Project #63043 - Security Policy Framework

You will create an organizational security plan policy using your assigned readings (pay close attention to Chapter 3 in the Building an Effective Information Security Policy) as well as  the Cybersecurity Framework http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf as a resource, creating a two to three page outline for an organizational security plan policy for securing the architecture of the organizations computer assets. You will use this outline to create a security plan security awareness policy in week 8. All critical elements in an organizational plan are to be covered for your plan based on the outline. Address each Enterprise subject area in the Table 4: Initial Framework below. You will prepare an outline for use in preparing a policy based on these subject areas. Confidentiality, Integrity, and Availability will be thoroughly addressed for protection of the enterprise that you choose. Major security controls will be identified. Your outline will provide at least ten headings and list the subject areas with at least two sub-headings in outline format as:

1. Access controls
       a. Select …..
       b. Apply …..

To

10. Privacy
       a. Ensure confidentiality by compliance with HIPAA, ….
       b. Evaluate ….

Each heading and sub-heading will be in complete sentences that will define your plan to complete the plan for an effective enterprise policy.

Table 4: Initial Framework

 

Building an Effective Information Security Policy Architecture

By Sandy Bacik, Copyright Sandy Bacik © 2008, Publisher: CRC Press

 

Enterprise Area

ISO 17799

SAS70 Type II

GLBA

PCI DSS

EU Privacy

CobIT

Common Criteria

Generally Accepted Privacy Principles

Generally Accepted Security Principles

Access Control

X

X

X

X

X

X

X

X

X

Application Development

X

X

 

 

X

X

X

 

X

Asset Management

X

X

 

X

X

 

 

 

X

Business Operations

X

X

 

X

X

X

X

X

 

Communications

X

X

X

X

X

X

X

X

X

Compliance

X

X

X

X

X

X

 

 

 

Corporate Governance

X

 

 

 

X

X

 

 

 

Customers

X

X

X

X

X

X

 

X

X

Incident Management

X

X

X

X

X

X

X

X

X

IT Operations

X

X

X

X

X

X

X

X

X

Outsourcing

X

X

 

X

X

X

X

X

X

Physical/Environmental

X

X

 

 

 

 

X

 

X

Policies & Procedures

X

X

 

X

X

X

X

X

X

Privacy

X

X

X

X

X

 

 

X

 

Security

X

X

 

X

X

X

X

 

X

                   

Books24x7, http://www.books24x7.com/, and is governed by the terms of the Membership Agreement, http://www.books24x7.com/mhelp.asp?item=membership

 

Rubric Name: Project 1 Rubric

 
Criteria

Addressed all 15 subject areas in the Table 4 Initial Outline (scalable to 10 subject areas)

12-14 subject areas were adequately addressed. Scaled to 10. 

10-12 subject areas were adequately addressed. Scaled to 10.

7-9 subject areas were adequately addressed. Scaled to less than 10.

Less than 7 subject areas were adequately addressed. Scaled to less than 7.

Not included or no submission

Provided 10 protective solutions that will be addressed in the policy based on the subject areas.

9-10 protection solutions were created.

7-8 protection solutions were created.

5-6 protection solutions were created.

Less than 5 protection solutions were created. 

Not included or no submission

Tailored the policy items that are relevant to the mission of the organization that you have chosen.

Policy correlates with the mission of the organization for more than 5 policy categories.

Policy supports the mission of the organization for more than 4 policy categories.

Policy describes but does not support or correlate the mission of the organization for more than 3 policy categories.

Policy provides a description of less than 3 policy categories associated with the mission of the organization.

Not included or no submission

Identified security policies that will ensure confidentiality, integrity, and availability

Security policy provides adequate measures for confidentiality, integrity, and availability

Security policy describes controls for confidentiality, integrity, and availability

Security policy addresses the definition of confidentiality, integrity, and availability

Security policy does not adequately address the definitions of confidentiality, integrity and availability

Not included or no submission

Created a comprehensive two to three page outline of a security policy that is adaptable for the enterprise

Outline is adaptable for providing security for the selected enterprise and meets length minimum of two to three pages

Outline addresses controls for the enterprise and is adequate for security. Outline meets length minimum of two to three pages.

Outline addresses controls for the enterprise and is insufficient with security measures. Outline does not meet length minimum of two to three pages.

Outline does not provide adequate controls for the enterprise and is insufficient with security measures. Outline is insufficient in description and length minimum of two to three pages.

Not included or no submission

Fully complied with formatting requirements.

Successfully completed all procedures in the assignment.

Exceptional quality of the assignment with clear, concise, and meaningful content.

Appropriate research conducted when necessary and resolution of the task.

Content contained relevant citations to an accuracy of 90%.

Reference citations were in the reference/bibliography list.

Complied with formatting requirements.

Completed all procedures in the assignment. Good quality of the assignment with clear, concise, and meaningful content.

Research conducted when necessary and attempts at resolution included for the task.

Content contained relevant citations to an accuracy of 80%

Reference citations were in the reference/bibliography list.

Partially complied with formatting requirements.

Partially completed the assignment.

Average quality of the assignment with clear, concise, and meaningful content.

Research attempted and resolution is incomplete.

Content contained relevant citations to an accuracy of 70%

Reference citations were in the reference/bibliography list.

Did not meet criteria for formatting requirements.

Assignment is incomplete.

Poor quality of the assignment and inadequate content.

No research attempted and problem not fully resolved.

Content contained relevant citations to an accuracy of 60%

Reference citations were in the reference/bibliography list.

Did not adhere to formatting requirements.

Criteria for assignment not met.

Poor quality of the assignment and incomplete content.

No research attempted and problem not addressed.

Content contained relevant citations to an accuracy of below 60%

Reference citations were in the reference/bibliography list

Not included or no submission

Overall Score 
     

 

Subject Computer
Due By (Pacific Time) 03/26/2015 12:00 am
Report DMCA
TutorRating
pallavi

Chat Now!

out of 1971 reviews
More..
amosmm

Chat Now!

out of 766 reviews
More..
PhyzKyd

Chat Now!

out of 1164 reviews
More..
rajdeep77

Chat Now!

out of 721 reviews
More..
sctys

Chat Now!

out of 1600 reviews
More..
sharadgreen

Chat Now!

out of 770 reviews
More..
topnotcher

Chat Now!

out of 766 reviews
More..
XXXIAO

Chat Now!

out of 680 reviews
More..
All Rights Reserved. Copyright by AceMyHW.com - Copyright Policy