SlideShare a Scribd company logo

Running Head STATEMENT OF WORKSTATEMENT OF WORK .docx

Download as DOCX, PDF
T
toltonkendal

Running Head: STATEMENT OF WORK STATEMENT OF WORK 2 Assignment: 2-2 Final Project Milestone One: Statement of Work Terri Y. Hudson Southern New Hampshire University – IT 552 November 6, 2016 Agency-wide security awareness Program Proposal Introduction For the organization to comply with the current PCT DSS requirement version 12,6, a security awareness program must be in place. The CISCO of the organization has an immediate requirement of creating an agency-wide security awareness program. As a means of implementing security awareness program the organization has conducted a security gap analysis which is one of the component of security awareness program which showed the 10 security findings. As one of the means of conducting the program, I will submit awareness program proposal. Objective This SOW (Statement of Work) is being done on behalf of the senior information officer. He has requested for the creation of an agency-wide security awareness program by handing over the security gap analysis which was done prior to this process. Hence the major aim of this document is to set a security awareness program which shows ten major key security findings. The document will also include a risk assessment of the current security awareness practices, processes and practices. By having this document, the organization will be able to have a well-organized maintenance plan. It is also important in maintaining and establishing an information-security awareness program (United States, 2000). Background The mission of the organization is to provide efficient IT services with the best security program in place with an aim of protecting organizations assets. 1. Technical infrastructure The organization is engaged in short-term effort aiming at modernizing its information-processing infrastructure. These efforts have incorporated software enhancements, installation of firewalls and high end network systems for an improved communication. The senior information officer is the one who is responsible top oversee modernization effort. He has of late completed conducting a security awareness program and deployment of the organization’s LAN (Local area Network). The hardware being used is of CISCO products. 2. Computing Environment The organization’s desktop computers are of Windows 2007/ 98 and 95. The servers are of Pentium with over 1 GB RAM. The current NOS (Network operating system) are window based. 3. Security Posture of the Organization The organization has a basic network structure with only one router which acts as a firewall. It has several working stations and switches to this working stations. In addition the organization has installed Kasperky’s antivirus in of their desktop machines with a motive of reducing external threats. The data server is highly secured with Kaspersky’s antivirus. Th ...

