Assessment Description
To help manage and operate an ongoing security program in an organization, the information security team must adopt a security model that serves as a guide for the development and implementation of the security program.
Prior to beginning this assignment, view “Management of Security Solutions” within the “Video Playlist: Policy Management for Security Solutions,” located in the Class Resources.
Using the company from your Programmatic Business Continuity Plan Project, developed in CYB-515, address the following:
Provide a basic description of the company including mission statement, web applications, servers, departments, routers and switches, remote access, wireless communication, firewalls, and demilitarized zone (DMZ).
The NIST cybersecurity framework is a list of guidelines and practices designed to help organizations better manage their security programs. It rests on various industry best practices and standards like ISO 27001 and the Control Objectives for Information and Related Technologies (COBIT) 5 (refer to the topic Resources to learn more about these standards). This framework discusses critical security activities that can be tailored and customized to your organization’s unique needs. Your task as a part of the security team in your organization is to prepare and present a report to upper management that discusses how you would incorporate these critical security activities into the following steps:
- Determine current/recent risks or threats to information security.
- Develop system-specific plans for the protection of intellectual property.
- Apply the security model to protect the organization from being compromised by unauthorized users.
- Determine the access control mechanisms that would apply to ensure information is protected against unauthorized users.
Then, outline and explain the roles of the following personnel in the planning and managing of this security:
- Board of Directors
- Senior Management
- Chief Information Security Officer (CISO)
- IT Management (CIO, IT Director, etc.)
- Functional Area Management
- Information Security personnel
- End users
APA style is not required, but solid academic writing is expected.
This assignment uses a rubric. Please review the rubric prior to beginning the assignment to become familiar with the expectations for successful completion.
You are required to submit this assignment to LopesWrite. A link to the LopesWrite technical support articles is located in Class Resources if you need assistance.