· Section 1 – Company Overview
· Section 2 – Federal and State Regulations, Directives, and Acts
· Identify and describe 5 Federal Regulations your company needs to understand and have compliance
· Identify and describe 2 State Regulations your company needs to understand and have compliance
· Describe how each of these regulations apply to the specific company
· Section 3 - Compliance Plan
· Describe Policies, Standards, Processes and Guidelines
· Discuss the relationship between Controls and Audits
· The Sarbanes-Oxley Act
· The different implications Regulations have on Government and non-Government entities
· Section 4 – Acceptable Use Policy
· Global Regulations
· Safe Harbor
· Work Councils
· Acceptable Use Policy and Enforcement Ethics
· Section 5 – Certification and Accreditation
· Certification and Accreditation
· Certification and Accreditation Frameworks
· Section 6 - Preparing for Certification
· DIACAP
· ISO27002
· Reference
Section 1: 1 page
· Overview
Section 2: 3 pages/refences
· Describe 5 different Federal Regulations your company needs to understand and have compliance
· Describe 2 different State Regulations your company needs to understand and have compliance
· Discuss how each of these regulations are applicable to the company
Section 3: 2 pages/refences
· Include a report about at least 3 incidents that are considered a contributing factor for the enactment of this regulation specific to the chosen company’s infrastructure.
· Ensure to include what specifically the act means to the IT organization.
· What does it specify that needs to be done?
· What does the regulation mean for public, private, and government organizations as well as especially to the company the student has chosen?
Section 4: 2 pages/refences
· Create an Acceptable Use Policy for the organization the student has chosen.
· In a separate discussion (meaning outside of the policy) talk about the tools and processes that can be used for investigate violations.
· What are the ethical considerations that the company and end users need to be aware of?
Section 5: 2 pages/refences
· Take this opportunity to define the difference between Certification and Accreditation.
· To help with the process and not have to make up one on your own, describe at least 3 Industry/International Certification Frameworks that are used to evaluate the Security of an Application or System.
· Describe Common Criteria as one of the frameworks.
Section 6: 2 pages/refences
· Summarize DIACAP and ISO27002’s framework and history.
· Choosing either DIACAP or ISO27002, update your plan to include the following:
· Describe how and where the framework could be applied.
· Include a discussion about how and if the concepts could be applied to a government or public company or is there a potential for overlap.
· Using the framework, show how it can be applied to a medium-sized system.