IT 253 Southern New Hampshire

Competency

In this project, you will demonstrate your mastery of the following competency:

  • Describe the fundamentals of cybersecurity policies and procedures
  • Explain how the protection of information impacts policies and practices within an organization

Scenario

You recently stepped into the role of information security manager at a medium-sized e-commerce company with roughly 500 to 1,000 employees organization-wide. The company has hired a third-party consultant to evaluate its information security posture. The consultant has concluded the evaluation and noted several high security risks. These action items must be addressed to ensure that the company’s information assets are secure. Your task is to provide recommendations to address multiple identified security risks and explain your decisions to your leadership team.

Directions

Memo Template: To communicate the identified information security risks and your recommendations and explanations, you will generate a memo to your leadership team. Your recommendations do not have to address all information security risks; however, they must address multiple risks. Be mindful that your leadership team is considered a nontechnical audience. You must complete each of the following sections:

  • Introduction: Describe how addressing the evaluated elements of information security will support the company’s business objectives.
  • Laws and Regulations: Explain how laws and regulations influence information security policies and procedures within this company.
  • Technical Controls: Describe the technical controls that you would recommend to address the multiple indicated information security risks from the consultant’s findings.
  • Administrative Controls: Describe the administrative controls that you would recommend to address the multiple indicated information security risks from the consultant’s findings.
  • Physical Controls: Describe the physical controls that you would recommend to address the multiple indicated information security risks from the consultant’s findings.
  • Business Impact: Explain how your recommendations impact current information security policies and practices within this company.
  • Conclusion: Explain why leadership should act on these control recommendations to improve the company’s information security posture. Your conclusion can also include a brief summary, although it is not required.

What to Submit

To complete this project, you must submit the following:

Memo Template
This should be a 2- to 3-page Word document (.docx) with the following sections completed: introduction, laws and regulations, technical controls, administrative controls, physical controls, business impact, and conclusion.

Supporting Materials

The following resource(s) may help support your work on the project:

Project One Company Overview
Before you start your memo, review the company overview. Reviewing the background of the company is necessary to help you meet the requirements for this project.

Project One Consultant Findings
Before you start your memo, also review the consultant findings. Reviewing the consultant’s report is necessary to help you meet the requirements for this project.

Project One Memo Template
You are required to use the provided memo template. The template has the following sections to be completed: introduction, laws and regulations, technical controls, administrative controls, physical controls, business impact, and conclusion.

IT 253 Southern New Hampshire

Competency

In this project, you will demonstrate your mastery of the following competency:

  • Integrate industry best practices in an organizational information security plan

Scenario

You are a part of the IT team for a medium-sized company (500 to 1,000 employees) in the e-commerce industry, the same company you provided recommendations for in Project One. As described in the last project, a third-party consultant has assessed the information security posture for the company. The consultant identified a need to establish and implement a security plan for a critical system, the company’s online store.

This information security plan will ensure that information systems are more secure and are at lower risk of being impacted by cyberattacks and other risks. The consultant has provided you with a template that you and your company will use to generate an information security plan. As the information security manager, you will fill in the template to create the company’s new security plan. The company will have to follow through on the plan within the next year.

Directions

To complete this project, first review the Project Two Overview of Current System document in the Supporting Materials section. You will also want to take a look at the company overview that you reviewed for Project One, also linked in Supporting Materials. Use these documents to inform your decision making, and to develop a security plan that aligns with the company and its critical system. Then fill in the content for each section of the Project Two Security Plan Template provided in the Supporting Materials section.

Your Security Plan will include:

  • Roles and Responsibilities: Identify who will be responsible for ensuring information security within the system and describe the responsibilities of each role.
  • User Awareness Training: Explain what kind of additional training employees of the company will need to protect information. This is in addition to the standard training that a new employee receives.
  • Access Control: Describe how accounts are generated and reviewed in order to ensure information security.
  • Vulnerability Management: Describe how system vulnerabilities will be managed for the company and how they will be addressed.
  • Backup and Recovery: Explain how the system’s information will be securely backed up and easily recovered if system information is compromised by a data breach or hack.
  • Internet-Facing Security: Describe how the portion of the system that is outside of the company, the internet-facing side, will be protected and secured.

What to Submit

To complete this project, you must submit the following:

Security Plan
Upload your security plan either in a .doc or .pdf file. Use the security plan template first, then upload your updated version. If you use any sources in your plan, they should be cited according to APA style.

Supporting Materials

The following resource(s) may help support your work on the project:

Project Two Overview of Current System: Before you start your plan, be sure to review this description of the current system, which will inform you of the technical components of the system. Using this information will ensure that you are considering how the current system operates in your security plan.

Project One Company Overview: Before you start your plan, you will also want to review this company overview from the first project. Reviewing the background of the company can help you develop a security plan that aligns with the company’s business objectives and operations.

Project Two Security Plan Template: You are required to use this template in order to fill out the sections of the security plan. By using this template, you can write in the six components of the plan.

Place this order or similar order and get an amazing discount. USE Discount code “GET20” for 20% discount