User Account

All Pages

Outline for an enterprise it security policy

Assignment Help Management Information Sys
Reference no: EM13949044

Project: Outline for an Enterprise IT Security Policy

Scenario: A client company has asked you to help it develop an outline for an Enterprise IT Security Policy which addresses the following Enterprise Areas:

1. Access Control
2. Application Development
3. Asset Management
4. Business Operations
5. Communications
6. Compliance
7. Corporate Governance
8. Customers
9. Incident Management
10. IT Operations
11. Outsourcing
12. Physical/Environmental
13. Policies & Procedures
14. Privacy
15. IT Security Program Implementation

The client has specifically requested that you address applicable elements of theFramework Core and protective technologies aslisted in the National Institute of Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity(see Table 2 inhttps://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf). The client has also requested that you address relevant security policies and controls from other sources, including NIST SP-800-53 and the CIS Critical Security Controls.

Note: Typical critical infrastructure organizations include: banks / financial institutions, regional healthcare providers (e.g. hospitals or urgent care providers), transportation providers (air, rail, water), telecommunications or Internet services providers or local energy utilities.

Read / Research:

1. Read the Week 1 & Week 2 readings.
a. https://www.nist.gov/director/speeches/20150204rominespeech.cfm
b. https://www.whitehouse.gov/the-press-office/2013/02/12/executive-order-improving-critical-infrastructure-cybersecurity
c. NIST Economic Case Study - Planning Report 13-2; The Impact of NSTIC on the Internal Revenue Service (See attachment)
d. Perspective on 2015 DoD Cyber Strategy Before the Committee on Armed Services, United States House of Representatives(See attachment)
e. Federal Register Notice. Part III, The President, Executive Order 13636 (See attachment)

2. Review the National Institute of Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity(pay special attention to Table 2 in https://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf)

3. Review the security controls as presented in NIST SP 800-53https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf and the CIS Critical Security Controls (https://www.sans.org/critical-security-controls ). Pay special attention to the types of risks / threats which the various controls or control families address or mitigate.

4. Choose an existing "client" company or create one of your own ("fictional"). Research (or develop) the following:
a. mission statement for this client which provides a brief overview of the client's organization and the critical infrastructure sector in which it operates
b. types of information, information systems, and information infrastructure (networks, communications capabilities) included in its enterprise
c. regulations and laws which it must comply with (paying special attention to those which impact the use of information and information systems)
d. products / services which the organization provides to its customers

5. Research each of the 15 areas which the client has asked you to address. For each area, you must identify major risks or threats to confidentiality, integrity, and availability. You must also identify security controls which can be used to mitigate these risks. Where appropriate, you must list two or more technologies which will implement those controls.

Write:

1. Develop an introduction to the security policy outline which you will present in your deliverable.

2. Develop an overview of the client company (mission, functions, information / information systems which need to be protected, laws and regulations, etc.).

3. Using your research, write a 2 - 3 page outline for an Enterprise IT Security Policy. This outline should address all of the areas requested by the client. For each major area in the outline you must provide a brief introduction which explains what is covered in each area. You must also identifyrisks / threats to confidentiality, integrity, and availability which are addressed in each area. Provide at least two examples of policies which would implement applicable security controls and, as appropriate, identify two or more protective technologies.

4. Use the following format for your outline:

I. Enterprise Area
[Descriptive paragraph about this enterprise area and policies required to implement appropriate security for it.]

a. Policy Area #1
b. Policy Area #2
Example:
I. Access Control
[Brief descriptive paragraph for this enterprise area]

a. Implement Separation of Duties [one sentence explanation]

b. Control the Use of Administrative Privileges[one sentence explanation]

Reference no: EM13949044

Questions Cloud

What is the proportion of debt financing for a firm : What is the proportion of debt financing for a firm that expects a 24% return on equity, a 16% return on assets, and a 12% return on debt? Ignore taxes. A firm has perpetual debt of $10 million at an interest rate of 7%. What is the present value of ..
What are the advantages and disadvantages of each method : What are the advantages and disadvantages of each method? Are there any inherit dangers with either method
Determine the time needed to bring the package : If the coefficient of kinetic friction between the belt and a package is μk = 0.2, determine the time needed to bring the package to rest on the belt if the belt is moving in the same direction as the package with a speed v = 1 m> s.
Justify the need for the proposed system. : Produce a plan for administering and maintaining the database system.
Outline for an enterprise it security policy : Develop an outline for an Enterprise IT Security Policy which addresses the Enterprise Areas - Develop an introduction to the security policy outline which you will present in your deliverable.
An ordinary annuity has a value : An ordinary annuity has a value of $1333.85 at the end of 4 years when $150 is deposited every 6 months into an account earning 6% compounded semiannually. How much interest has been earned?
The interest is paid semiannually and the bonds mature : Stephanie Enterprises has bonds that have a 9 percent coupon rate. The interest is paid semiannually and the bonds mature in 8 years. Their par value is $1,000. The price of the bonds are $1,070, and are callable in 5 years with a call price of $1,05..
Analyst should be careful when evaluating a ratio analysis : The analyst should be careful when evaluating a ratio analysis that: a. the dates of the financial statements being compared are the same b. pre-audited statements are used c. neither a or b d. both a and b
The financial manager may be responsible for any : The financial manager may be responsible for any of the following except:

Reviews

Write a Review

Management Information Sys Questions & Answers

  Information technology and the changing fabric

Illustrations of concepts from organizational structure, organizational power and politics and organizational culture.

  Case study: software-as-a-service goes mainstream

Explain the questions based on case study. case study - salesforce.com: software-as-a-service goes mainstream

  Research proposal on cloud computing

The usage and influence of outsourcing and cloud computing on Management Information Systems is the proposed topic of the research project.

  Host an e-commerce site for a small start-up company

This paper will help develop internet skills in commercial services for hosting an e-commerce site for a small start-up company.

  How are internet technologies affecting the structure

How are Internet technologies affecting the structure and work roles of modern organizations?

  Segregation of duties in the personal computing environment

Why is inadequate segregation of duties a problem in the personal computing environment?

  Social media strategy implementation and evaluation

Social media strategy implementation and evaluation

  Problems in the personal computing environment

What is the basic purpose behind segregation of duties a problem in the personal computing environment?

  Role of it/is in an organisation

Prepare a presentation on Information Systems and Organizational changes

  Perky pies

Information systems to adequately manage supply both up and down stream.

  Mark the equilibrium price and quantity

The demand schedule for computer chips.

  Visit and analyze the company-specific web-site

Visit and analyze the Company-specific web-site with respect to E-Commerce issues

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd