Instructions;Your security consulting firm has been retained by an insurance company to help it develop and implement a risk reduction program for companies purchasing cybersecurity liability insurance. The next task on this multi-year contract is to develop a set of program plans for organization-level information security programs for small businesses (i.e., up to 100 employees, no more than five offices / work locations). These documents must be tailored to specific industries and, due to the high percentage of Internet-based businesses seeking cybersecurity insurance, must address state, federal, and international laws, regulations, and standards.;To begin this assignment, your team (group) must select one industry or business type from the list below, which links out to the U.S. Small Business Administration website, http://www.sba.gov. (If you wish to use an industry or business type not in this list you must first obtain permission from your instructor.);Agriculture;Construction;Consumer Goods & Services;Financial Services;Health Care;Housing and Real Estate;Manufacturing;Marketing and Social Media;Online Businesses;Pharmaceuticals and Biotechnology;Telecommunications and Media;Transportation and Logistics;Next, read Information Security Program Background Information and Concepts (below).;Investigate how businesses in your selected industry use information technology to do business. Research your industry, using the UMUC library and the Internet. As a starting point, use the business guides found at http://www.sba.gov/category/navigation-structure/starting-managing-business/managing-business/business-guides-industry;As a team, complete the information security program requirements gathering and analysis exercise using the provided worksheet (below).;Finally, each team (group) is to produce an executive-level briefing outlining the organization-level information security program plan, tailored to your chosen industry or type of business, using information from your completed worksheet. Use the outline provided below as a guide for writing your program plan briefing. Organization-level information security program plans describe/specify the required organization and management structures (people and processes), as well as the technologies used to implement required information security protections and countermeasures.;Outline: Information Security Program Plan;Introduction;Security Policy and Planning;Personnel Management;Physical Security Management;Data Security Management;Software Security Management;Hardware Security Management;Network Security Management;Business Continuity/Disaster Recovery;Incident Reporting and Management;Worksheet: Information Security Program Plan;Copy this table into your own Word document and fill it out.;Security area;Responsible party/office of primary responsibility (OPR);Policy statement;Countermeasures/risk mitigation strategy;Known vulnerabilities/risks;Acquisition (systems/services);Asset management;Audit and accountability;Authentication and authorization;Business continuity;Compliance management;Configuration control;Data*;Hardware*;Identity management;Incident management;Maintenance procedures;Media protection and destruction;Network*;Operations;Outsourcing;Personnel*;Physical environment*;Planning;Risk assessments;Security policy and planning*;Software*;Training;Security areas marked with an asterisk (*) must be addressed as a major section in your group's information security program plan. The remaining sections should be addressed as subsections or within a subsection underneath one or more of the major sections.
Paper#64586 | Written in 18-Jul-2015Price : $52