Security Needs and Objectives
Capstone Project Overview
The purpose of this capstone project is for you to examine and solve real-world information assurance problems and apply associated techniques to create practical solutions. The course takes an integrative and senior security officer approach to address the policy, risk, and control opportunities within cyberspace and IT environments. Skills, experience, and knowledge gained through the completion of prerequisite courses will be used throughout each deliverable.
The project contents to be addressed are as follows:
- Week 3: Security Needs and Objectives.
- Week 8: Cybersecurity Policy Catalog.
- Week 10: Information Assurance Compliance With Government Regulations.
Instructions
For this deliverable, you are a newly appointed security officer (SO). The chief information security officer (CISO) has asked you to review the company security policy and provide your recommendations for improvement. Note: You may create or make all necessary assumptions needed for the completion of this assignment.
Research a security policy of an organization; you can use your employer, an organization you are associated with, or a company on the internet, as long as you have access to their security policy. A suggested resource is provided below. Make an initial assessment of the current security policy of the organization, including its strengths and weaknesses. Review the security policy's objective that should be clearly defined to maintain the confidentiality and integrity of information. Determine whether the security policy covers software and hardware devices, physical parameters, human resource, information, or data and access control within its scope. Check that the security policy includes what must be done rather than how it should be done. Assess the password management, change management, and incident management aspects of the policy. Additionally, assess the effectiveness of the policy and provide recommendations for it.
Submission Requirements
Write a 3–4 page paper in Word in which you:
- Describe the business needs of the organization that you have researched.
- Review the security policy of the organization and its objective.
- Compare the security policy with the business needs.
- Assess the aspects of the security policy noting essential inclusions and omissions.
- Assess the effectiveness of the policy and provide at least 2–3 recommendations for improvement.
- Use at least two quality (e.g., peer-reviewed journal articles, credible web resources, valid security policy documents) resources in this assignment. Note: Wikipedia and similar websites do not qualify as quality resources.
Resources