Benchmark – Developing Enterprise Framework For A Security Program


Assessment Description. Company Name: Across the States Bank (ASB)

During this assignment, students will identify the laws or regulations an organization must adhere to, and map these specific controls within a framework to communicate and implement throughout the organization.

  1. Access the “Company Profiles,” located in the Class Resources.
  2. Select a fictitious company to use for the duration of this course and create (an associated abbreviation (e.g., Across the States Bank (ASB).
  3. For the company selected, research online and identify, at minimum, two laws or regulations that include a set of standards the organization must implement to achieve compliance (i.e., PCI DSS, HIPAAHITECH, ISO/IEC 27001:2013, or NISPOM 5220.22).
  4. Use the two identified laws, and the “ITT-430 Developing Enterprise Framework Template,” to map the various standards to the controls within the framework. Refer to the “ITT-430 Developing Enterprise Framework Example.”
  5. Map a minimum of two NIST controls per law or regulation. NIST 800-53 controls may duplicate across standards as shown in the Developing Enterprise Framework Example (see SC-13).
  6. Complete at least 25 mappings.
  7. In the “Notes” column, briefly explain the purpose that all three are trying to achieve. For example, the first row in the example is establishing a policy on risk assessment and the identification and management of threats and vulnerabilities.
  8. Research and create a security program framework outline for your fictitious company that aligns to the mission and vision of the company. Your outline should include a table of contents; list the topics your company would need to address in order to resolve the many issues of its business.
  9. In 500–750 words, explain your security framework outline and how it is specific to your company to include as appropriate cyber defense, security controls and network security. Explain why you chose to include your specific topics and how they will help to secure your companies interests long term.
  10. Include at least two references outside of the required reading.

 

This assignment uses a rubric. Please review the rubric prior to beginning the assignment to become familiar with the expectations for successful completion.

 

Rubric Criteria

Identified Laws/Regulations and Standards for Compliance (S)

6.5 points

Framework Mapping (S)

6.5 points

Explanation of Laws/Regulations and NIST Controls (B)

6.5 points

Security Program Framework Outline (B)

13 points

Security (B)

6.5 points

Legal, Regulatory, And Framework Compliance (B)

6.5 points

Security Program Framework (B, S)

16.25 points

Industry Standard Technical Writing