View the step-by-step solution to:

The next task on this multi-year contract is to develop a set of program plans for organizationlevel information security programs for small...

urgent work

Your security consulting firm has been retained by an insurance company to help it develop and implement a risk reduction program for companies purchasing cybersecurity liability insurance. The next task on this multi-year contract is to develop a set of program plans for organization- level information security programs for small businesses (i.e., up to 100 employees, no more than five offices / work locations). These documents must be tailored to specific industries and, due to the high percentage of Internet-based businesses seeking cybersecurity insurance, must address state, federal, and international laws, regulations, and standards. 1. To begin this assignment, each person must select one industry or business type from the list below, which links out to the U.S. Small Business Administration website, http://www.sba.gov. (If you wish to use an industry or business type not in this list you must first obtain permission from your instructor.) Agriculture Construction Consumer Goods & Services Financial Services Health Care Housing and Real Estate Manufacturing Marketing and Social Media Online Businesses Pharmaceuticals and Biotechnology Telecommunications and Media Transportation and Logistics 2. Next, read Information Security Program Background Information and Concepts (below). 3. Investigate how businesses in your selected industry use information technology to do business. Research your industry, using the UMUC library and the Internet. As a starting point, use the business guides found at http://www.sba.gov/category/navigation- structure/starting-managing-business/managing-business/business-guides-industry 4. Each person should, complete the information security program requirements gathering and analysis exercise using the provided worksheet (below). 5. Finally, each person is to produce an executive-level briefing outlining the organization- level information security program plan, tailored to your chosen industry or type of business, using information from your completed worksheet. Use the outline provided below as a guide for writing your program plan briefing. Organization-level information security program plans describe/specify the required organization and management structures (people and processes), as well as the technologies used to implement required information security protections and countermeasures. Outline: Information Security Program Plan 1. Introduction 2. Security Policy and Planning 3. Personnel Management 4. Physical Security Management 5. Data Security Management 6. Software Security Management 7. Hardware Security Management 8. Network Security Management 9. Business Continuity/Disaster Recovery
Background image of page 1
10. Incident Reporting and Management You have to pick an industry or business from the list above and gear the assignment towards the chosen topic. Use APA style resources and references, and in text citations. Please make sure you everything correctly and make a separate reference page in APA format. There is an attached worksheet below that must be completed with this assignment. Also there is a reference link website that should be use as a guide or called the business guide. Read all directions carefully and it is self explanatory as too what has to be done in this assignment. There is an outline included as to how I want your papers to look like, I want it set up just like that 1-10 like shown on the list.
Background image of page 2
Worksheet: Information Security Program Plan Copy this table into your own Word document and fill it out. Security area Responsible party/office of primary responsibility (OPR) Policy statement Countermeasures/risk mitigation strategy Known vulnerabilities/risks Acquisition (systems/services) Asset management Audit and accountability Authentication and authorization Business continuity Compliance management Configuration control Data* Hardware* Identity management Incident management Maintenance procedures Media protection and destruction Network* Operations Outsourcing Personnel* Physical environment* Planning Risk assessments Security policy and planning* Software* Training Security areas marked with an asterisk (*) must be addressed as a major section in your group's information security program plan. The remaining
Background image of page 1
sections should be addressed as subsections or within a subsection underneath one or more of the major sections.
Background image of page 2
Sign up to view the entire interaction

Recently Asked Questions

Why Join Course Hero?

Course Hero has all the homework and study help you need to succeed! We’ve got course-specific notes, study guides, and practice tests along with expert tutors.

-

Educational Resources
  • -

    Study Documents

    Find the best study resources around, tagged to your specific courses. Share your own to gain free Course Hero access.

    Browse Documents
  • -

    Question & Answers

    Get one-on-one homework help from our expert tutors—available online 24/7. Ask your own questions or browse existing Q&A threads. Satisfaction guaranteed!

    Ask a Question