security framework

profiledcvjea
ALLFIVE5TASK.docx
Home>Business & Finance homework help>security framework

EACH TASK, PLEASE MAKE OWN DOC FORM

Module 3 = Assignment: Course Project - Deliverable 1: Risk Management Plan

As you learn about information security, it is important that you put what you learn to practice. An information security manager should be able to put together an information security plan. The information security plan establishes and states the policies governing IT standards and practices. These policies define the organization’s objectives for managing operations and controlling activities, and represent the plans or protocols for achieving and maintaining internal control over information systems as well as compliance with the requirements imposed. In general, an information security plan covers several security areas such as access control, security policies, risk management, business continuity, etc. Starting with this module, and for the next few modules, you will create a component of an information security plan each week. At the end of this project, you will combine those components to create your completed information security plan. The plan is:

· Module 3: Risk Management Plan

· Module 4: Security Policy Plan

· Module 5: Access Control Policy

· Module 7: Physical Security Policy

· Module 8: Implementation Plan and Complete Information Security Plan

You are expected to use the assigned text and conduct research to be able to respond effectively to your weekly deliverables. You may use the  Information Security Plan Template Preview the document View in a new window (.docx) to assist with completing each component of the plan. Additionally, separate templates will be provided for each component. 

This week, you will create a Risk Management Plan based on the following case: You are an information systems security manager in a small airport and you were asked to conduct a security threat risk assessment for the airport’s web site and applications’ infrastructure. The airport has apparent weaknesses in its system of controls. Your predecessor did not have a security management plan in place because he was not sure which threats to address and in what order because he did not have a good handle on the information systems assets nor their value. You were asked to create a Security Threat Risk Assessment Plan. Use the  Risk Management Template Preview the document View in a new window (.docx) to create your Risk Management Plan. The template is already populated with a lot of information to help you. Modify the template as appropriate for your project. Make sure to include the following in your plan: 

1. A list of assets and their values. Describe the assets within the scope of your assessment. (Asset, category, value, controls in place, etc.). Your table should include at minimum 6 assets.

2. A Threat Assessment Table (Assets/Likelihood/Gravity)

3. Recommendations based on your findings. (High Risk Areas)

Module 4 = Assignment: Course Project - Deliverable 2: Security Policy

In the last module, you started working on your project by producing a risk management plan as part of your security plan for this course. In this module, you will produce another key component of your security plan, the security policy plan. Again, using the airport case we have established in module three, using what you have learned in this module, and using the Web for examples of technology-specific security policies, create a security policy applicable to your airport project. You can use the Information Security Policy Template  Preview the document View in a new window(.docx) as a guide or modify it as applicable to write your Security Policy plan.

Module 5 = Assignment: Course Project - Deliverable 3: Access Control Policy

In this module, you will produce another key component of your security plan, the Access Control Policy. Using the airport case we have established in module three, using what you have learned in this module, and using the Web for examples of Access Control Policies, create an Access Control Policy applicable to your airport project. You may use the Access Control Template Preview the document View in a new window (.docx) as a guide or modify it as applicable to write your Access Control Policy.

Module 7=Assignment: Course Project- Deliverable 4: Physical Security Policy

In this module, you will produce another key component of your security plan, the Physical Security Policy. Using the airport case we have established in module three, using what you have learned in this module, and using the Web for examples of Physical Security Policies, create a Physical Security Policy applicable to your airport project. You may use the Physical Access Policy template Preview the document View in a new window (.docx) as a guide or modify it as applicable to write your Physical Security Policy.

Module 8 = Assignment: Course Project Deliverable 5

In this module, you will complete your Security Implementation Plan and Compile all components from previous modules to create your completed Information Security Plan. Using the airport case we have established in module three, using what you have learned in this module, and using the Web for examples of Security Implementation Plans, create a Security Implementation plan applicable to your airport project. You may use the  Implementation Plan Template 1  Preview the document View in a new window (.docx) and  Template 2 Preview the document View in a new window (.docx) as a guide or modify them as applicable to write your Security Implementation Plan. Once you have completed the Implementation Plan, combine the following elements to create your completed Information Security Plan:

· Module 3: Risk Management Plan

· Module 4: Security Policy Plan

· Module 5: Access Control Policy

· Module 7: Physical Security Policy

· Module 8: Implementation Plan