IT-552 2-2 Final Project Milestone One: Proposal Introduction

profilerama1978
AssignmetList.docx

1-2 Assignment: FBI's Cyber's Most Wanted

 

Previous  Next 

Instructions

Review the FBI's Cyber's Most Wanted website. Select one suspect and explain the related security laws, crimes committed, security vulnerabilities that were exploited, and how to prevent these incidents from happening again. For additional details, please refer to the Module One Assignment Rubric document.

2-2 Final Project Milestone One: Proposal Introduction

Assignment

Well done! You have completed the assignment

The CISO of the organization reaches out to you, the senior information security officer, and tasks you with creating an agency-wide security awareness program. He states that he will give you all of his support to complete this project (remember, this is the first component of security awareness program). He hands you a security gap analysis (the second component of a security awareness program) that was conducted, which shows 10 major security findings. These 10 deficiencies will serve as the foundation for developing the agency's security awareness program (see the Case Document for more details on the gap analysis)

Based on the scenario provided in the Case Document, develop the Introduction to your Proposal. In your introduction, be sure to include the purpose of the proposal, address the security concerns of the chief executive officer (CEO), explain why the security awareness proposal will be vital to the organization, describe how the security posture will be addressed, clarify how human factors will be assessed, and list any organizational factors that will contribute to the status of the security posture.

For additional details, please refer to the Case Document, the Final Project Guidelines and Rubric document and the Milestone One Guidelines and Rubric document.

3-2 Assignment: Rules of Behavior

 

Previous  Next 

Instructions

The CISO reaches out to you again and complains about the interns who appear to be violating many security policies. They do not lock their workstations, download illegal music, connect their personal devices to the organization's computers, spend too much time on social media, and even download pornography to the organization's computers. The CISO asks you to address these violations by developing a security document (Rules of Behavior) stating at least 15 rules about what activities employees are not allowed to conduct on the network. See the Department of Justice Rules of Behavior template as a sample. Additionally, write three supplementary paragraphs to discuss what types of training should occur in order to keep these violations from occurring in the future. How can you proactively strive for compliance with these behaviors?

4-2 Final Project: Milestone Two: Security Policies Development

 

Previous  Next 

Instructions

The Case Document referenced 10 security gaps, such as lack of security awareness, training to fight phishing and social engineering attacks, and lack of configuration policies to reduce unintentional threats.

For this assignment, you will submit 10 security policies as part of the planned solution to mitigate the 10 security gaps identified in the Case Document. There should be one policy per security gap identified in the Case Document. Consider policies that address topics such as remote access, encryption and hashing (to control data flow), auditing network accounts, configuration change management (to reduce unintentional threats), segregation of duties, mandatory vacation (to mitigate intentional threats), personally identifiable information (PII) breaches, media protection, and social engineering. This milestone focuses on security functionality. Keep in mind that each policy should be no longer than one page.

5-2 Assignment: Incident Response Plan

 

Previous  Next 

Instructions

In the Case Document, one of the security gap analyses indicated a high number of laptop thefts and a high number of security incidents. Because of this recent increase in theft and security incidents, the CISO asks you to develop an incident response plan. Submit a plan including the eight basic elements of an incident response plan, and procedures for sharing information with outside parties. See the Oregon state incident response template as a sample, but all work should be original.

6-2 Final Project Milestone Three: Continuous Monitoring Plan

 

Previous  Next 

Instructions

Submit a continuous monitoring plan laying out the foundation for continuously monitoring the organization against malicious activities and intentional and unintentional threats. This milestone also focuses on work setting techniques and work planning policies to help employees improve their stress anxiety, fatigue, and boredom. As part of the planned solution, you will propose to mitigate the security gaps for the corporation given in the Case Document. You will need to explain what security tools (firewall, IPS/IDS, antivirus, content filtering, encryption, etc.) and employee readiness strategies (training programs, rewards systems, physical wellness programs, etc.) will be used.

7-2 Assignment: DHS Insider Threat Training

 

Previous  Next 

Instructions

Complete FEMA's insider threat training. You will have the option to download a certificate of completion at the end of the training. Once completed, upload the certificate to this assignment. For additional details, please refer to the Module Seven Assignment Rubric document.

8-1 Assignment: Case Study

 

Previous  Next 

Instructions

You are the senior information security manager for a federal agency. You received a phone call from an employee stating that his laptop was stolen from his workstation. He tells you that the laptop has at least 20 cases with Social Security numbers of individuals he has been assisting. How would you handle this security incident? What is the first thing you should do? How would you retrieve/destroy the data? You may have an internal thief—what would you do to find out who stole the laptop? What security violations have been committed? How would you prevent this from happening again? Write a report summarizing the issue and addressing all questions.

9-1 Final Project Submission: Security Awareness Program Proposal

 

Previous  Next 

Instructions

Submit the security awareness program proposal. It should be a complete, polished artifact containing all of the critical elements of the final proposal. It should reflect the incorporation of feedback gained throughout the course. The proposal will consist of the executive summary, communication plan, proposal introduction, policies and procedures, proposed solutions to the security vulnerabilities, and plans to continuously monitor the organization for malicious behaviors.