SlideShare a Scribd company logo

· Appendix C• No single word responses (At least 250 – 300 wor

Download as DOCX, PDF
L
LesleyWhitesidefv

· Appendix C • No single word responses (At least 250 – 300 words in your response. • Give questions some thought and answer honestly and sincerely • Give examples if you have them • Cite resources Scenario: • Your 79, year old female patient suffered a stroke 6 months ago. She is cared for in her sister’s home. The patient is dependent for position changes. She is unable to communicate the need to be turned. She must be fed at all meals. She has a stage II pressure injury on her sacral area. Questions: • Develop a teaching plan for the family to ensure that the patient’s needs are met Threaded Discussion #9 Musculoskeletal Directions: Musculoskeletal • A 72, year old man lived a fairly sedentary lifestyle as an accountant. Now that he is retired, he recognizes the need to be active to maintain his health as long as possible. He is concerned, however, that it is too late for him to start exercising because he has never engaged in such activities. Part 1: • The original post must be at least 250 – 300 words in length • What encouragement, if any can you give him? • What suggestions can you make for an exercise program? 12/2/21, 6:52 PMProject 3 - IT Security Audit Policy & Plans - CSIA 413 7381 Cybers…licy, Plans, and Programs (2218) - UMGC Learning Management System Page 1 of 5https://learn.umgc.edu/d2l/lms/dropbox/user/folder_submit_files.d2l?db=1156965&grpid=0&isprv=0&bp=0&ou=616134 Project 3: IT Audit Policy & Plans Course: CSIA 413 7381 Cybersecurity Policy, Plans, and Programs (2218) Execu!ve Summary Excellent Outstanding Acceptable Needs Improvement Needs Significant Improvement Missing or Unacceptable Criterion Score Execu!ve Summary for the Policy Briefing Package / 1010 points The Execu!ve Summary provided an excellent summary of the policy package's purpose and contents. Informa!on about the case study company was well integrated into the summary. Each policy was individually introduced and clearly explained. The material was well organized and easy to read. 8.5 points The Execu!ve Summary provided an outstanding summary of the policy package's purpose and contents. Informa!on about the case study company was integrated into the summary. Each policy in the briefing package was individually introduced and briefly explained. The material was well organized and easy to read. 7 points The Execu!ve Summary provided an acceptable overview of the contents of the policy package. Informa!on about the case study company was used in the summary. Each policy in the briefing package was named and briefly explained. 6 points The Execu!ve Summary provided an overview of the policy package. Informa!on about the case study company was men!oned. 4 points An execu!ve summary was provided but lacked details as to the purpose and contents of the policy package. (Or, inappropriate or excessive copying from other authors' work.) 0 points No work submi"ed. P ...