Education
1 of 32
Running Head: STATEMENT OF WORK STATEMENT OF WORK 2 Assignment: 2-2 Final Project Milestone One: Statement of Work Terri Y. Hudson Southern New Hampshire University – IT 552 November 6, 2016 Agency-wide security awareness Program Proposal Introduction For the organization to comply with the current PCT DSS requirement version 12,6, a security awareness program must be in place. The CISCO of the organization has an immediate requirement of creating an agency-wide security awareness program. As a means of implementing security awareness program the organization has conducted a security gap analysis
which is one of the component of security awareness program which showed the 10 security findings. As one of the means of conducting the program, I will submit awareness program proposal. Objective This SOW (Statement of Work) is being done on behalf of the senior information officer. He has requested for the creation of an agency-wide security awareness program by handing over the security gap analysis which was done prior to this process. Hence the major aim of this document is to set a security awareness program which shows ten major key security findings. The document will also include a risk assessment of the current security awareness practices, processes and practices. By having this document, the organization will be able to have a well-organized maintenance plan. It is also important in maintaining and establishing an information- security awareness program (United States, 2000). Background The mission of the organization is to provide efficient IT services with the best security program in place with an aim of protecting organizations assets. 1. Technical infrastructure The organization is engaged in short-term effort aiming at modernizing its information-processing infrastructure. These efforts have incorporated software enhancements, installation of firewalls and high end network systems for an improved communication. The senior information officer is the one who is responsible top oversee modernization effort. He has of late completed conducting a security awareness program and deployment of the organization’s LAN (Local area Network). The hardware being used is of CISCO products. 2. Computing Environment The organization’s desktop computers are of Windows 2007/ 98
and 95. The servers are of Pentium with over 1 GB RAM. The current NOS (Network operating system) are window based. 3. Security Posture of the Organization The organization has a basic network structure with only one router which acts as a firewall. It has several working stations and switches to this working stations. In addition the organization has installed Kasperky’s antivirus in of their desktop machines with a motive of reducing external threats. The data server is highly secured with Kaspersky’s antivirus. The organization physical security in server rooms has rocks, network closets and the network cabinet is rocked always. The organization has a worry on its current security plan this is because of hackers, spammers and cybercrimes. Also the security plan of the organization has not proved to have the best controls after the current security gap analysis that was conducted. Security Gaps Findings From the findings one of the largest organization’s risks is not the weakness in the IT infrastructure but the action and reaction of the employees. This has happen through disclosure of sensitive information by the workers and social engineering attacks. After the gap analysis report, the organization found that confidential customer data and the some of the IT assets were at risk. From the gap analysis findings it is evident that loss of customer confidential information was very high. The risks in Information technology assets were classified as moderate. The top ten security findings were internet; this has become one of the greatest avenues for hackers. Others are data breaches, ransom ware, browser plug-ins, virus, worms, spyware, key loggers, rogue security software and pharming. Lastly some of the organization factors are contributing to unhealthy of IT assets. Example a poor plan by the organization CEO of the best IT personnel, identification of the critical assets of the organization, wrong mapping of the existing cyber security capabilities across the organization so as to identify organizational risks, poor assessment of the organization’s
security maturity level and poor identification of the potential cyber security threats (Roper, 2006). The best practices in the organizational security program Assemble all the security awareness team. The team will be mandated in ensuring development, maintenance and delivery of the security awareness. The recommendation is for the team to be well-staffed. In addition to this all the employee dough to be trained on the ten securities gas findings. The security awareness program ought to have reference materials such as ISO 27002:2013 which outlines the code practices of the information security control, the NIST (National Institute of Standards and Technology) and COBIT 5 (Desman, 2002). Tasks Some of the roles to be performed include performing a general description of the security posture of the organization and a risk analysis, drafting security deliverable of the organization and outlining responsibilities of each and every member in the organization in ensuring the security of organizational assets. Personnel It is highly recommended that security training includes how social engineering happens and what are the consequences to the organization IT assets. One of the ways hackers are using social engineering is to acquire user’s credentials. The program should tailor this awareness to reflect the types of attacks that the organization is encountering and what the organization can encounter in long-run. As one of the findings from the security gap is confidentiality of customers’ data, it is highly recommended that different ways of how to safeguard customers’ information to be covered at the basic level for all the personnel. Example is protecting data in electronic and non- electronic form. Others that need to be included in the awareness program is organization’s security awareness policy, the impact of unauthorized access and the awareness of the CHD security requirements (Gardner, 2014).
Conclusion This SOW document has highlighted the objective of SOW. The document has addressed four critical elements which must be addressed in the security program, these are; the security posture of the organization and the major findings from the security gap analysis, the human factors which undermine the security of the organization IT assets and organization factors that contribute to unhealthy of the organization. Lastly I have included what need to be done in the security awareness program. References United States. & United States. (2000). Summary statement of work. Washington: National Commission on Air Quality. Desman, M. B. (2002). Building an information security awareness program. Boca Raton: Auerbach Publications. Gardner, B., & Thomas, V. (2014). Building an information security awareness program: Defending against social engineering and technical threats. Waltham, Massachusetts: Syngress. Roper, C. A., Grau, J. J., & Fischer, L. F. (2006). Security
education, awareness, and training: From theory to practice. Burlington, MA: Elsevier Butterworth-Heinemann. IT 552 Final Project Guidelines and Rubric Overview The final project for this course is the creation of a security awareness program proposal. In any type of enterprise, the security of property, information, products, and employees is of critical importance. Many security threats are caused by malicious intent, but, more often than not, security threats occur because of unintentional human error. In the final project for this course, you will evaluate the current security climate of an organization and develop a plan for mitigating against both malicious and unintentional human errors that could compromise the security of the organization. In addition to developing mitigation strategies, you must appropriately communicate those plans to the diverse, affected stakeholder groups for effective implementation. Ultimately, this assessment prepares you to successfully develop security awareness programs that not only protect the security of an organization’s information, but also enhance the health of the overall security culture. The project is divided into four milestones, which will be submitted at various points throughout the course to scaffold learning and ensure quality final submissions. These milestones will be submitted in Modules Two, Four, Six, and Eight. The final proposal will be submitted
in Module Nine. In this assignment, you will demonstrate your mastery of the following course outcomes: organizations by evaluating relevant human factors and applicable information security policies, practices, and processes potential malicious and unintentional threats to organizations’ security postures organizational factors that contribute to unhealthy security cultures in organizations security awareness programs to diverse stakeholders for effectively fostering healthy security cultures in organizations Prompt You were just hired as the new chief information security officer for a large corporation whose security posture is low. The first thing your chief executive officer tells you is that he has recently seen a presentation by one of the information security team members emphasizing the importance of having a security awareness program. As a result, you have been asked to develop a security awareness program based on the specific needs of the organization. To that end, you
will make recommendations for enhancing security policies, practices, and processes that are currently contributing to a dysfunctional security culture. Your chief goal is to build a program that will foster a healthy security culture and ensure continuous improvement. Your final project is to create a security awareness program proposal that addresses the needs of this case. Specifically, the following critical elements must be addressed: I. Introduction a) What is the purpose of your proposal? Why is the new security awareness program vital for the organization? Use specific examples to illustrate your claims. b) Overall, how would you characterize the security posture of the organization? What were the major findings in your risk assessment of the organization’s current security awareness policies, practices, and processes? c) Specifically, are there human factors that adversely affect the security climate within the organization? If so, how? Be sure to consider unintentional and intentional threats to a healthy security culture. d) Specifically, are there organizational factors that contribute to an unhealthy security culture in the organization? If so, how? Be sure to consider
organizational data flow, work setting, work planning and control, and employee readiness. II. Proposal a) What is your proposal for mitigating the identified human factors that pose a threat to the organization’s security posture? Describe the specific policies, processes, and practices that must be in place to address each of the following. i. Unintentional Threats: What strategies can protect against human errors made due to cognitive factors? What strategies can protect against human errors made due to psychosocial and cultural factors? ii. Intentional Threats: What strategies can protect against social engineering? b) What is your proposal for resolving inoperative organizational factors that pose a threat to the organization’s security posture? Describe the specific policies, processes, and practices that should be in place to address each of the following. i. Data Flow: How do you make sure that the data sender and the data receiver have a sound connection? How do you ensure that data is not tampered with or altered from its intended meaning? What strategies do you propose to address poor communication? ii. Work Settings: What strategies do you propose to address distractions, insufficient resources, poor management systems, or inadequate security practices?
iii. Work Planning and Control: What strategies do you propose to address job pressure, time factors, task difficulty, change in routine, poor task planning or management practice, or lack of knowledge, skills, and ability? iv. Employee Readiness: What strategies do you propose to address inattention, stress and anxiety, fatigue and boredom, illness and injury, drug side effects, values and attitudes, or cognitive factors (e.g., misperception, memory, or judgment)? III. Communication Plan a) What messaging strategies should be used to ensure that stakeholders understand, buy into, and support the continuous improvement of your proposed security awareness program? Provide specific examples of the types of communication you are proposing. b) In a broader sense, how would you convince diverse stakeholders of the overall need for a healthy security culture? How do you make it real and relevant for nontechnical audiences? Milestones Milestone One: Statement of Work In Module Two, you will create a statement of work (SOW) based on the scenario provided in the Case Document. Be sure
to include the purpose of the proposal, address the security concerns of the chief executive officer, explain why the security awareness proposal will be vital to the organization, describe how the security posture will be addressed, clarify how human factors will be assessed, and list any organizational factors that will contribute to the status of the security posture. The SOW should also address the scope of the work, project objectives, business needs, business goals, technical requirements, deliverables, tasks to achieve the deliverables, high-level schedule of completing the deliverables and tasks, and personnel and equipment requirements. The SOW will serve as the basis for developing the final proposal. The format of this assignment will be a two- to four-page Word document. This assignment will be graded using the Milestone One Rubric. Milestone Two: Security Policies Development In Module Four, you will submit 10 security policies as part of the planned solution to mitigate the security gaps identified in the Case Document. This assignment will include a list of access control policies addressing remote access, encryption and hashing (to control data flow), auditing network accounts, configuration change management (to reduce unintentional threats), segregation of duties, mandatory vacation (to mitigate intentional threats), personally identifiable information breaches, media protection, and social engineering. This milestone focuses on security functionality, and each policy should be no longer than one page. This assignment will be graded using the Milestone Two Rubric. Milestone Three: Continuous Monitoring Plan In Module Six, you will submit a continuous monitoring plan
