This is the following scenario you are a security professio
1. This is the Following Scenario:
You are a security professional for Blue Stripe Tech, an IT
services provider with approximately 400 employees. Blue
Stripe Tech partners with industry leaders to provide storage,
networking, virtualization, and cybersecurity to clients.
Blue Stripe Tech recently won a large DoD contract, which will
add 30 percent to the revenue of the organization. It is a high-
priority, high-visibility project. Blue Stripe Tech will be
allowed to make its own budget, project timeline, and tollgate
decisions.
As a security professional for Blue Stripe Tech, you are
responsible for developing security policies for this project.
These policies are required to meet DoD standards for delivery
of IT technology services to the U.S. Air Force Cyber Security
Center (AFCSC), a DoD agency.
To do this, you must develop DoD-approved policies, standards,
and control descriptions for your IT infrastructure (see the
“Tasks” section in this document). The policies you create must
pass DoD-based requirements. Currently, your organization
does not have any DoD contracts and thus has no DoD-
compliant security policies, standards, or controls in place.