Education
1 of 63
· Appendix C • No single word responses (At least 250 – 300 words in your response. • Give questions some thought and answer honestly and sincerely • Give examples if you have them • Cite resources Scenario: • Your 79, year old female patient suffered a stroke 6 months ago. She is cared for in her sister’s home. The patient is dependent for position changes. She is unable to communicate the need to be turned. She must be fed at all meals. She has a stage II pressure injury on her sacral area. Questions: • Develop a teaching plan for the family to ensure that the patient’s needs are met Threaded Discussion #9 Musculoskeletal Directions: Musculoskeletal • A 72, year old man lived a fairly sedentary lifestyle as an accountant. Now that he is retired, he recognizes the need to be active to maintain his health as long as possible. He is concerned, however, that it is too late for him to start exercising because he has never engaged in such activities. Part 1: • The original post must be at least 250 – 300 words in length • What encouragement, if any can you give him? • What suggestions can you make for an exercise program?
12/2/21, 6:52 PMProject 3 - IT Security Audit Policy & Plans - CSIA 413 7381 Cybers…licy, Plans, and Programs (2218) - UMGC Learning Management System Page 1 of 5https://learn.umgc.edu/d2l/lms/dropbox/user/folder_submit_fil es.d2l?db=1156965&grpid=0&isprv=0&bp=0&ou=616134 Project 3: IT Audit Policy & Plans Course: CSIA 413 7381 Cybersecurity Policy, Plans, and Programs (2218) Execu!ve Summary Excellent Outstanding Acceptable Needs Improvement Needs Significant Improvement Missing or Unacceptable Criterion Score Execu!ve Summary for the Policy Briefing Package
/ 1010 points The Execu!ve Summary provided an excellent summary of the policy package's purpose and contents. Informa!on about the case study company was well integrated into the summary. Each policy was individually introduced and clearly explained. The material was
well organized and easy to read. 8.5 points The Execu!ve Summary provided an outstanding summary of the policy package's purpose and contents. Informa!on about the case study company was integrated into the summary. Each policy in the briefing package was individually
introduced and briefly explained. The material was well organized and easy to read. 7 points The Execu!ve Summary provided an acceptable overview of the contents of the policy package. Informa!on about the case study company was used in the summary. Each policy in the briefing package was named
and briefly explained. 6 points The Execu!ve Summary provided an overview of the policy package. Informa!on about the case study company was men!oned. 4 points An execu!ve summary was provided but lacked details as to the purpose and contents of the policy package. (Or,
inappropriate or excessive copying from other authors' work.) 0 points No work submi"ed. Policy for IT Security Policy Compliance Audits Excellent Outstanding Acceptable Needs Improvement Needs Significant Improvement Missing or Unacceptable Criterion Score Policy Introduc!on / 10
/ 10 10 points The policy contained an excellent introduc!on which addressed five or more specific characteris!cs of the company's business, legal & regulatory, and/or enterprise IT environments and addressed the reasons why employees must comply with this policy. Compliance requirements are
addressed and contact informa!on is provided for ques!ons about the policy. 8.5 points The policy contained an outstanding introduc!on which addressed three or more specific characteris!cs of the company's business, legal & regulatory, and/or enterprise IT environments and addressed the reasons why
employees must comply with this policy. Compliance requirements are addressed and contact informa!on is provided for ques!ons about the policy. 7 points The introduc!on for the policy was customized for the case study company. Three or more specific characteris!cs of the company's business,
legal & regulatory, and/or enterprise IT environments were incorporated into the policy. Compliance requirements were addressed. 6 points The introduc!on to the policy men!ons the case study company and compliance requirements. 4 points The policy was built from a sample template or list of
"recommended" audit policy contents without customiza!on for the case study company. (Or, inappropriate or excessive copying from other authors' work.) 0 points No work submi"ed. 10 points The issue specific policy provided excellent (clear and 8.5 points The issue specific policy provided
outstanding 7 points The issue specific policy provided adequate coverage 6 points The issue specific policy men!oned at least 3 of the 4 points The issue specific policy was disorganized and 0 points No work submi"ed. 12/2/21, 6:52 PMProject 3 - IT Security Audit Policy & Plans - CSIA 413 7381 Cybers…licy, Plans, and Programs (2218) - UMGC Learning Management System
Page 2 of 5https://learn.umgc.edu/d2l/lms/dropbox/user/folder_submit_fil es.d2l?db=1156965&grpid=0&isprv=0&bp=0&ou=616134 Policy Content concise) coverage of the following: policy issue (do required policies exist and have they been properly ve"ed & approved) policy solu!on (audi!ng all IT security policies to determine compliance with security
controls) applicability (to what and to whom the policy applies) compliance requirements point of contact (for more informa!on) The policy was easy to understand and thoroughly covered the required content. coverage of the following: policy issue
(do required policies exist and have they been properly ve"ed & approved) policy solu!on (audi!ng all IT security policies to determine compliance with security controls) applicability (to what and to whom the policy applies)
compliance requirements point of contact (for more informa!on) The policy was easy to understand and addressed all required content. of the following: policy issue (do required policies exist and have they been properly ve"ed & approved)
policy solu!on (audi!ng all IT security policies to determine compliance with security controls) applicability (to what and to whom the policy applies) compliance requirements point of contact (for more informa!on)
The policy was easy to understand and included all required content. following: policy issue (do required policies exist and have they been properly ve"ed & approved) policy solu!on (audi!ng all IT security policies to determine compliance
with security controls) applicability (to what and to whom the policy applies) compliance requirements point of contact (for more informa!on) difficult to understand. OR, the policy was significantly lacking in content. (Or, inappropriate or
excessive copying from other authors' work.) Audit Plans Excellent Outstanding Acceptable Needs Improvement Needs Significant Improvement Missing or Unacceptable Criterion Score Security Awareness Audit Plan: Audit Background / 1010 points The Security Awareness audit plan contained an excellent background sec!on which
iden!fied and discussed 5 or more risks which drive the requirements and objec!ves for this audit. IT security controls for security awareness (AT family of controls from NIST SP 800-53) and related compliance requirements were iden!fied and discussed. Contact informa!on was provided for the audit manager. Informa!on from the
case study was well integrated into the background material. 8.5 points The Security Awareness audit plan contained an outstanding background sec!on which iden!fied and discussed 3 or more risks which drive the requirements and objec!ves for this audit. IT security controls for security awareness (AT family of controls from
NIST SP 800-53) and related compliance requirements were iden!fied and discussed. Contact informa!on was provided for the audit manager. Informa!on from the case study was well integrated into the background material. 7 points The Security Awareness audit plan contained an acceptable background sec!on which discussed one
or more risks which drive the requirements and objec!ves for this audit. IT security controls for security awareness (AT family of controls from NIST SP 800-53) and related compliance requirements were discussed. Contact informa!on was provided for the audit manager. Some informa!on from the case study was integrated into the
background material. 6 points The background sec!on men!ons risks as drivers for the Security Awareness audit. Security controls and compliance requirements were men!oned. Informa!on from the case study was used. 4 points The Security Awareness audit plan was built from a sample template or
list of "recommended" audit plan contents without customiza!on for the case study company. (Or, inappropriate or excessive copying from other authors' work.) 0 points No work submi"ed. 12/2/21, 6:52 PMProject 3 - IT Security Audit Policy & Plans - CSIA 413 7381 Cybers…licy, Plans, and Programs (2218) - UMGC Learning Management System Page 3 of 5https://learn.umgc.edu/d2l/lms/dropbox/user/folder_submit_fi l es.d2l?db=1156965&grpid=0&isprv=0&bp=0&ou=616134 Security
Awareness Audit Plan: Audit Objec!ves / 5 Security Awareness Audit Plan: Audit Approach / 15 / 10 5 points A clear and concise set of audit objec!ves were presented. These objec!ves addressed (and named) each security control in
the Awareness & Training (AT) family (as listed in NIST SP 800-53). 4 points A well wri"en set of audit objec!ves were presented. The audit objec!ves addressed (and named) 4 or more security controls in the Awareness & Training (AT) family (as listed in NIST SP 800-53). 3 points Three or more audit
objec!ves were presented. Each objec!ve was mapped to a specific security control from the Awareness & Training (AT) family (as listed in NIST SP 800-53). 2 points Audit objec!ves were men!oned and discussed. But, the objec!ves were not clearly iden!fied or were not !ed to security controls from the Awareness
& Training (AT) family. 1 point Audit objec!ves were men!oned but not clearly iden!fied or expressed. (Or, inappropriate or excessive copying from other authors' work.) 0 points Missing or no work submi"ed. 15 points The Audit Approach clearly and concisely iden!fied and
described the major elements in the data collec!on strategy (what data will be collected, how it will be collected, what will be measured). The data collec!on strategy was supported by a checklist (for a document review) or list of ques!ons (for a survey). The rela!onship between the audit approach and the measurement of the effec!veness of the
security controls implementa!on was explained. 13.5 points The Audit Approach clearly iden!fied the major elements in the data collec!on strategy (what data will be collected, how it will be collected, what will be measured). The data collec!on strategy was supported by a checklist (for a document review) or
list of ques!ons (for a survey). The rela!onship between the audit approach and the measurement of the effec!veness of the security controls implementa!on was clearly stated. 12 points The Audit Approach adequately addressed the data collec!on strategy and provided sufficient informa!on that the
reader could understand how the effec!veness of the security controls implementa!on would be determined. 10.5 points Organiza!on and appearance need improvement. The Audit Approach addressed the data collec!on strategy and provided some informa!on about how compliance would be measured.
6 points The Audit Approach was disorganized and difficult to understand. OR, the approach was significantly lacking in content (data collec!on strategy was not clearly iden!fied). (Or, inappropriate or excessive copying from other authors' work.) 0 points No work submi"ed. 10 points
The IT Security Policies audit plan contained an excellent background sec!on which iden!fied and discussed 5 or more risks which drive the requirements and objec!ves for this audit. The 18 IT security policies & procedures security controls (e.g. AC-1, AT-1, etc. in NIST SP 800-53) were iden!fied and
discussed. Five or more addi!onal controls from the PM & PL families were also addressed. Contact informa!on 8.5 points The IT Security Policies audit plan contained an outstanding background sec!on which iden!fied and discussed 3 or more risks which drive the requirements and objec!ves for this audit.