laying out the foundation for continuously monitoring the organization against malicious activities and intentional and unintentional threats. This milestone also focuses on work setting techniques and work planning policies to help employees improve their stress anxiety, fatigue, and boredom. As part of the planned solution, you will propose to mitigate the security gaps for the corporation given in the Case Document. You will need to explain what security tools (firewall, intrusion prevention system/intrusion detection system, antivirus, content filtering, encryption, etc.) and employee readiness strategies (training programs, rewards systems, physical wellness programs, etc.) will be used. The format should be a four- to five- page Word document. This assignment will be graded using the Milestone Three Rubric. Milestone Four: Communication Plan In Module Eight, you will submit a communication plan that addresses and summarizes the importance of a security awareness program. How can it enhance the success of the organization? The goal of the communication plan is to find and implement messaging strategies to gain senior management’s buy-in and support of the security program. Cyber laws, personally identifiable information breaches and implications, costs of security breaches, and advantages of awareness programs should be addressed. The plan should also include how the awareness training and the security policies and procedures will improve the security posture and culture throughout the organization. The format of this assignment will be a Word document. This assignment will be graded using the Milestone Four Rubric. Final Submission: Security Awareness Program Proposal
In Module Nine, you will submit the security awareness program proposal. It should be a complete, polished artifact containing all of the critical elements of the final proposal. It should reflect the incorporation of feedback gained throughout the course. The proposal will consist of the executive summary, communication plan, statement of work, policies and procedures, proposed solutions to the security vulnerabilities, schedule for completing the proposed solutions, budget, and plans to continuously monitor the organization for malicious behaviors. This assignment will be graded using the Final Product Rubric. Deliverables Milestone Deliverables Module Due Grading 1 Statement of Work Two Graded separately; Milestone One Rubric 2 Security Policies Development Four Graded separately; Milestone Two Rubric 3 Continuous Monitoring Plan Six Graded separately; Milestone Three Rubric 4 Communication Plan Eight Graded separately; Milestone Four Rubric Final Submission: Security Awareness
Program Proposal Nine Graded separately; Final Product Rubric Final Product Rubric Guidelines for Submission: Written components of projects must follow these formatting guidelines when applicable: double spacing, 12-point T imes New Roman font, one-inch margins, and APA citations. Page-length requirements: 25–30 pages (not including cover page and references). Instructor Feedback: This activity uses an integrated rubric in Blackboard. Students can view instructor feedback in the Grade Center. For more information, review these instructions. Critical Elements Exemplary (100%) Proficient (90%) Needs Improvement (70%) Not Evident (0%) Value Introduction: Purpose Meets “Proficient” criteria and demonstrates keen insight or a nuanced perspective on the significance of security awareness programs Illustrates the purpose of the proposal using specific examples that demonstrate why the program is vital for
the organization Describes the purpose of the proposal, but either does not include specific examples or those examples do not demonstrate why the program is vital for the organization Does not describe the purpose of the proposal 8 Introduction: Security Posture Meets “Proficient” criteria and demonstrates keen insight or a nuanced perspective in the evaluation of the overall security posture Makes a justifiable claim about the overall security posture of the organization and supports using specific findings from the risk assessment Makes a claim about the overall security posture of the organization, but it is either not justifiable or not well supported by findings from the risk
assessment Does not make a claim about the overall security posture of the organization 8 http://snhu- media.snhu.edu/files/production_documentation/formatting/rubr ic_feedback_instructions_student.pdf Introduction: Human Factors Meets “Proficient” criteria and demonstrates keen insight or a nuanced perspective on the impacts of human factors on the security climate Identifies specific human factors that adversely affect the security climate and illustrates their impacts using examples of relevant unintentional and intentional threats Identifies human factors that adversely affect the security climate, but does not illustrate their impacts using examples of
relevant unintentional and intentional threats Does not identify human factors that adversely affect the security climate 8 Introduction: Organizational Factors Meets “Proficient” criteria and demonstrates keen insight or a nuanced perspective on the impacts of organizational factors on the security climate Identifies organizational factors that contribute to an unhealthy security culture and illustrates their impact using relevant examples of data flow, work setting, work planning and control, and employee readiness Identifies organizational factors that contribute to an unhealthy security culture, but does not illustrate their impact using relevant examples of data flow, work setting, work planning and
control, and employee readiness Does not identify organizational factors that contribute to an unhealthy security culture 8 Proposal: Human Factors: Unintentional Meets “Proficient” criteria and proposal reflects keen insight or includes creative solutions for effectively protecting against unintentional human errors Proposes specific policies, processes, and practices to protect against unintentional human errors, including cognitive, psychosocial, and cultural factors Proposes policies, processes, or practices that would not effectively protect against unintentional human errors, including cognitive, psychosocial, or cultural factors
Does not propose policies, processes, or practices for protecting against unintentional human errors 8 Proposal: Human Factors: Intentional Meets “Proficient” criteria and proposal reflects keen insight or includes creative solutions for effectively protecting against intentional human threats Proposes specific policies, processes, and practices to protect against intentional human threats, including social engineering Proposes policies, processes, or practices that would not effectively protect against intentional human threats, including social engineering Does not propose policies, processes, or practices for protecting against intentional human threats, including social engineering
8 Proposal: Organizational Factors: Data Flow Meets “Proficient” criteria and proposal reflects keen insight or includes creative solutions for effectively protecting against inoperative organizational factors associated with data flow Proposes specific policies, processes, and practices for protecting against inoperative organizational factors associated with data flow Proposes specific policies, processes, or practices that would not effectively protect against inoperative organizational factors associated with data flow Does not propose policies, processes, or practices for protecting against inoperative organizational factors associated with data flow
8 Proposal: Organizational Factors: Work Settings Meets “Proficient” criteria and proposal reflects keen insight or includes creative solutions for effectively protecting against inoperative organizational factors associated with work settings Proposes specific policies, processes, and practices for protecting against inoperative organizational factors associated with work settings Proposes specific policies, processes, or practices that would not effectively protect against inoperative organizational factors associated with work settings Does not propose policies, processes, or practices for protecting against inoperative
organizational factors associated with work settings 8 Proposal: Organizational Factors: Work Planning Meets “Proficient” criteria and proposal reflects keen insight or includes creative solutions for effectively protecting against inoperative organizational factors associated with work planning and control Proposes specific policies, processes, and practices for protecting against inoperative organizational factors around work planning and control Proposes specific policies, processes, or practices that would not effectively protect against inoperative organizational factors associated with work planning and control Does not propose policies, processes, or practices for
protecting against inoperative organizational factors associated with work planning and control 8 Proposal: Organizational Factors: Employee Readiness Meets “Proficient” criteria and proposal reflects keen insight or includes creative solutions for effectively protecting against inoperative organizational factors associated with employee readiness Proposes specific policies, processes, and practices for protecting against inoperative organizational factors around employee readiness Proposes specific policies, processes, or practices that would not effectively protect against inoperative organizational factors associated with employee readiness
Does not propose policies, processes, or practices for protecting against inoperative organizational factors associated with employee readiness 8 Communication Plan: Messaging Strategies Meets “Proficient” criteria and proposal represents highly effective or creative strategies for ensuring stakeholder comprehension and buy-in Proposes messaging strategies for ensuring stakeholder comprehension and buy-in and illustrates with specific examples of proposed communications Proposes messaging strategies that either would not ensure stakeholder comprehension and buy-in or does not illustrate with specific examples of proposed communications Does not propose messaging
strategies for ensuring stakeholder comprehension and buy-in 8 Communication Plan: Security Culture Meets “Proficient” criteria and justifications are highly compelling or reflect a nuanced perspective on the importance of a healthy security culture Justifies the overall need for and importance of a healthy security culture in a way that would be likely to persuade even nontechnical audiences Justifies the overall need for and importance of a healthy security culture, but arguments are not compelling for nontechnical audiences Does not justify the overall need for and importance of a healthy security culture 8
Articulation of Response Submission is free of errors related to citations, grammar, spelling, syntax, and organization and is presented in a professional and easy-to-read format Submission has no major errors related to citations, grammar, spelling, syntax, or organization Submission has major errors related to citations, grammar, spelling, syntax, or organization that negatively impact readability and articulation of main ideas Submission has critical errors related to citations, grammar, spelling, syntax, or organization that prevent the understanding of ideas 4 Earned Total 100%
IT 552 Milestone Two Guidelines and Rubric In Module Four, you will submit 10 security policies as part of the planned solution to mitigate the security gaps identified in the Case Document. This assignment will include a list of access control policies addressing remote access, encryption and hashing (to control data flow), auditing network accounts, configuration change management (to reduce unintentional threats), segregation of duties, mandatory vacation (to mitigate intentional threats), personally identifiable information breaches, media protection, and social engineering. This milestone focuses on security functionality, and each policy should be no longer than one page. Specifically, the following critical elements must be addressed: a) What is your proposal for mitigating the identified human factors that pose a threat to the organization’s security posture? Describe the specific policies, processes, and practices that must be in place to address each of the following. i. Unintentional Threats: What strategies can protect against human errors made due to cognitive factors? What strategies can protect against human errors made due to psychosocial and cultural factors? ii. Intentional Threats: What strategies can protect against
social engineering? b) Data Flow: How do you make sure that the data sender and the data receiver have a sound connection? How do you ensure that data is not tampered with or altered from its intended meaning? What strategies do you propose to address poor communication? Guidelines for Submission: Your paper must be submitted as a 10-page Microsoft Word document, with double spacing, 12- point Times New Roman font, and one-inch margins, in APA format. Each policy should be no longer than one page. Instructor Feedback: This activity uses an integrated rubric in Blackboard. Students can view instructor feedback in the Grade Center. For more information, review these instructions. Critical Elements Exemplary (100%) Proficient (90%) Needs Improvement (70%) Not Evident (0%) Value Human: Unintentional Threats Meets “Proficient” criteria and proposes evidence-based solutions for effectively protecting against unintentional human errors Proposes specific policies, processes, and practices to
protect against unintentional human errors, including cognitive, psychosocial, and cultural factors Insufficiently proposes specific policies, processes, and practices to protect against unintentional human errors, including cognitive, psychosocial, and cultural factors Does not propose policies, processes, or practices for protecting against unintentional human errors 25 Human: Intentional Threats Meets “Proficient” criteria and proposes evidence-based solutions for effectively protecting against intentional human threats Proposes specific policies, processes, and practices to protect against intentional human threats, including social engineering
Specific policies, processes, and practices to protect against intentional human threats, including social engineering are minimally described Does not propose policies, processes, or practices for protecting against intentional human threats, including social engineering 25 http://snhu- media.snhu.edu/files/production_documentation/formatting/rubr ic_feedback_instructions_student.pdf Organizational: Data Flow Meets “Proficient” criteria substantiated with evidence- based solutions for effectively protecting against inoperative organizational factors associated with data flow Proposes specific policies, processes, and practices for protecting against inoperative organizational factors associated with data flow
Specific policies, processes, and practices for protecting against inoperative organizational factors associated with data flow are lacking in detail Does not propose policies, processes, or practices for protecting against inoperative organizational factors associated with data flow 25 Articulation of Response Submission is free of errors related to citations, grammar, spelling, syntax, and is presented in a professional and easy-to-read format Submission has no major errors related to citations, grammar, spelling, or syntax Submission has major errors related to citations, grammar, spelling, syntax, or organization that negatively impact readability and articulation of main ideas Submission has critical errors
related to citations, grammar, spelling, syntax, or organization that prevent the understanding of ideas 25 Earned Total 100%

