- Describe software development team approaches to data management and security.
- Describe interoperability trends in the development of applications and network equipment for increased security.
- Describe the tools and capabilities for identifying and mitigating common risks and vulnerabilities.
- Describe how vendors and developers collaborate in the development of security tools.
- Describe the how the development of protocols encourage collaboration and interoperability among vendors and developers.
Having an effective Security Management Plan and Risk Management Plan are cornerstones to an effective security program within organizations. However, there are many considerations and resources required to develop and maintain effective Security Management Plans and Risk Management Plans.
Assignment Description: Final Project – Develop Security Management Plan and Risk Management Plan
Develop a 15-20 page Security Management and Risk Management Plan about an organization of your choosing. Your report should be double-spaced and the page length requirement is exclusive of the title page, table of contents, and references. For your research and analysis, you should identify seven (7) to ten (10) significant articles/sources relevant to your subject organization and identify and assess security management elements and risks for that type of organization. Be sure to carefully cite (using correct APA 6th edition) all sources of information in your report. The analysis will be conducted using only publicly available information (e.g., information obtainable on the Internet (using a browser), company reports, news reports, journal articles, etc.). Your security management elements and risk analysis should consider legitimate, known security issues and threats that pertain to the subject organization.
NIST provides relevant information on security management and risk management. For example, refer to NIST Special Publication 800-30, Risk Management Guide for Information Technology Systems.
Write a 15-20 page Security Management and Risk Management Plan in which you:
- Select a Subject Organization: Follow these guidelines:
- You may have no connection to the company or its employees (no insider information). All the information you collect must be readily available for anyone to access.
- You should pick a company or organization that has sufficient publicly available information to support a reasonable security management plan and risk management plan, particularly including security issue, threat, and vulnerability identification.
- Develop Subject Organization Information: Examples of relevant information includes:
- Company/Organization name and location
- Company/Organization industry and purpose (i.e., the nature of its business)
- Company/Organization profile (financial information, standing in its industry, reputation)
- Identification of relevant aspects of the company/organization’s computing and network infrastructure, as determined by publicly available information.
- Security Management Elements and Risk Analysis
- In conducting your analysis, focus on identifying the security management elements and the threats and vulnerabilities faced by your subject organization.
- Based on the security elements, threats, and vulnerabilities you identify, next determine both the appropriate security management elements for your organization and the risk analysis and risk mitigation methods for the organization.
- Prepare a Security Management and Risk Management Plan
- Develop a 15-20 page Security Management and Risk Management Plan about an organization of your choosing.
- Incorporate into your plan the information gathered during your research and in the previous steps.
- The report should be prepared using APA Style. All sources of information should be indicated via in-line citations and include a list of references.
This Security Management and Risk Management Plan is worth 200 points (20%) of your total course grade, using the following criteria:
- Clear statement of scope to be analyzed and appropriate coverage of that scope: 30 points
- Content (depth and accuracy of information and analysis pertaining to security management elements, risk management elements, risk analysis and risk mitigation): 100 points
- Recommendations for security management elements, risk management elements, risk analysis and risk mitigation, or other conclusions supported by research and analysis: 30 points
- Clarity, organization, grammar and spelling: 20 points
- APA Style: 20 points
Attached is a detailed explanation... View the full answer