At least 12 IT security policies & procedures security controls (e.g. AC-1, AT-1, etc. in NIST SP 800-53) were iden!fied and discussed. Three or more addi!onal controls from the PM & PL families were also addressed. Contact informa!on 7 points The IT Security Policies audit plan contained an acceptable
background sec!on which iden!fied 3 or more risks which drive the requirements and objec!ves for this audit. At least 10 IT security policies & procedures security controls (e.g. AC-1, AT-1, etc. in NIST SP 800-53) were iden!fied and discussed. Three or more addi!onal controls from the PM & PL families
were also addressed. Contact informa!on 6 points The background sec!on men!ons risks as drivers for the IT Security Policies audit. Security controls and compliance requirements were men!oned. Informa!on from the case study was used. 4 points The IT Security Policies audit plan was built from a
sample template or list of "recommended" audit plan contents without customiza!on for the case study company. (Or, inappropriate or excessive copying from other authors' work.) 0 points No work submi"ed. 12/2/21, 6:52 PMProject 3 - IT Security Audit Policy & Plans - CSIA 413 7381 Cybers…licy, Plans, and Programs (2218) - UMGC Learning Management System Page 4 of 5https://learn.umgc.edu/d2l/lms/dropbox/user/folder_submit_fil es.d2l?db=1156965&grpid=0&isprv=0&bp=0&ou=616134
IT Security Policies Audit Plan: Audit Background IT Security Policies Audit Plan: Audit Objec!ves / 5 IT Security Policies Audit Plan: Audit Approach / 15 was provided for the audit manager. Informa!on from the case study was well
integrated into the background material. was provided for the audit manager. Informa!on from the case study was well integrated into the background material. was provided for the audit manager. Informa!on from the case study was integrated into the background material. 5 points A clear and concise set of audit objec!ves were
presented. These objec!ves addressed (and named) all 18 policy & procedures security controls (e.g. AC-1, AT-1 as listed in NIST SP 800-53). 4 points A well wri"en set of audit objec!ves were presented. These objec!ves addressed (and named) at least 12 of the policy & procedures security controls (e.g. AC-1, AT-1 as listed in NIST SP 800-53).
3 points Three or more audit objec!ves were presented. These objec!ves addressed (and named) at least 10 of the policy & procedures security controls (e.g. AC-1, AT-1 as listed in NIST SP 800-53). 2 points Audit objec!ves were men!oned and discussed. But, the objec!ves were not clearly iden!fied or were not !ed to
policy & procedures IT security controls from NIST SP 800- 53. 1 point Audit objec!ves were men!oned but not clearly iden!fied or expressed. (Or, inappropriate or excessive copying from other authors' work.) 0 points Missing or no work submi"ed. 15 points The Audit Approach
clearly and concisely iden!fied and described the major elements in the data collec!on strategy (what data will be collected, how it will be collected, what will be measured). The data collec!on strategy was supported by a checklist (for a document review) or list of ques!ons (for a survey). The rela!onship between the audit approach
and the measurement of the effec!veness of the security controls implementa!on was explained. 13.5 points The Audit Approach clearly iden!fied the major elements in the data collec!on strategy (what data will be collected, how it will be collected, what will be measured). The data collec!on strategy was
supported by a checklist (for a document review) or list of ques!ons (for a survey). The rela!onship between the audit approach and the measurement of the effec!veness of the security controls implementa!on was clearly stated. 12 points The Audit Approach adequately addressed the data collec!on strategy
and provided sufficient informa!on that the reader could understand how the effec!veness of the security controls implementa!on would be determined. 10.5 points Organiza!on and appearance need improvement. The Audit Approach addressed the data collec!on strategy and provided some
informa!on about how compliance would be measured. 6 points The Audit Approach was disorganized and difficult to understand. OR, the approach was significantly lacking in content (data collec!on strategy was not clearly iden!fied). (Or, inappropriate or excessive copying from other authors' work.)
0 points No work submi"ed. Professionalism Excellent Outstanding Acceptable Needs Improvement Needs Significant Improvement Missing or Unacceptable Criterion Score / 1010 points Work is professional in appearance and organiza!on (appropriate and consistent use of fonts, headings, color). No word usage, grammar, spelling, or punctua!on errors.
All quota!ons (copied text) are properly marked and cited using a professional format 8.5 points Work is professional in appearance and organiza!on (appropriate and consistent use of fonts, headings, color). Work contains minor errors in word usage, grammar, spelling or punctua!on which do not significantly
impact professional appearance. All quota!ons (copied 7 points Work is professional in appearance and organiza!on (minor issues allowable but overall the work contains appropriate and consistent use of fonts, headings, color). Errors in word usage, spelling, grammar, or punctua!on which detract from professional
appearance of the 6 points Submi"ed work has numerous errors in forma%ng, organiza!on, word usage, spelling, grammar, or punctua!on which detract from readability and professional appearance. Punctua!on errors may include failure to properly mark quoted or copied 4 points
Submi"ed work is difficult to read / understand and has significant errors in forma%ng, appearance / organiza!on, spelling, grammar, punctua!on, or word usage. Significant errors in presenta!on of copied text (lacks proper punctua!on and failed to 0 points No work submi"ed. OR, work contains
significant instances of cut-and-paste without proper ci!ng / a"ribu!on to the original work or author. 12/2/21, 6:52 PMProject 3 - IT Security Audit Policy & Plans - CSIA 413 7381 Cybers…licy, Plans, and Programs (2218) - UMGC Learning Management System Page 5 of 5https://learn.umgc.edu/d2l/lms/dropbox/user/folder_submit_fil es.d2l?db=1156965&grpid=0&isprv=0&bp=0&ou=616134 Total / 100 Overall Score Execu!on (APA format recommended but not required.) text) are properly marked and cited
using a professional format (APA format recommended but not required.) submi"ed work. All quota!ons (copied text) are properly marked and cited using a professional format (APA format recommended but not required.) material (an a"empt to name original source is required). a"ribute material to original source). Do Not Use This Block
0 points minimum Project #3: IT Audit Policy and Plans Company Background & Operating Environment Red Clay Renovations is an internationally recognized, awarding winning firm that specializes in the renovation and rehabilitation of residential buildings and dwellings. The company specializes in updating homes using “smart home” and “Internet of Things” technologies while maintaining period correct architectural characteristics. Please refer to the company profile (for additional background information and information about the company’s operating environment. Policy Issue & Plan of Action The corporate board was recently briefed by the Chief Information Officer concerning the company’s IT Security Program and how this program contributes to the company’s risk management strategy. During the briefing, the CIO presented assessment reports and audit findings from IT security audits. These audits focused upon the technical infrastructure and the effectiveness and efficiency of the company’s implementation of security controls. During the discussion period, members of the corporate board asked about audits of policy compliance and assessments as to the degree that employees were (a) aware of IT security policies and (b) complying with these policies. The Chief Information Officer was tasked with providing the following items to the board before its next quarterly meeting: (a) Issue Specific Policy requiring an annual compliance audit for IT security policies as documented in the company’s Policy System (b) Audit Plan for assessing employee awareness of and compliance with IT security policies a. Are employees aware of the IT security policies in the
Employee Handbook? b. Do employees know their responsibilities under those policies? (c) Audit Plan for assessing the IT security policy system a. Do required policies exist? b. Have they been updated within the past year? c. Are the policies being reviewed and approved by the appropriate oversight authorities (managers, IT governance board, etc.)? Your Task Assignment As a staff member supporting the CISO, you have been asked to research this issue (auditing IT security policy compliance) and then prepare an “approval draft” for a compliance policy. You must also research and draft two separate audit plans (a) employee compliance and (b) policy system audit. The audit policy should not exceed two typed pages in length so you will need to be concise in your writing and only include the most important elements for the policy. Make sure that you include a requirement for an assessment report to be provided to company management and the corporate board of directors. · For the employee compliance assessment, you must use an interview strategy which includes 10 or more multiple choice questions that can be used to construct a web-based survey of all employees. The questions should be split between (a) awareness of key policies and (b) awareness of personal responsibilities in regards to compliance. · For the policy system audit, you should use a documentation assessment strategy which reviews the contents of the individual policies to determine when the policy was last updated, who “owns” the policy, who reviewed the policy, and who approved the policy for implementation. Research: 1. Review the table of contents and relevant chapters in the Certified Information Privacy Professional textbook to find information about legal and regulatory drivers.
2. Review the weekly readings including the example audit assessment report. 3. Review work completed previously in this course which provides background about the IT Policy System and specific policies for the case study company. 4. Find additional resources which discuss IT compliance audits and/or policy system audits. Write: 1. Prepare briefing package with approval drafts of the three required documents. Place all three documents in a single MS Word (.doc or .docx) files. 2. Your briefing package must contain the following: · Executive Summary · “Approval Drafts” for · Issue Specific Policy for IT Security Policy Compliance Audits · Audit Plan for IT Security Policy Awareness & Compliance (Employee Survey) · Audit Plan for IT Security Policies Audit (Documentation Review) As you write your policy and audit plans, make sure that you address security issues using standard cybersecurity terminology. 3. Use a professional format for your policy documents and briefing package. Your policy documents should be consistently formatted and easy to read. 4. You must include a cover page with the assignment title, your name, and the due date. Your reference list must be on a separate page at the end of your file. These pages do not count towards the assignment’s page count. 5. Common phrases do not require citations. If there is doubt as to whether or not information requires attribution, provide a footnote with publication information or use APA format citations and references. 6. You are expected to write grammatically correct English in
every assignment that you submit for grading. Do not turn in any work without (a) using spell check, (b) using grammar check, (c) verifying that your punctuation is correct and (d) reviewing your work for correct word usage and correctly structured sentences and paragraphs. 7. Consult the grading rubric for specific content and formatting requirements for this assignment. 8. Submit your briefing package in MS Word format (.docx or .doc file) for grading using your assignment folder. (Attach the file.) Copyright ©2021 by University of Maryland Global Campus. All Rights Reserved

