethical problem
: Examine the proposed business ethical problem that the Brazilian Federal Data Processing Service is presently experiencing. Determine whether you agree or disagree that Brazil's problem is an ethical one that should be corrected. Provide a rationa..
|