To help manage and operate an ongoing security program in an organization, the information security team must adopt a security model that serves as a guide for the development and implementation of the security program.
Prior to beginning this assignment, view “Management of Security Solutions” within the “Video Playlist: Policy Management for Security Solutions,” located in the Class Resources.
Using the company from your Programmatic Business Continuity Plan Project, address the following:
Provide a basic description of the company to include: mission statement, web applications, servers, departments, routers and switches, remote access, wireless communication, firewalls, and demilitarized zone (DMZ).
The NIST cybersecurity framework is a list of guidelines and practices designed to help organizations better manage their security programs. It rests on various industry best practices and standards like ISO 27001 and the Control Objectives for Information and Related Technologies (COBIT) 5 (refer to the topic Resources to learn more about these standards). This framework discusses critical security activities that can be tailored and customized to your organization’s unique needs. Your task as a part of the security team in your organization is to prepare and present a report to upper management that discusses how you would incorporate these critical security activities into the following steps:
Determine current/recent risks or threats to information security.
Develop system-specific plans for the protection of intellectual property.
Apply the security model to protect the organization from being compromised by unauthorized users.
Determine the access control mechanisms that would apply to ensure information is protected against unauthorized users.
Then, outline and explain the roles of the following personnel in the planning and managing of this security:
Board of Directors
Chief Information Security Officer (CISO)
IT Management (CIO, IT Director, etc.)
Functional Area Management
Information Security personnel
Project added as additional materials