Recommended

• • ELEVENTH EDITION BUSINESS DATA NETWORKS AND
• • ELEVENTH EDITION BUSINESS DATA NETWORKS AND • • ELEVENTH EDITION BUSINESS DATA NETWORKS AND
• • ELEVENTH EDITION BUSINESS DATA NETWORKS AND
LesleyWhitesidefv
 
⁎ Corresponding author.E-mail addresses [email protected] (
⁎ Corresponding author.E-mail addresses [email protected] (⁎ Corresponding author.E-mail addresses [email protected] (
⁎ Corresponding author.E-mail addresses [email protected] (
LesleyWhitesidefv
 
‘ICHAPTER TWOChapter Objectives• To define stakehold
‘ICHAPTER TWOChapter Objectives• To define stakehold‘ICHAPTER TWOChapter Objectives• To define stakehold
‘ICHAPTER TWOChapter Objectives• To define stakehold
LesleyWhitesidefv
 
– 272 –C H A P T E R T E Nk Introductionk Alber
– 272 –C H A P T E R T E Nk Introductionk Alber– 272 –C H A P T E R T E Nk Introductionk Alber
– 272 –C H A P T E R T E Nk Introductionk Alber
LesleyWhitesidefv
 
‘Jm So when was the first time you realised you were using everyd
‘Jm So when was the first time you realised you were using everyd‘Jm So when was the first time you realised you were using everyd
‘Jm So when was the first time you realised you were using everyd
LesleyWhitesidefv
 
•2To begin with a definition Self-esteem is the disp
•2To begin with a definition Self-esteem is the disp•2To begin with a definition Self-esteem is the disp
•2To begin with a definition Self-esteem is the disp
LesleyWhitesidefv
 
• Sultan Alalshaikh, Doctoral Student, Pepperdine University G
• Sultan Alalshaikh, Doctoral Student, Pepperdine University G• Sultan Alalshaikh, Doctoral Student, Pepperdine University G
• Sultan Alalshaikh, Doctoral Student, Pepperdine University G
LesleyWhitesidefv
 
•2Notes for the professorMuch of the content on these
•2Notes for the professorMuch of the content on these•2Notes for the professorMuch of the content on these
•2Notes for the professorMuch of the content on these
LesleyWhitesidefv
 

Recommended

• • ELEVENTH EDITION BUSINESS DATA NETWORKS AND
• • ELEVENTH EDITION BUSINESS DATA NETWORKS AND • • ELEVENTH EDITION BUSINESS DATA NETWORKS AND
• • ELEVENTH EDITION BUSINESS DATA NETWORKS AND
LesleyWhitesidefv
 
⁎ Corresponding author.E-mail addresses [email protected] (
⁎ Corresponding author.E-mail addresses [email protected] (⁎ Corresponding author.E-mail addresses [email protected] (
⁎ Corresponding author.E-mail addresses [email protected] (
LesleyWhitesidefv
 
‘ICHAPTER TWOChapter Objectives• To define stakehold
‘ICHAPTER TWOChapter Objectives• To define stakehold‘ICHAPTER TWOChapter Objectives• To define stakehold
‘ICHAPTER TWOChapter Objectives• To define stakehold
LesleyWhitesidefv
 
– 272 –C H A P T E R T E Nk Introductionk Alber
– 272 –C H A P T E R T E Nk Introductionk Alber– 272 –C H A P T E R T E Nk Introductionk Alber
– 272 –C H A P T E R T E Nk Introductionk Alber
LesleyWhitesidefv
 
‘Jm So when was the first time you realised you were using everyd
‘Jm So when was the first time you realised you were using everyd‘Jm So when was the first time you realised you were using everyd
‘Jm So when was the first time you realised you were using everyd
LesleyWhitesidefv
 
•2To begin with a definition Self-esteem is the disp
•2To begin with a definition Self-esteem is the disp•2To begin with a definition Self-esteem is the disp
•2To begin with a definition Self-esteem is the disp
LesleyWhitesidefv
 
• Sultan Alalshaikh, Doctoral Student, Pepperdine University G
• Sultan Alalshaikh, Doctoral Student, Pepperdine University G• Sultan Alalshaikh, Doctoral Student, Pepperdine University G
• Sultan Alalshaikh, Doctoral Student, Pepperdine University G
LesleyWhitesidefv
 
•2Notes for the professorMuch of the content on these
•2Notes for the professorMuch of the content on these•2Notes for the professorMuch of the content on these
•2Notes for the professorMuch of the content on these
LesleyWhitesidefv
 
· You must respond to at least two of your peers by extending, ref
· You must respond to at least two of your peers by extending, ref· You must respond to at least two of your peers by extending, ref
· You must respond to at least two of your peers by extending, ref
LesleyWhitesidefv
 
· You have choices. You should answer three of the four available
· You have choices. You should answer three of the four available · You have choices. You should answer three of the four available
· You have choices. You should answer three of the four available
LesleyWhitesidefv
 
· You may choose one or more chapters from E.G. Whites, The Minist
· You may choose one or more chapters from E.G. Whites, The Minist· You may choose one or more chapters from E.G. Whites, The Minist
· You may choose one or more chapters from E.G. Whites, The Minist
LesleyWhitesidefv
 
· · Prepare a 2-page interprofessional staff update on HIPAA and
· · Prepare a 2-page interprofessional staff update on HIPAA and· · Prepare a 2-page interprofessional staff update on HIPAA and
· · Prepare a 2-page interprofessional staff update on HIPAA and
LesleyWhitesidefv
 
·  Review the case study and, based on the provided information,
·  Review the case study and, based on the provided information,·  Review the case study and, based on the provided information,
·  Review the case study and, based on the provided information,
LesleyWhitesidefv
 
·   · Introduction· What is hyperpituitarism and hypopituitari
·   · Introduction· What is hyperpituitarism and hypopituitari·   · Introduction· What is hyperpituitarism and hypopituitari
·   · Introduction· What is hyperpituitarism and hypopituitari
LesleyWhitesidefv
 
· · Write a 3 page paper in which you analyze why regulatory age
· · Write a 3 page paper in which you analyze why regulatory age· · Write a 3 page paper in which you analyze why regulatory age
· · Write a 3 page paper in which you analyze why regulatory age
LesleyWhitesidefv
 
· Write a response as directed to each of the three case studies a
· Write a response as directed to each of the three case studies a· Write a response as directed to each of the three case studies a
· Write a response as directed to each of the three case studies a
LesleyWhitesidefv
 
· Write a brief (one paragraph) summary for each reading.· · R
· Write a brief (one paragraph) summary for each reading.· · R· Write a brief (one paragraph) summary for each reading.· · R
· Write a brief (one paragraph) summary for each reading.· · R
LesleyWhitesidefv
 
· Write a 2-page single spaced (12 font Times New Roman) book repo
· Write a 2-page single spaced (12 font Times New Roman) book repo· Write a 2-page single spaced (12 font Times New Roman) book repo
· Write a 2-page single spaced (12 font Times New Roman) book repo
LesleyWhitesidefv
 
· Weight 11 of course gradeInstructionsData Instrument and D
· Weight 11 of course gradeInstructionsData Instrument and D· Weight 11 of course gradeInstructionsData Instrument and D
· Weight 11 of course gradeInstructionsData Instrument and D
LesleyWhitesidefv
 
· Week 3 Crime Analysis BurglaryRobbery· ReadCozens, P. M.
· Week 3 Crime Analysis BurglaryRobbery· ReadCozens, P. M.· Week 3 Crime Analysis BurglaryRobbery· ReadCozens, P. M.
· Week 3 Crime Analysis BurglaryRobbery· ReadCozens, P. M.
LesleyWhitesidefv
 
· What does the Goodale and Humphrey (1998) article mean by the f
· What does the Goodale and Humphrey (1998) article mean by the f· What does the Goodale and Humphrey (1998) article mean by the f
· What does the Goodale and Humphrey (1998) article mean by the f
LesleyWhitesidefv
 
· You must respond to at least two of your peers by extendin
· You must respond to at least two of your peers by extendin· You must respond to at least two of your peers by extendin
· You must respond to at least two of your peers by extendin
LesleyWhitesidefv
 
· Student paper86Student paperOf all the things I do well, wh
· Student paper86Student paperOf all the things I do well, wh· Student paper86Student paperOf all the things I do well, wh
· Student paper86Student paperOf all the things I do well, wh
LesleyWhitesidefv
 
· Self-Assessment· InterpretationValues and Moral Survey of St
· Self-Assessment· InterpretationValues and Moral Survey of St· Self-Assessment· InterpretationValues and Moral Survey of St
· Self-Assessment· InterpretationValues and Moral Survey of St
LesleyWhitesidefv
 
· Résumé or CV on file· CUR516 - Week 8 Signature Ass
· Résumé or CV on file· CUR516 - Week 8 Signature Ass· Résumé or CV on file· CUR516 - Week 8 Signature Ass
· Résumé or CV on file· CUR516 - Week 8 Signature Ass
LesleyWhitesidefv
 