Recommended

Running Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docxRunning Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docxtoltonkendal
 
IYeste - Nova - ISEC695 - Final
IYeste - Nova - ISEC695 - FinalIYeste - Nova - ISEC695 - Final
IYeste - Nova - ISEC695 - FinalIvonne Yeste
 
Module 2 - Cybersecurity On the Defense.pdf
Module 2 - Cybersecurity On the Defense.pdfModule 2 - Cybersecurity On the Defense.pdf
Module 2 - Cybersecurity On the Defense.pdfHumphrey Humphrey
 
Meraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless worldMeraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless worldnooralmousa
 
Challenges in implementing effective data security practices
Challenges in implementing effective data security practicesChallenges in implementing effective data security practices
Challenges in implementing effective data security practiceswacasr
 
Fissea09 mgupta-day3-panel process-program-build-effective-training
Fissea09 mgupta-day3-panel process-program-build-effective-trainingFissea09 mgupta-day3-panel process-program-build-effective-training
Fissea09 mgupta-day3-panel process-program-build-effective-trainingSwati Gupta
 
Discussion 1Recommend three countermeasures that could enhance.docx
Discussion 1Recommend three countermeasures that could enhance.docxDiscussion 1Recommend three countermeasures that could enhance.docx
Discussion 1Recommend three countermeasures that could enhance.docxelinoraudley582231
 
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...IJNSA Journal
 

Recommended

Running Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docxRunning Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docxtoltonkendal
 
