Details of this Paper

Information Systems Security




Instructions;Your security consulting firm has been retained by an insurance company to help it develop and implement a risk reduction program for companies purchasing cybersecurity liability insurance. The next task on this multi-year contract is to develop a set of program plans for organization-level information security programs for small businesses (i.e., up to 100 employees, no more than five offices / work locations). These documents must be tailored to specific industries and, due to the high percentage of Internet-based businesses seeking cybersecurity insurance, must address state, federal, and international laws, regulations, and standards.;To begin this assignment, your team (group) must select one industry or business type from the list below, which links out to the U.S. Small Business Administration website, (If you wish to use an industry or business type not in this list you must first obtain permission from your instructor.);Agriculture;Construction;Consumer Goods & Services;Financial Services;Health Care;Housing and Real Estate;Manufacturing;Marketing and Social Media;Online Businesses;Pharmaceuticals and Biotechnology;Telecommunications and Media;Transportation and Logistics;Next, read Information Security Program Background Information and Concepts (below).;Investigate how businesses in your selected industry use information technology to do business. Research your industry, using the UMUC library and the Internet. As a starting point, use the business guides found at;As a team, complete the information security program requirements gathering and analysis exercise using the provided worksheet (below).;Finally, each team (group) is to produce an executive-level briefing outlining the organization-level information security program plan, tailored to your chosen industry or type of business, using information from your completed worksheet. Use the outline provided below as a guide for writing your program plan briefing. Organization-level information security program plans describe/specify the required organization and management structures (people and processes), as well as the technologies used to implement required information security protections and countermeasures.;Outline: Information Security Program Plan;Introduction;Security Policy and Planning;Personnel Management;Physical Security Management;Data Security Management;Software Security Management;Hardware Security Management;Network Security Management;Business Continuity/Disaster Recovery;Incident Reporting and Management;Worksheet: Information Security Program Plan;Copy this table into your own Word document and fill it out.;Security area;Responsible party/office of primary responsibility (OPR);Policy statement;Countermeasures/risk mitigation strategy;Known vulnerabilities/risks;Acquisition (systems/services);Asset management;Audit and accountability;Authentication and authorization;Business continuity;Compliance management;Configuration control;Data*;Hardware*;Identity management;Incident management;Maintenance procedures;Media protection and destruction;Network*;Operations;Outsourcing;Personnel*;Physical environment*;Planning;Risk assessments;Security policy and planning*;Software*;Training;Security areas marked with an asterisk (*) must be addressed as a major section in your group's information security program plan. The remaining sections should be addressed as subsections or within a subsection underneath one or more of the major sections.


Paper#64586 | Written in 18-Jul-2015

Price : $52