· Military Equipment for Local Law EnforcementCompetencies Addre
· Military Equipment for Local Law EnforcementCompetencies Addre· Military Equipment for Local Law EnforcementCompetencies Addre
· Military Equipment for Local Law EnforcementCompetencies Addre
LesleyWhitesidefv
 
· Respond by extending, refutingcorrecting, or adding additional
· Respond by extending, refutingcorrecting, or adding additional · Respond by extending, refutingcorrecting, or adding additional
· Respond by extending, refutingcorrecting, or adding additional
LesleyWhitesidefv
 
· Most important thing you’ll learn during personal finance &
· Most important thing you’ll learn during personal finance & · Most important thing you’ll learn during personal finance &
· Most important thing you’ll learn during personal finance &
LesleyWhitesidefv
 

More Related Content

More from LesleyWhitesidefv

· You must respond to at least two of your peers by extending, ref
· You must respond to at least two of your peers by extending, ref· You must respond to at least two of your peers by extending, ref
· You must respond to at least two of your peers by extending, ref
LesleyWhitesidefv
 
· You have choices. You should answer three of the four available
· You have choices. You should answer three of the four available · You have choices. You should answer three of the four available
· You have choices. You should answer three of the four available
LesleyWhitesidefv
 
· You may choose one or more chapters from E.G. Whites, The Minist
· You may choose one or more chapters from E.G. Whites, The Minist· You may choose one or more chapters from E.G. Whites, The Minist
· You may choose one or more chapters from E.G. Whites, The Minist
LesleyWhitesidefv
 
· · Prepare a 2-page interprofessional staff update on HIPAA and
· · Prepare a 2-page interprofessional staff update on HIPAA and· · Prepare a 2-page interprofessional staff update on HIPAA and
· · Prepare a 2-page interprofessional staff update on HIPAA and
LesleyWhitesidefv
 
·  Review the case study and, based on the provided information,
·  Review the case study and, based on the provided information,·  Review the case study and, based on the provided information,
·  Review the case study and, based on the provided information,
LesleyWhitesidefv
 
·   · Introduction· What is hyperpituitarism and hypopituitari
·   · Introduction· What is hyperpituitarism and hypopituitari·   · Introduction· What is hyperpituitarism and hypopituitari
·   · Introduction· What is hyperpituitarism and hypopituitari
LesleyWhitesidefv
 
· · Write a 3 page paper in which you analyze why regulatory age
· · Write a 3 page paper in which you analyze why regulatory age· · Write a 3 page paper in which you analyze why regulatory age
· · Write a 3 page paper in which you analyze why regulatory age
LesleyWhitesidefv
 
· Write a response as directed to each of the three case studies a
· Write a response as directed to each of the three case studies a· Write a response as directed to each of the three case studies a
· Write a response as directed to each of the three case studies a
LesleyWhitesidefv
 
· Write a brief (one paragraph) summary for each reading.· · R
· Write a brief (one paragraph) summary for each reading.· · R· Write a brief (one paragraph) summary for each reading.· · R
· Write a brief (one paragraph) summary for each reading.· · R
LesleyWhitesidefv
 
· Write a 2-page single spaced (12 font Times New Roman) book repo
· Write a 2-page single spaced (12 font Times New Roman) book repo· Write a 2-page single spaced (12 font Times New Roman) book repo
· Write a 2-page single spaced (12 font Times New Roman) book repo
LesleyWhitesidefv
 
· Weight 11 of course gradeInstructionsData Instrument and D
· Weight 11 of course gradeInstructionsData Instrument and D· Weight 11 of course gradeInstructionsData Instrument and D
· Weight 11 of course gradeInstructionsData Instrument and D
LesleyWhitesidefv
 
· Week 3 Crime Analysis BurglaryRobbery· ReadCozens, P. M.
· Week 3 Crime Analysis BurglaryRobbery· ReadCozens, P. M.· Week 3 Crime Analysis BurglaryRobbery· ReadCozens, P. M.
· Week 3 Crime Analysis BurglaryRobbery· ReadCozens, P. M.
LesleyWhitesidefv
 
· What does the Goodale and Humphrey (1998) article mean by the f
· What does the Goodale and Humphrey (1998) article mean by the f· What does the Goodale and Humphrey (1998) article mean by the f
· What does the Goodale and Humphrey (1998) article mean by the f
LesleyWhitesidefv
 
· You must respond to at least two of your peers by extendin
· You must respond to at least two of your peers by extendin· You must respond to at least two of your peers by extendin
· You must respond to at least two of your peers by extendin
LesleyWhitesidefv
 
· Student paper86Student paperOf all the things I do well, wh
· Student paper86Student paperOf all the things I do well, wh· Student paper86Student paperOf all the things I do well, wh
· Student paper86Student paperOf all the things I do well, wh
LesleyWhitesidefv
 
· Self-Assessment· InterpretationValues and Moral Survey of St
· Self-Assessment· InterpretationValues and Moral Survey of St· Self-Assessment· InterpretationValues and Moral Survey of St
· Self-Assessment· InterpretationValues and Moral Survey of St
LesleyWhitesidefv
 
· Résumé or CV on file· CUR516 - Week 8 Signature Ass
· Résumé or CV on file· CUR516 - Week 8 Signature Ass· Résumé or CV on file· CUR516 - Week 8 Signature Ass
· Résumé or CV on file· CUR516 - Week 8 Signature Ass
LesleyWhitesidefv
 
· Military Equipment for Local Law EnforcementCompetencies Addre
· Military Equipment for Local Law EnforcementCompetencies Addre· Military Equipment for Local Law EnforcementCompetencies Addre
· Military Equipment for Local Law EnforcementCompetencies Addre
LesleyWhitesidefv
 
· Respond by extending, refutingcorrecting, or adding additional
· Respond by extending, refutingcorrecting, or adding additional · Respond by extending, refutingcorrecting, or adding additional
· Respond by extending, refutingcorrecting, or adding additional
LesleyWhitesidefv
 
· Most important thing you’ll learn during personal finance &
· Most important thing you’ll learn during personal finance & · Most important thing you’ll learn during personal finance &
· Most important thing you’ll learn during personal finance &
LesleyWhitesidefv
 

More from LesleyWhitesidefv (20)

· You must respond to at least two of your peers by extending, ref
· You must respond to at least two of your peers by extending, ref· You must respond to at least two of your peers by extending, ref
· You must respond to at least two of your peers by extending, ref
 
· You have choices. You should answer three of the four available
· You have choices. You should answer three of the four available · You have choices. You should answer three of the four available
· You have choices. You should answer three of the four available
 
· You may choose one or more chapters from E.G. Whites, The Minist
· You may choose one or more chapters from E.G. Whites, The Minist· You may choose one or more chapters from E.G. Whites, The Minist
· You may choose one or more chapters from E.G. Whites, The Minist
 
· · Prepare a 2-page interprofessional staff update on HIPAA and
· · Prepare a 2-page interprofessional staff update on HIPAA and· · Prepare a 2-page interprofessional staff update on HIPAA and
· · Prepare a 2-page interprofessional staff update on HIPAA and
 
·  Review the case study and, based on the provided information,
·  Review the case study and, based on the provided information,·  Review the case study and, based on the provided information,
·  Review the case study and, based on the provided information,
 
·   · Introduction· What is hyperpituitarism and hypopituitari
·   · Introduction· What is hyperpituitarism and hypopituitari·   · Introduction· What is hyperpituitarism and hypopituitari
·   · Introduction· What is hyperpituitarism and hypopituitari
 
· · Write a 3 page paper in which you analyze why regulatory age
· · Write a 3 page paper in which you analyze why regulatory age· · Write a 3 page paper in which you analyze why regulatory age
· · Write a 3 page paper in which you analyze why regulatory age
 
· Write a response as directed to each of the three case studies a
· Write a response as directed to each of the three case studies a· Write a response as directed to each of the three case studies a
· Write a response as directed to each of the three case studies a
 
· Write a brief (one paragraph) summary for each reading.· · R
· Write a brief (one paragraph) summary for each reading.· · R· Write a brief (one paragraph) summary for each reading.· · R
· Write a brief (one paragraph) summary for each reading.· · R
 
· Write a 2-page single spaced (12 font Times New Roman) book repo
· Write a 2-page single spaced (12 font Times New Roman) book repo· Write a 2-page single spaced (12 font Times New Roman) book repo
· Write a 2-page single spaced (12 font Times New Roman) book repo
 
· Weight 11 of course gradeInstructionsData Instrument and D
· Weight 11 of course gradeInstructionsData Instrument and D· Weight 11 of course gradeInstructionsData Instrument and D
· Weight 11 of course gradeInstructionsData Instrument and D
 
· Week 3 Crime Analysis BurglaryRobbery· ReadCozens, P. M.
· Week 3 Crime Analysis BurglaryRobbery· ReadCozens, P. M.· Week 3 Crime Analysis BurglaryRobbery· ReadCozens, P. M.
· Week 3 Crime Analysis BurglaryRobbery· ReadCozens, P. M.
 