IYeste - Nova - ISEC695 - Final
IYeste - Nova - ISEC695 - FinalIYeste - Nova - ISEC695 - Final
IYeste - Nova - ISEC695 - FinalIvonne Yeste
 
Module 2 - Cybersecurity On the Defense.pdf
Module 2 - Cybersecurity On the Defense.pdfModule 2 - Cybersecurity On the Defense.pdf
Module 2 - Cybersecurity On the Defense.pdfHumphrey Humphrey
 
Meraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless worldMeraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless worldnooralmousa
 
Challenges in implementing effective data security practices
Challenges in implementing effective data security practicesChallenges in implementing effective data security practices
Challenges in implementing effective data security practiceswacasr
 
Fissea09 mgupta-day3-panel process-program-build-effective-training
Fissea09 mgupta-day3-panel process-program-build-effective-trainingFissea09 mgupta-day3-panel process-program-build-effective-training
Fissea09 mgupta-day3-panel process-program-build-effective-trainingSwati Gupta
 
Discussion 1Recommend three countermeasures that could enhance.docx
Discussion 1Recommend three countermeasures that could enhance.docxDiscussion 1Recommend three countermeasures that could enhance.docx
Discussion 1Recommend three countermeasures that could enhance.docxelinoraudley582231
 
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...IJNSA Journal
 
Building and implementing a successful information security policy
Building and implementing a successful information security policyBuilding and implementing a successful information security policy
Building and implementing a successful information security policyRossMob1
 
Part 1Strategic Management Case Study #6—IKEA (Case Study In.docx
Part 1Strategic Management Case Study #6—IKEA (Case Study In.docxPart 1Strategic Management Case Study #6—IKEA (Case Study In.docx
Part 1Strategic Management Case Study #6—IKEA (Case Study In.docxdanhaley45372
 
An Effective Cybersecurity Awareness Training Model: First Defense of an Orga...
An Effective Cybersecurity Awareness Training Model: First Defense of an Orga...An Effective Cybersecurity Awareness Training Model: First Defense of an Orga...
An Effective Cybersecurity Awareness Training Model: First Defense of an Orga...IRJET Journal
 
End User Security Awareness Presentation
End User Security Awareness PresentationEnd User Security Awareness Presentation
End User Security Awareness PresentationCristian Mihai
 
The Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk AssessmentThe Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk AssessmentBradley Susser
 
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...robbiesamuel
 
Running Head EXECUTIVE SUMMARY6Executive SummaryS.docx
Running Head EXECUTIVE SUMMARY6Executive SummaryS.docxRunning Head EXECUTIVE SUMMARY6Executive SummaryS.docx
Running Head EXECUTIVE SUMMARY6Executive SummaryS.docxcowinhelen
 
Key Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise World
Key Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise WorldKey Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise World
Key Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise WorldTEWMAGAZINE
 
Fdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsFdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsKen M. Shaurette
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
 
Risk Management
Risk ManagementRisk Management
Risk Managementijtsrd
 
Information Security Management System: Emerging Issues and Prospect
Information Security Management System: Emerging Issues and ProspectInformation Security Management System: Emerging Issues and Prospect
Information Security Management System: Emerging Issues and ProspectIOSR Journals
 
Improving Cyber Readiness with the NIST Cybersecurity Framework
Improving Cyber Readiness with the NIST Cybersecurity FrameworkImproving Cyber Readiness with the NIST Cybersecurity Framework
Improving Cyber Readiness with the NIST Cybersecurity FrameworkWilliam McBorrough
 
Fundamentals of-information-security
Fundamentals of-information-security Fundamentals of-information-security
Fundamentals of-information-security madunix
 
Cyb 690 cybersecurity program template directions the foll
Cyb 690 cybersecurity program template directions the follCyb 690 cybersecurity program template directions the foll
Cyb 690 cybersecurity program template directions the follAISHA232980
 
IT 552 Milestone One Guidelines and Rubric The fina.docx
IT 552 Milestone One Guidelines and Rubric The fina.docx IT 552 Milestone One Guidelines and Rubric The fina.docx
IT 552 Milestone One Guidelines and Rubric The fina.docxShiraPrater50
 
Safeguarding the Enterprise
Safeguarding the EnterpriseSafeguarding the Enterprise
Safeguarding the EnterpriseADGP, Public Grivences, Bangalore
 
1Running head IDENTITY MANAGEMENT AND SECURITY AWARENESS TRAI.docx
1Running head IDENTITY MANAGEMENT AND SECURITY AWARENESS TRAI.docx1Running head IDENTITY MANAGEMENT AND SECURITY AWARENESS TRAI.docx
1Running head IDENTITY MANAGEMENT AND SECURITY AWARENESS TRAI.docxeugeniadean34240
 
Transforming Information Security: Designing a State-of-the-Art Extended Team
Transforming Information Security: Designing a State-of-the-Art Extended TeamTransforming Information Security: Designing a State-of-the-Art Extended Team
Transforming Information Security: Designing a State-of-the-Art Extended TeamEMC
 
Elementary CurriculaBoth articles highlight the fact that middle.docx
Elementary CurriculaBoth articles highlight the fact that middle.docxElementary CurriculaBoth articles highlight the fact that middle.docx
Elementary CurriculaBoth articles highlight the fact that middle.docxtoltonkendal
 
Elementary Statistics (MATH220)Assignment Statistic.docx
Elementary Statistics (MATH220)Assignment Statistic.docxElementary Statistics (MATH220)Assignment Statistic.docx
Elementary Statistics (MATH220)Assignment Statistic.docxtoltonkendal
 

More Related Content

Similar to Running Head STATEMENT OF WORKSTATEMENT OF WORK .docx

Building and implementing a successful information security policy
Building and implementing a successful information security policyBuilding and implementing a successful information security policy
Building and implementing a successful information security policyRossMob1
 
Part 1Strategic Management Case Study #6—IKEA (Case Study In.docx
Part 1Strategic Management Case Study #6—IKEA (Case Study In.docxPart 1Strategic Management Case Study #6—IKEA (Case Study In.docx
Part 1Strategic Management Case Study #6—IKEA (Case Study In.docxdanhaley45372
 
An Effective Cybersecurity Awareness Training Model: First Defense of an Orga...
An Effective Cybersecurity Awareness Training Model: First Defense of an Orga...An Effective Cybersecurity Awareness Training Model: First Defense of an Orga...
An Effective Cybersecurity Awareness Training Model: First Defense of an Orga...IRJET Journal
 
