Reference no: EM132448726
Unit 1 - Security Plan
Using one of the sample organizations or one of similar size and scope, create the Information Security Management Plan document and address the following:
• Describe what steps or phases you will follow to complete the plan.
• Identify the roles that will participate in the organizational security management planning.
• Identify the key components of what you will include in the organizational security management plan.
• Describe the chain of command or decision-making process that you will use to vet components of the organizational security management plan.
Unit 2 - Securing Events and Emergencies
Using the sample organization you have chosen for your project, write a short paper that addresses the following:
• Describe existing resources and procedures that support disaster recovery and business continuity planning.
• Identify the roles that will participate in the work of developing disaster recovery and business continuity planning.
• Describe the risks to organizational security management that can result from a failure to engage in disaster recovery and business continuity planning.
• Identify the steps to create an effective contingency plan.
Unit 3 - Security Policy and User Awareness Training
The primary way in which security policies fail is in not communicating and ensuring that staff know and follow the policy. Write a short paper that addresses the following:
• Describe the existing information security policies within the selected organization.
• Describe what policies you will develop as part of a plan for organizational security.
• Identify the steps you recommend relative to educating users about these policies.
• Identify the steps you recommend relative to ongoing information security policy awareness among all users.
Unit 4 - Management Model
The selection of a security model and best practices creates the foundation for effective secure operating system architecture. Write a short paper that addresses the following:
• Identify the security models that are most commonly used by the industry of your project organization.
• Describe briefly the benefits that the organization can experience through adoption of these particular security models.
• Describe the challenges to the organization through adoption of these particular security models.
• Select a particular security model to recommend and provide support for why this model is the optimal tool for the organization.
Unit 5 - Physical Security Risk Assessment
Using the framework of the security model that you selected in the last unit conduct a risk assessment and set of recommendations specific to the physical security issues that would impact organizational security:
• Identify how the security model addresses physical security risk assessment.
• Identify any specific physical security issues identified that are characteristic of the project organization.
• Identify what organizational roles will be assigned responsibility for conducting a physical security risk of information assets.
• Describe the communication strategy for ensuring all risks are identified and all stakeholders are included in the process.
Unit 6 - Recommendations for Managing Risk
Using the information that you gathered during the physical security risk assessment in the last unit, create a set of recommendations specific to mitigating any physical security issues identified that would impact organizational security:
• Quantify the specific risks to physical security of information assets that you discovered during the risk assessment.
• Identify potential controls that can be used to mitigate those risks.
• Identify specific controls that will be recommended as optimal for the particular environment of the project organization.
• Identify the roles within the organization that will be involved with mitigating physical security risks.
Unit 7 - Controls and Protective Mechanisms
Use the information that you gathered from the resources specific to implementing preventative controls that will impact the organizational security management plan. Write a short paper that addresses the following:
• Identify the role of biometric controls in providing both physical and logical access.
• Identify the role of tokens, smart or dumb cards, human escorts, and any other alternative appropriate for physical and logical access.
• Identify the roles within the organization that will be involved in decision-making about appropriate preventative controls.
• Describe how the organization will measure the effectiveness of these controls as part of the overall organizational security management plan.
Unit 8 - Privacy Considerations
Insider risk to information assets resulting from hiring practices and proper separation of duties and oversight are important components of an organizational security plan. Write a short paper and address the following:
• Identify hiring procedures that the organization can implement that will reduce the risk of insider threat to information assets.
• Identify information security related roles that will support the concept of separation of duties and proper oversight.
• Create an organizational chart that defines the reporting relationships of all of those security related roles.
• Describe the procedures and practices that will best balance the work of information security with the personal privacy rights of the user.
Unit 9 - Organizational Security Compliance
There is an increasing number of laws and regulations managing how organizations manage their information assets. Write a short paper and address the following:
• Identify existing laws and regulations that impact organizational information security procedures and practices.
• Identify some of the ethical issues surrounding application of organizational security.
• Develop recommendations for how the organization can ensure compliance with these existing laws and regulations.
• Identify the role of ethics in auditing and monitoring as components of an effective organizational security management plan.
Attachment:- Organisational Security.rar