· What does the Goodale and Humphrey (1998) article mean by the f
· What does the Goodale and Humphrey (1998) article mean by the f· What does the Goodale and Humphrey (1998) article mean by the f
· What does the Goodale and Humphrey (1998) article mean by the f
 
· You must respond to at least two of your peers by extendin
· You must respond to at least two of your peers by extendin· You must respond to at least two of your peers by extendin
· You must respond to at least two of your peers by extendin
 
· Student paper86Student paperOf all the things I do well, wh
· Student paper86Student paperOf all the things I do well, wh· Student paper86Student paperOf all the things I do well, wh
· Student paper86Student paperOf all the things I do well, wh
 
· Self-Assessment· InterpretationValues and Moral Survey of St
· Self-Assessment· InterpretationValues and Moral Survey of St· Self-Assessment· InterpretationValues and Moral Survey of St
· Self-Assessment· InterpretationValues and Moral Survey of St
 
· Résumé or CV on file· CUR516 - Week 8 Signature Ass
· Résumé or CV on file· CUR516 - Week 8 Signature Ass· Résumé or CV on file· CUR516 - Week 8 Signature Ass
· Résumé or CV on file· CUR516 - Week 8 Signature Ass
 
· Military Equipment for Local Law EnforcementCompetencies Addre
· Military Equipment for Local Law EnforcementCompetencies Addre· Military Equipment for Local Law EnforcementCompetencies Addre
· Military Equipment for Local Law EnforcementCompetencies Addre
 
· Respond by extending, refutingcorrecting, or adding additional
· Respond by extending, refutingcorrecting, or adding additional · Respond by extending, refutingcorrecting, or adding additional
· Respond by extending, refutingcorrecting, or adding additional
 
· Most important thing you’ll learn during personal finance &
· Most important thing you’ll learn during personal finance & · Most important thing you’ll learn during personal finance &
· Most important thing you’ll learn during personal finance &
 