End User Security Awareness Presentation
End User Security Awareness PresentationEnd User Security Awareness Presentation
End User Security Awareness PresentationCristian Mihai
 
The Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk AssessmentThe Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk AssessmentBradley Susser
 
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...robbiesamuel
 
Running Head EXECUTIVE SUMMARY6Executive SummaryS.docx
Running Head EXECUTIVE SUMMARY6Executive SummaryS.docxRunning Head EXECUTIVE SUMMARY6Executive SummaryS.docx
Running Head EXECUTIVE SUMMARY6Executive SummaryS.docxcowinhelen
 
Key Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise World
Key Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise WorldKey Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise World
Key Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise WorldTEWMAGAZINE
 
Fdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsFdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsKen M. Shaurette
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
 
Risk Management
Risk ManagementRisk Management
Risk Managementijtsrd
 
Information Security Management System: Emerging Issues and Prospect
Information Security Management System: Emerging Issues and ProspectInformation Security Management System: Emerging Issues and Prospect
Information Security Management System: Emerging Issues and ProspectIOSR Journals
 
Improving Cyber Readiness with the NIST Cybersecurity Framework
Improving Cyber Readiness with the NIST Cybersecurity FrameworkImproving Cyber Readiness with the NIST Cybersecurity Framework
Improving Cyber Readiness with the NIST Cybersecurity FrameworkWilliam McBorrough
 
Fundamentals of-information-security
Fundamentals of-information-security Fundamentals of-information-security
Fundamentals of-information-security madunix
 
Cyb 690 cybersecurity program template directions the foll
Cyb 690 cybersecurity program template directions the follCyb 690 cybersecurity program template directions the foll
Cyb 690 cybersecurity program template directions the follAISHA232980
 
IT 552 Milestone One Guidelines and Rubric The fina.docx
IT 552 Milestone One Guidelines and Rubric The fina.docx IT 552 Milestone One Guidelines and Rubric The fina.docx
IT 552 Milestone One Guidelines and Rubric The fina.docxShiraPrater50
 
1Running head IDENTITY MANAGEMENT AND SECURITY AWARENESS TRAI.docx
1Running head IDENTITY MANAGEMENT AND SECURITY AWARENESS TRAI.docx1Running head IDENTITY MANAGEMENT AND SECURITY AWARENESS TRAI.docx
1Running head IDENTITY MANAGEMENT AND SECURITY AWARENESS TRAI.docxeugeniadean34240
 
Transforming Information Security: Designing a State-of-the-Art Extended Team
Transforming Information Security: Designing a State-of-the-Art Extended TeamTransforming Information Security: Designing a State-of-the-Art Extended Team
Transforming Information Security: Designing a State-of-the-Art Extended TeamEMC
 

Similar to Running Head STATEMENT OF WORKSTATEMENT OF WORK .docx (20)

Building and implementing a successful information security policy
Building and implementing a successful information security policyBuilding and implementing a successful information security policy
Building and implementing a successful information security policy
 
Part 1Strategic Management Case Study #6—IKEA (Case Study In.docx
Part 1Strategic Management Case Study #6—IKEA (Case Study In.docxPart 1Strategic Management Case Study #6—IKEA (Case Study In.docx
Part 1Strategic Management Case Study #6—IKEA (Case Study In.docx
 
An Effective Cybersecurity Awareness Training Model: First Defense of an Orga...
An Effective Cybersecurity Awareness Training Model: First Defense of an Orga...An Effective Cybersecurity Awareness Training Model: First Defense of an Orga...
An Effective Cybersecurity Awareness Training Model: First Defense of an Orga...
 
End User Security Awareness Presentation
End User Security Awareness PresentationEnd User Security Awareness Presentation
End User Security Awareness Presentation
 
The Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk AssessmentThe Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk Assessment
 
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
 
Running Head EXECUTIVE SUMMARY6Executive SummaryS.docx
Running Head EXECUTIVE SUMMARY6Executive SummaryS.docxRunning Head EXECUTIVE SUMMARY6Executive SummaryS.docx
Running Head EXECUTIVE SUMMARY6Executive SummaryS.docx
 
Key Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise World
Key Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise WorldKey Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise World
Key Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise World
 
Fdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsFdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessments
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
Risk Management
Risk ManagementRisk Management
Risk Management
 
Information Security Management System: Emerging Issues and Prospect
Information Security Management System: Emerging Issues and ProspectInformation Security Management System: Emerging Issues and Prospect
Information Security Management System: Emerging Issues and Prospect
 
Improving Cyber Readiness with the NIST Cybersecurity Framework
Improving Cyber Readiness with the NIST Cybersecurity FrameworkImproving Cyber Readiness with the NIST Cybersecurity Framework
Improving Cyber Readiness with the NIST Cybersecurity Framework
 
Fundamentals of-information-security
Fundamentals of-information-security Fundamentals of-information-security
Fundamentals of-information-security
 
Cyb 690 cybersecurity program template directions the foll
Cyb 690 cybersecurity program template directions the follCyb 690 cybersecurity program template directions the foll
Cyb 690 cybersecurity program template directions the foll
 
IT 552 Milestone One Guidelines and Rubric The fina.docx
IT 552 Milestone One Guidelines and Rubric The fina.docx IT 552 Milestone One Guidelines and Rubric The fina.docx
IT 552 Milestone One Guidelines and Rubric The fina.docx
 
Safeguarding the Enterprise
Safeguarding the EnterpriseSafeguarding the Enterprise
Safeguarding the Enterprise
 
1Running head IDENTITY MANAGEMENT AND SECURITY AWARENESS TRAI.docx
1Running head IDENTITY MANAGEMENT AND SECURITY AWARENESS TRAI.docx1Running head IDENTITY MANAGEMENT AND SECURITY AWARENESS TRAI.docx
1Running head IDENTITY MANAGEMENT AND SECURITY AWARENESS TRAI.docx
 
Transforming Information Security: Designing a State-of-the-Art Extended Team
Transforming Information Security: Designing a State-of-the-Art Extended TeamTransforming Information Security: Designing a State-of-the-Art Extended Team
Transforming Information Security: Designing a State-of-the-Art Extended Team
 

More from toltonkendal

Elementary CurriculaBoth articles highlight the fact that middle.docx
Elementary CurriculaBoth articles highlight the fact that middle.docxElementary CurriculaBoth articles highlight the fact that middle.docx
Elementary CurriculaBoth articles highlight the fact that middle.docxtoltonkendal
 
