Information Systems Security

Instructions

Your security consulting firm has been retained by an insurance company to help it develop and implement a risk reduction program for companies purchasing cybersecurity liability insurance. The next task on this multi-year contract is to develop a set of program plans for organization-level information security programs for small businesses (i.e., up to 100 employees, no more than five offices / work locations). These documents must be tailored to specific industries and, due to the high percentage of Internet-based businesses seeking cybersecurity insurance, must address state, federal, and international laws, regulations, and standards.

  1. To begin this assignment, your team (group) must select one industry or business type from the list below, which links out to the U.S. Small Business Administration website, http://www.sba.gov. (If you wish to use an industry or business type not in this list you must first obtain permission from your instructor.)

     

  2. Next, read Information Security Program Background Information and Concepts (below).
  1. Investigate how businesses in your selected industry use information technology to do business. Research your industry, using the UMUC library and the Internet. As a starting point, use the business guides found at  http://www.sba.gov/category/navigation-structure/starting-managing-business/managing-business/business-guides-industry
  1. As a team, complete the information security program requirements gathering and analysis exercise using the provided worksheet (below).
  1. Finally, each team (group) is to produce an executive-level briefing outlining the organization-level information security program plan, tailored to your chosen industry or type of business, using information from your completed worksheet. Use the outline provided below as a guide for writing your program plan briefing. Organization-level information security program plans describe/specify the required organization and management structures (people and processes), as well as the technologies used to implement required information security protections and countermeasures.

Outline: Information Security Program Plan

  1. Introduction
  2. Security Policy and Planning
  3. Personnel Management
  4. Physical Security Management
  5. Data Security Management
  6. Software Security Management
  7. Hardware Security Management
  8. Network Security Management
  9. Business Continuity/Disaster Recovery
  10. Incident Reporting and Management

 

Worksheet: Information Security Program Plan

 

Copy this table into your own Word document and fill it out.

 

Security area

Responsible party/office of primary responsibility (OPR)

Policy statement

Countermeasures/risk mitigation strategy

Known vulnerabilities/risks

Acquisition (systems/services)

 

 

 

 

Asset management

 

 

 

 

Audit and accountability

 

 

 

 

Authentication and authorization

 

 

 

 

Business continuity

 

 

 

 

Compliance management

 

 

 

 

Configuration control

 

 

 

 

Data*

 

 

 

 

Hardware*

 

 

 

 

Identity management

 

 

 

 

Incident management

 

 

 

 

Maintenance procedures

 

 

 

 

Media protection and destruction

 

 

 

 

Network*

 

 

 

 

Operations

 

 

 

 

Outsourcing

 

 

 

 

Personnel*

 

 

 

 

Physical environment*

 

 

 

 

Planning

 

 

 

 

Risk assessments

 

 

 

 

Security policy and planning*

 

 

 

 

Software*

 

 

 

 

Training

 

 

 

 

 

Security areas marked with an asterisk (*) must be addressed as a major section in your group’s information security program plan. The remaining sections should be addressed as subsections or within a subsection underneath one or more of the major sections.

We are the Best!

course-preview

275 words per page

You essay will be 275 words per page. Tell your writer how many words you need, or the pages.


12 pt Times New Roman

Unless otherwise stated, we use 12pt Arial/Times New Roman as the font for your paper.


Double line spacing

Your essay will have double spaced text. View our sample essays.


Any citation style

APA, MLA, Chicago/Turabian, Harvard, our writers are experts at formatting.


We Accept

Secure Payment
Image 3