· Appendix C• No single word responses (At least 250 – 300 wor

  • 1. · Appendix C • No single word responses (At least 250 – 300 words in your response. • Give questions some thought and answer honestly and sincerely • Give examples if you have them • Cite resources Scenario: • Your 79, year old female patient suffered a stroke 6 months ago. She is cared for in her sister’s home. The patient is dependent for position changes. She is unable to communicate the need to be turned. She must be fed at all meals. She has a stage II pressure injury on her sacral area. Questions: • Develop a teaching plan for the family to ensure that the patient’s needs are met Threaded Discussion #9 Musculoskeletal Directions: Musculoskeletal • A 72, year old man lived a fairly sedentary lifestyle as an accountant. Now that he is retired, he recognizes the need to be active to maintain his health as long as possible. He is concerned, however, that it is too late for him to start exercising because he has never engaged in such activities. Part 1: • The original post must be at least 250 – 300 words in length • What encouragement, if any can you give him? • What suggestions can you make for an exercise program?
  • 2. 12/2/21, 6:52 PMProject 3 - IT Security Audit Policy & Plans - CSIA 413 7381 Cybers…licy, Plans, and Programs (2218) - UMGC Learning Management System Page 1 of 5https://learn.umgc.edu/d2l/lms/dropbox/user/folder_submit_fil es.d2l?db=1156965&grpid=0&isprv=0&bp=0&ou=616134 Project 3: IT Audit Policy & Plans Course: CSIA 413 7381 Cybersecurity Policy, Plans, and Programs (2218) Execu!ve Summary Excellent Outstanding Acceptable Needs Improvement Needs Significant Improvement Missing or Unacceptable Criterion Score Execu!ve Summary for the Policy Briefing Package
  • 3. / 1010 points The Execu!ve Summary provided an excellent summary of the policy package's purpose and contents. Informa!on about the case study company was well integrated into the summary. Each policy was individually introduced and clearly explained. The material was
  • 4. well organized and easy to read. 8.5 points The Execu!ve Summary provided an outstanding summary of the policy package's purpose and contents. Informa!on about the case study company was integrated into the summary. Each policy in the briefing package was individually
  • 5. introduced and briefly explained. The material was well organized and easy to read. 7 points The Execu!ve Summary provided an acceptable overview of the contents of the policy package. Informa!on about the case study company was used in the summary. Each policy in the briefing package was named
  • 6. and briefly explained. 6 points The Execu!ve Summary provided an overview of the policy package. Informa!on about the case study company was men!oned. 4 points An execu!ve summary was provided but lacked details as to the purpose and contents of the policy package. (Or,
  • 7. inappropriate or excessive copying from other authors' work.) 0 points No work submi"ed. Policy for IT Security Policy Compliance Audits Excellent Outstanding Acceptable Needs Improvement Needs Significant Improvement Missing or Unacceptable Criterion Score Policy Introduc!on / 10
  • 8. / 10 10 points The policy contained an excellent introduc!on which addressed five or more specific characteris!cs of the company's business, legal & regulatory, and/or enterprise IT environments and addressed the reasons why employees must comply with this policy. Compliance requirements are
  • 9. addressed and contact informa!on is provided for ques!ons about the policy. 8.5 points The policy contained an outstanding introduc!on which addressed three or more specific characteris!cs of the company's business, legal & regulatory, and/or enterprise IT environments and addressed the reasons why
  • 10. employees must comply with this policy. Compliance requirements are addressed and contact informa!on is provided for ques!ons about the policy. 7 points The introduc!on for the policy was customized for the case study company. Three or more specific characteris!cs of the company's business,
  • 11. legal & regulatory, and/or enterprise IT environments were incorporated into the policy. Compliance requirements were addressed. 6 points The introduc!on to the policy men!ons the case study company and compliance requirements. 4 points The policy was built from a sample template or list of
  • 12. "recommended" audit policy contents without customiza!on for the case study company. (Or, inappropriate or excessive copying from other authors' work.) 0 points No work submi"ed. 10 points The issue specific policy provided excellent (clear and 8.5 points The issue specific policy provided
  • 13. outstanding 7 points The issue specific policy provided adequate coverage 6 points The issue specific policy men!oned at least 3 of the 4 points The issue specific policy was disorganized and 0 points No work submi"ed. 12/2/21, 6:52 PMProject 3 - IT Security Audit Policy & Plans - CSIA 413 7381 Cybers…licy, Plans, and Programs (2218) - UMGC Learning Management System
  • 14. Page 2 of 5https://learn.umgc.edu/d2l/lms/dropbox/user/folder_submit_fil es.d2l?db=1156965&grpid=0&isprv=0&bp=0&ou=616134 Policy Content concise) coverage of the following: policy issue (do required policies exist and have they been properly ve"ed & approved) policy solu!on (audi!ng all IT security policies to determine compliance with security
  • 15. controls) applicability (to what and to whom the policy applies) compliance requirements point of contact (for more informa!on) The policy was easy to understand and thoroughly covered the required content. coverage of the following: policy issue
  • 16. (do required policies exist and have they been properly ve"ed & approved) policy solu!on (audi!ng all IT security policies to determine compliance with security controls) applicability (to what and to whom the policy applies)
  • 17. compliance requirements point of contact (for more informa!on) The policy was easy to understand and addressed all required content. of the following: policy issue (do required policies exist and have they been properly ve"ed & approved)
  • 18. policy solu!on (audi!ng all IT security policies to determine compliance with security controls) applicability (to what and to whom the policy applies) compliance requirements point of contact (for more informa!on)
  • 19. The policy was easy to understand and included all required content. following: policy issue (do required policies exist and have they been properly ve"ed & approved) policy solu!on (audi!ng all IT security policies to determine compliance
  • 20. with security controls) applicability (to what and to whom the policy applies) compliance requirements point of contact (for more informa!on) difficult to understand. OR, the policy was significantly lacking in content. (Or, inappropriate or
  • 21. excessive copying from other authors' work.) Audit Plans Excellent Outstanding Acceptable Needs Improvement Needs Significant Improvement Missing or Unacceptable Criterion Score Security Awareness Audit Plan: Audit Background / 1010 points The Security Awareness audit plan contained an excellent background sec!on which
  • 22. iden!fied and discussed 5 or more risks which drive the requirements and objec!ves for this audit. IT security controls for security awareness (AT family of controls from NIST SP 800-53) and related compliance requirements were iden!fied and discussed. Contact informa!on was provided for the audit manager. Informa!on from the
  • 23. case study was well integrated into the background material. 8.5 points The Security Awareness audit plan contained an outstanding background sec!on which iden!fied and discussed 3 or more risks which drive the requirements and objec!ves for this audit. IT security controls for security awareness (AT family of controls from
  • 24. NIST SP 800-53) and related compliance requirements were iden!fied and discussed. Contact informa!on was provided for the audit manager. Informa!on from the case study was well integrated into the background material. 7 points The Security Awareness audit plan contained an acceptable background sec!on which discussed one
  • 25. or more risks which drive the requirements and objec!ves for this audit. IT security controls for security awareness (AT family of controls from NIST SP 800-53) and related compliance requirements were discussed. Contact informa!on was provided for the audit manager. Some informa!on from the case study was integrated into the
  • 26. background material. 6 points The background sec!on men!ons risks as drivers for the Security Awareness audit. Security controls and compliance requirements were men!oned. Informa!on from the case study was used. 4 points The Security Awareness audit plan was built from a sample template or
  • 27. list of "recommended" audit plan contents without customiza!on for the case study company. (Or, inappropriate or excessive copying from other authors' work.) 0 points No work submi"ed. 12/2/21, 6:52 PMProject 3 - IT Security Audit Policy & Plans - CSIA 413 7381 Cybers…licy, Plans, and Programs (2218) - UMGC Learning Management System Page 3 of 5https://learn.umgc.edu/d2l/lms/dropbox/user/folder_submit_fi l es.d2l?db=1156965&grpid=0&isprv=0&bp=0&ou=616134 Security
  • 28. Awareness Audit Plan: Audit Objec!ves / 5 Security Awareness Audit Plan: Audit Approach / 15 / 10 5 points A clear and concise set of audit objec!ves were presented. These objec!ves addressed (and named) each security control in
  • 29. the Awareness & Training (AT) family (as listed in NIST SP 800-53). 4 points A well wri"en set of audit objec!ves were presented. The audit objec!ves addressed (and named) 4 or more security controls in the Awareness & Training (AT) family (as listed in NIST SP 800-53). 3 points Three or more audit
  • 30. objec!ves were presented. Each objec!ve was mapped to a specific security control from the Awareness & Training (AT) family (as listed in NIST SP 800-53). 2 points Audit objec!ves were men!oned and discussed. But, the objec!ves were not clearly iden!fied or were not !ed to security controls from the Awareness
  • 31. & Training (AT) family. 1 point Audit objec!ves were men!oned but not clearly iden!fied or expressed. (Or, inappropriate or excessive copying from other authors' work.) 0 points Missing or no work submi"ed. 15 points The Audit Approach clearly and concisely iden!fied and
  • 32. described the major elements in the data collec!on strategy (what data will be collected, how it will be collected, what will be measured). The data collec!on strategy was supported by a checklist (for a document review) or list of ques!ons (for a survey). The rela!onship between the audit approach and the measurement of the effec!veness of the
  • 33. security controls implementa!on was explained. 13.5 points The Audit Approach clearly iden!fied the major elements in the data collec!on strategy (what data will be collected, how it will be collected, what will be measured). The data collec!on strategy was supported by a checklist (for a document review) or
  • 34. list of ques!ons (for a survey). The rela!onship between the audit approach and the measurement of the effec!veness of the security controls implementa!on was clearly stated. 12 points The Audit Approach adequately addressed the data collec!on strategy and provided sufficient informa!on that the
  • 35. reader could understand how the effec!veness of the security controls implementa!on would be determined. 10.5 points Organiza!on and appearance need improvement. The Audit Approach addressed the data collec!on strategy and provided some informa!on about how compliance would be measured.
  • 36. 6 points The Audit Approach was disorganized and difficult to understand. OR, the approach was significantly lacking in content (data collec!on strategy was not clearly iden!fied). (Or, inappropriate or excessive copying from other authors' work.) 0 points No work submi"ed. 10 points
  • 37. The IT Security Policies audit plan contained an excellent background sec!on which iden!fied and discussed 5 or more risks which drive the requirements and objec!ves for this audit. The 18 IT security policies & procedures security controls (e.g. AC-1, AT-1, etc. in NIST SP 800-53) were iden!fied and
  • 38. discussed. Five or more addi!onal controls from the PM & PL families were also addressed. Contact informa!on 8.5 points The IT Security Policies audit plan contained an outstanding background sec!on which iden!fied and discussed 3 or more risks which drive the requirements and objec!ves for this audit.