Elementary Statistics (MATH220)Assignment Statistic.docx
Elementary Statistics (MATH220)Assignment Statistic.docxElementary Statistics (MATH220)Assignment Statistic.docx
Elementary Statistics (MATH220)Assignment Statistic.docxtoltonkendal
 
Elements of Religious Traditions PaperWritea 700- to 1,050-word .docx
Elements of Religious Traditions PaperWritea 700- to 1,050-word .docxElements of Religious Traditions PaperWritea 700- to 1,050-word .docx
Elements of Religious Traditions PaperWritea 700- to 1,050-word .docxtoltonkendal
 
Elements of MusicPitch- relative highness or lowness that we .docx
Elements of MusicPitch- relative highness or lowness that we .docxElements of MusicPitch- relative highness or lowness that we .docx
Elements of MusicPitch- relative highness or lowness that we .docxtoltonkendal
 
Elevated Blood Lead Levels in Children AssociatedWith the Fl.docx
Elevated Blood Lead Levels in Children AssociatedWith the Fl.docxElevated Blood Lead Levels in Children AssociatedWith the Fl.docx
Elevated Blood Lead Levels in Children AssociatedWith the Fl.docxtoltonkendal
 
Elev ent h EDIT IONREAL ESTATE PRINCIPLESCHARLES F. .docx
Elev ent h EDIT IONREAL ESTATE PRINCIPLESCHARLES F. .docxElev ent h EDIT IONREAL ESTATE PRINCIPLESCHARLES F. .docx
Elev ent h EDIT IONREAL ESTATE PRINCIPLESCHARLES F. .docxtoltonkendal
 
Elements of the Communication ProcessIn Chapter One, we learne.docx
Elements of the Communication ProcessIn Chapter One, we learne.docxElements of the Communication ProcessIn Chapter One, we learne.docx
Elements of the Communication ProcessIn Chapter One, we learne.docxtoltonkendal
 
Elements of Music #1 Handout1. Rhythm the flow of music in te.docx
Elements of Music #1 Handout1. Rhythm the flow of music in te.docxElements of Music #1 Handout1. Rhythm the flow of music in te.docx
Elements of Music #1 Handout1. Rhythm the flow of music in te.docxtoltonkendal
 
Elements of Music Report InstrumentsFor the assignment on the el.docx
Elements of Music Report InstrumentsFor the assignment on the el.docxElements of Music Report InstrumentsFor the assignment on the el.docx
Elements of Music Report InstrumentsFor the assignment on the el.docxtoltonkendal
 
Elements of GenreAfter watching three of the five .docx
Elements of GenreAfter watching three of the five .docxElements of GenreAfter watching three of the five .docx
Elements of GenreAfter watching three of the five .docxtoltonkendal
 
Elements of DesignDuring the process of envisioning and designing .docx
Elements of DesignDuring the process of envisioning and designing .docxElements of DesignDuring the process of envisioning and designing .docx
Elements of DesignDuring the process of envisioning and designing .docxtoltonkendal
 
Elements of Critical Thinking [WLOs 2, 3, 4] [CLOs 2, 3, 4]P.docx
Elements of Critical Thinking [WLOs 2, 3, 4] [CLOs 2, 3, 4]P.docxElements of Critical Thinking [WLOs 2, 3, 4] [CLOs 2, 3, 4]P.docx
Elements of Critical Thinking [WLOs 2, 3, 4] [CLOs 2, 3, 4]P.docxtoltonkendal
 
Elements of DesignDuring the process of envisioning and design.docx
Elements of DesignDuring the process of envisioning and design.docxElements of DesignDuring the process of envisioning and design.docx
Elements of DesignDuring the process of envisioning and design.docxtoltonkendal
 
Elements of a contact due 16 OctRead the Case Campbell Soup Co. v..docx
Elements of a contact due 16 OctRead the Case Campbell Soup Co. v..docxElements of a contact due 16 OctRead the Case Campbell Soup Co. v..docx
Elements of a contact due 16 OctRead the Case Campbell Soup Co. v..docxtoltonkendal
 
Elements for analyzing mise en sceneIdentify the components of.docx
Elements for analyzing mise en sceneIdentify the components of.docxElements for analyzing mise en sceneIdentify the components of.docx
Elements for analyzing mise en sceneIdentify the components of.docxtoltonkendal
 
Elements in the same row have the same number of () levelsWhi.docx
Elements in the same row have the same number of () levelsWhi.docxElements in the same row have the same number of () levelsWhi.docx
Elements in the same row have the same number of () levelsWhi.docxtoltonkendal
 
ELEG 421 Control Systems Transient and Steady State .docx
ELEG 421 Control Systems Transient and Steady State .docxELEG 421 Control Systems Transient and Steady State .docx
ELEG 421 Control Systems Transient and Steady State .docxtoltonkendal
 
Element 010 ASSIGNMENT 3000 WORDS (100)Task Individual assign.docx
Element 010 ASSIGNMENT 3000 WORDS (100)Task Individual assign.docxElement 010 ASSIGNMENT 3000 WORDS (100)Task Individual assign.docx
Element 010 ASSIGNMENT 3000 WORDS (100)Task Individual assign.docxtoltonkendal
 
ELEG 320L – Signals & Systems Laboratory Dr. Jibran Khan Yous.docx
ELEG 320L – Signals & Systems Laboratory Dr. Jibran Khan Yous.docxELEG 320L – Signals & Systems Laboratory Dr. Jibran Khan Yous.docx
ELEG 320L – Signals & Systems Laboratory Dr. Jibran Khan Yous.docxtoltonkendal
 
Electronic Media PresentationChoose two of the following.docx
Electronic Media PresentationChoose two of the following.docxElectronic Media PresentationChoose two of the following.docx
Electronic Media PresentationChoose two of the following.docxtoltonkendal
 

More from toltonkendal (20)

Elementary CurriculaBoth articles highlight the fact that middle.docx
Elementary CurriculaBoth articles highlight the fact that middle.docxElementary CurriculaBoth articles highlight the fact that middle.docx
Elementary CurriculaBoth articles highlight the fact that middle.docx
 
Elementary Statistics (MATH220)Assignment Statistic.docx
Elementary Statistics (MATH220)Assignment Statistic.docxElementary Statistics (MATH220)Assignment Statistic.docx
Elementary Statistics (MATH220)Assignment Statistic.docx
 