  • 39. At least 12 IT security policies & procedures security controls (e.g. AC-1, AT-1, etc. in NIST SP 800-53) were iden!fied and discussed. Three or more addi!onal controls from the PM & PL families were also addressed. Contact informa!on 7 points The IT Security Policies audit plan contained an acceptable
  • 40. background sec!on which iden!fied 3 or more risks which drive the requirements and objec!ves for this audit. At least 10 IT security policies & procedures security controls (e.g. AC-1, AT-1, etc. in NIST SP 800-53) were iden!fied and discussed. Three or more addi!onal controls from the PM & PL families
  • 41. were also addressed. Contact informa!on 6 points The background sec!on men!ons risks as drivers for the IT Security Policies audit. Security controls and compliance requirements were men!oned. Informa!on from the case study was used. 4 points The IT Security Policies audit plan was built from a
  • 42. sample template or list of "recommended" audit plan contents without customiza!on for the case study company. (Or, inappropriate or excessive copying from other authors' work.) 0 points No work submi"ed. 12/2/21, 6:52 PMProject 3 - IT Security Audit Policy & Plans - CSIA 413 7381 Cybers…licy, Plans, and Programs (2218) - UMGC Learning Management System Page 4 of 5https://learn.umgc.edu/d2l/lms/dropbox/user/folder_submit_fil es.d2l?db=1156965&grpid=0&isprv=0&bp=0&ou=616134
  • 43. IT Security Policies Audit Plan: Audit Background IT Security Policies Audit Plan: Audit Objec!ves / 5 IT Security Policies Audit Plan: Audit Approach / 15 was provided for the audit manager. Informa!on from the case study was well
  • 44. integrated into the background material. was provided for the audit manager. Informa!on from the case study was well integrated into the background material. was provided for the audit manager. Informa!on from the case study was integrated into the background material. 5 points A clear and concise set of audit objec!ves were
  • 45. presented. These objec!ves addressed (and named) all 18 policy & procedures security controls (e.g. AC-1, AT-1 as listed in NIST SP 800-53). 4 points A well wri"en set of audit objec!ves were presented. These objec!ves addressed (and named) at least 12 of the policy & procedures security controls (e.g. AC-1, AT-1 as listed in NIST SP 800-53).
  • 46. 3 points Three or more audit objec!ves were presented. These objec!ves addressed (and named) at least 10 of the policy & procedures security controls (e.g. AC-1, AT-1 as listed in NIST SP 800-53). 2 points Audit objec!ves were men!oned and discussed. But, the objec!ves were not clearly iden!fied or were not !ed to
  • 47. policy & procedures IT security controls from NIST SP 800- 53. 1 point Audit objec!ves were men!oned but not clearly iden!fied or expressed. (Or, inappropriate or excessive copying from other authors' work.) 0 points Missing or no work submi"ed. 15 points The Audit Approach
  • 48. clearly and concisely iden!fied and described the major elements in the data collec!on strategy (what data will be collected, how it will be collected, what will be measured). The data collec!on strategy was supported by a checklist (for a document review) or list of ques!ons (for a survey). The rela!onship between the audit approach
  • 49. and the measurement of the effec!veness of the security controls implementa!on was explained. 13.5 points The Audit Approach clearly iden!fied the major elements in the data collec!on strategy (what data will be collected, how it will be collected, what will be measured). The data collec!on strategy was
  • 50. supported by a checklist (for a document review) or list of ques!ons (for a survey). The rela!onship between the audit approach and the measurement of the effec!veness of the security controls implementa!on was clearly stated. 12 points The Audit Approach adequately addressed the data collec!on strategy
  • 51. and provided sufficient informa!on that the reader could understand how the effec!veness of the security controls implementa!on would be determined. 10.5 points Organiza!on and appearance need improvement. The Audit Approach addressed the data collec!on strategy and provided some
  • 52. informa!on about how compliance would be measured. 6 points The Audit Approach was disorganized and difficult to understand. OR, the approach was significantly lacking in content (data collec!on strategy was not clearly iden!fied). (Or, inappropriate or excessive copying from other authors' work.)
  • 53. 0 points No work submi"ed. Professionalism Excellent Outstanding Acceptable Needs Improvement Needs Significant Improvement Missing or Unacceptable Criterion Score / 1010 points Work is professional in appearance and organiza!on (appropriate and consistent use of fonts, headings, color). No word usage, grammar, spelling, or punctua!on errors.
  • 54. All quota!ons (copied text) are properly marked and cited using a professional format 8.5 points Work is professional in appearance and organiza!on (appropriate and consistent use of fonts, headings, color). Work contains minor errors in word usage, grammar, spelling or punctua!on which do not significantly
  • 55. impact professional appearance. All quota!ons (copied 7 points Work is professional in appearance and organiza!on (minor issues allowable but overall the work contains appropriate and consistent use of fonts, headings, color). Errors in word usage, spelling, grammar, or punctua!on which detract from professional
  • 56. appearance of the 6 points Submi"ed work has numerous errors in forma%ng, organiza!on, word usage, spelling, grammar, or punctua!on which detract from readability and professional appearance. Punctua!on errors may include failure to properly mark quoted or copied 4 points
  • 57. Submi"ed work is difficult to read / understand and has significant errors in forma%ng, appearance / organiza!on, spelling, grammar, punctua!on, or word usage. Significant errors in presenta!on of copied text (lacks proper punctua!on and failed to 0 points No work submi"ed. OR, work contains
  • 58. significant instances of cut-and-paste without proper ci!ng / a"ribu!on to the original work or author. 12/2/21, 6:52 PMProject 3 - IT Security Audit Policy & Plans - CSIA 413 7381 Cybers…licy, Plans, and Programs (2218) - UMGC Learning Management System Page 5 of 5https://learn.umgc.edu/d2l/lms/dropbox/user/folder_submit_fil es.d2l?db=1156965&grpid=0&isprv=0&bp=0&ou=616134 Total / 100 Overall Score Execu!on (APA format recommended but not required.) text) are properly marked and cited
  • 59. using a professional format (APA format recommended but not required.) submi"ed work. All quota!ons (copied text) are properly marked and cited using a professional format (APA format recommended but not required.) material (an a"empt to name original source is required). a"ribute material to original source). Do Not Use This Block
  • 60. 0 points minimum Project #3: IT Audit Policy and Plans Company Background & Operating Environment Red Clay Renovations is an internationally recognized, awarding winning firm that specializes in the renovation and rehabilitation of residential buildings and dwellings. The company specializes in updating homes using “smart home” and “Internet of Things” technologies while maintaining period correct architectural characteristics. Please refer to the company profile (for additional background information and information about the company’s operating environment. Policy Issue & Plan of Action The corporate board was recently briefed by the Chief Information Officer concerning the company’s IT Security Program and how this program contributes to the company’s risk management strategy. During the briefing, the CIO presented assessment reports and audit findings from IT security audits. These audits focused upon the technical infrastructure and the effectiveness and efficiency of the company’s implementation of security controls. During the discussion period, members of the corporate board asked about audits of policy compliance and assessments as to the degree that employees were (a) aware of IT security policies and (b) complying with these policies. The Chief Information Officer was tasked with providing the following items to the board before its next quarterly meeting: (a) Issue Specific Policy requiring an annual compliance audit for IT security policies as documented in the company’s Policy System (b) Audit Plan for assessing employee awareness of and compliance with IT security policies a. Are employees aware of the IT security policies in the
  • 61. Employee Handbook? b. Do employees know their responsibilities under those policies? (c) Audit Plan for assessing the IT security policy system a. Do required policies exist? b. Have they been updated within the past year? c. Are the policies being reviewed and approved by the appropriate oversight authorities (managers, IT governance board, etc.)? Your Task Assignment As a staff member supporting the CISO, you have been asked to research this issue (auditing IT security policy compliance) and then prepare an “approval draft” for a compliance policy. You must also research and draft two separate audit plans (a) employee compliance and (b) policy system audit. The audit policy should not exceed two typed pages in length so you will need to be concise in your writing and only include the most important elements for the policy. Make sure that you include a requirement for an assessment report to be provided to company management and the corporate board of directors. · For the employee compliance assessment, you must use an interview strategy which includes 10 or more multiple choice questions that can be used to construct a web-based survey of all employees. The questions should be split between (a) awareness of key policies and (b) awareness of personal responsibilities in regards to compliance. · For the policy system audit, you should use a documentation assessment strategy which reviews the contents of the individual policies to determine when the policy was last updated, who “owns” the policy, who reviewed the policy, and who approved the policy for implementation. Research: 1. Review the table of contents and relevant chapters in the Certified Information Privacy Professional textbook to find information about legal and regulatory drivers.
  • 62. 2. Review the weekly readings including the example audit assessment report. 3. Review work completed previously in this course which provides background about the IT Policy System and specific policies for the case study company. 4. Find additional resources which discuss IT compliance audits and/or policy system audits. Write: 1. Prepare briefing package with approval drafts of the three required documents. Place all three documents in a single MS Word (.doc or .docx) files. 2. Your briefing package must contain the following: · Executive Summary · “Approval Drafts” for · Issue Specific Policy for IT Security Policy Compliance Audits · Audit Plan for IT Security Policy Awareness & Compliance (Employee Survey) · Audit Plan for IT Security Policies Audit (Documentation Review) As you write your policy and audit plans, make sure that you address security issues using standard cybersecurity terminology. 3. Use a professional format for your policy documents and briefing package. Your policy documents should be consistently formatted and easy to read. 4. You must include a cover page with the assignment title, your name, and the due date. Your reference list must be on a separate page at the end of your file. These pages do not count towards the assignment’s page count. 5. Common phrases do not require citations. If there is doubt as to whether or not information requires attribution, provide a footnote with publication information or use APA format citations and references. 6. You are expected to write grammatically correct English in
  • 63. every assignment that you submit for grading. Do not turn in any work without (a) using spell check, (b) using grammar check, (c) verifying that your punctuation is correct and (d) reviewing your work for correct word usage and correctly structured sentences and paragraphs. 7. Consult the grading rubric for specific content and formatting requirements for this assignment. 8. Submit your briefing package in MS Word format (.docx or .doc file) for grading using your assignment folder. (Attach the file.) Copyright ©2021 by University of Maryland Global Campus. All Rights Reserved