Elements of Religious Traditions PaperWritea 700- to 1,050-word .docx
Elements of Religious Traditions PaperWritea 700- to 1,050-word .docxElements of Religious Traditions PaperWritea 700- to 1,050-word .docx
Elements of Religious Traditions PaperWritea 700- to 1,050-word .docx
 
Elements of MusicPitch- relative highness or lowness that we .docx
Elements of MusicPitch- relative highness or lowness that we .docxElements of MusicPitch- relative highness or lowness that we .docx
Elements of MusicPitch- relative highness or lowness that we .docx
 
Elevated Blood Lead Levels in Children AssociatedWith the Fl.docx
Elevated Blood Lead Levels in Children AssociatedWith the Fl.docxElevated Blood Lead Levels in Children AssociatedWith the Fl.docx
Elevated Blood Lead Levels in Children AssociatedWith the Fl.docx
 
Elev ent h EDIT IONREAL ESTATE PRINCIPLESCHARLES F. .docx
Elev ent h EDIT IONREAL ESTATE PRINCIPLESCHARLES F. .docxElev ent h EDIT IONREAL ESTATE PRINCIPLESCHARLES F. .docx
Elev ent h EDIT IONREAL ESTATE PRINCIPLESCHARLES F. .docx
 
Elements of the Communication ProcessIn Chapter One, we learne.docx
Elements of the Communication ProcessIn Chapter One, we learne.docxElements of the Communication ProcessIn Chapter One, we learne.docx
Elements of the Communication ProcessIn Chapter One, we learne.docx
 
Elements of Music #1 Handout1. Rhythm the flow of music in te.docx
Elements of Music #1 Handout1. Rhythm the flow of music in te.docxElements of Music #1 Handout1. Rhythm the flow of music in te.docx
Elements of Music #1 Handout1. Rhythm the flow of music in te.docx
 
Elements of Music Report InstrumentsFor the assignment on the el.docx
Elements of Music Report InstrumentsFor the assignment on the el.docxElements of Music Report InstrumentsFor the assignment on the el.docx
Elements of Music Report InstrumentsFor the assignment on the el.docx
 
Elements of GenreAfter watching three of the five .docx
Elements of GenreAfter watching three of the five .docxElements of GenreAfter watching three of the five .docx
Elements of GenreAfter watching three of the five .docx
 
Elements of DesignDuring the process of envisioning and designing .docx
Elements of DesignDuring the process of envisioning and designing .docxElements of DesignDuring the process of envisioning and designing .docx
Elements of DesignDuring the process of envisioning and designing .docx
 
Elements of Critical Thinking [WLOs 2, 3, 4] [CLOs 2, 3, 4]P.docx
Elements of Critical Thinking [WLOs 2, 3, 4] [CLOs 2, 3, 4]P.docxElements of Critical Thinking [WLOs 2, 3, 4] [CLOs 2, 3, 4]P.docx
Elements of Critical Thinking [WLOs 2, 3, 4] [CLOs 2, 3, 4]P.docx
 
Elements of DesignDuring the process of envisioning and design.docx
Elements of DesignDuring the process of envisioning and design.docxElements of DesignDuring the process of envisioning and design.docx
Elements of DesignDuring the process of envisioning and design.docx
 
Elements of a contact due 16 OctRead the Case Campbell Soup Co. v..docx
Elements of a contact due 16 OctRead the Case Campbell Soup Co. v..docxElements of a contact due 16 OctRead the Case Campbell Soup Co. v..docx
Elements of a contact due 16 OctRead the Case Campbell Soup Co. v..docx
 
Elements for analyzing mise en sceneIdentify the components of.docx
Elements for analyzing mise en sceneIdentify the components of.docxElements for analyzing mise en sceneIdentify the components of.docx
Elements for analyzing mise en sceneIdentify the components of.docx
 
Elements in the same row have the same number of () levelsWhi.docx
Elements in the same row have the same number of () levelsWhi.docxElements in the same row have the same number of () levelsWhi.docx
Elements in the same row have the same number of () levelsWhi.docx
 
ELEG 421 Control Systems Transient and Steady State .docx
ELEG 421 Control Systems Transient and Steady State .docxELEG 421 Control Systems Transient and Steady State .docx
ELEG 421 Control Systems Transient and Steady State .docx
 
Element 010 ASSIGNMENT 3000 WORDS (100)Task Individual assign.docx
Element 010 ASSIGNMENT 3000 WORDS (100)Task Individual assign.docxElement 010 ASSIGNMENT 3000 WORDS (100)Task Individual assign.docx
Element 010 ASSIGNMENT 3000 WORDS (100)Task Individual assign.docx
 
ELEG 320L – Signals & Systems Laboratory Dr. Jibran Khan Yous.docx
ELEG 320L – Signals & Systems Laboratory Dr. Jibran Khan Yous.docxELEG 320L – Signals & Systems Laboratory Dr. Jibran Khan Yous.docx
ELEG 320L – Signals & Systems Laboratory Dr. Jibran Khan Yous.docx
 
Electronic Media PresentationChoose two of the following.docx
Electronic Media PresentationChoose two of the following.docxElectronic Media PresentationChoose two of the following.docx
Electronic Media PresentationChoose two of the following.docx
 

Recently uploaded

Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfMahmoud M. Sallam
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentInMediaRes1
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxEyham Joco
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxRaymartEstabillo3
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17Celine George
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...M56BOOKSTORE PRODUCT/SERVICE
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersSabitha Banu
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
Capitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitolTechU
 
Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxFinal demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxAvyJaneVismanos
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersSabitha Banu
 

Recently uploaded (20)

Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdf
 
ESSENTIAL of (CS/IT/IS) class 06 (database)
ESSENTIAL of (CS/IT/IS) class 06 (database)ESSENTIAL of (CS/IT/IS) class 06 (database)
ESSENTIAL of (CS/IT/IS) class 06 (database)
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media Component
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptx
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Capitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptx
 
Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxFinal demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptx
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginners
 

Running Head STATEMENT OF WORKSTATEMENT OF WORK .docx

  • 1. Running Head: STATEMENT OF WORK STATEMENT OF WORK 2 Assignment: 2-2 Final Project Milestone One: Statement of Work Terri Y. Hudson Southern New Hampshire University – IT 552 November 6, 2016 Agency-wide security awareness Program Proposal Introduction For the organization to comply with the current PCT DSS requirement version 12,6, a security awareness program must be in place. The CISCO of the organization has an immediate requirement of creating an agency-wide security awareness program. As a means of implementing security awareness program the organization has conducted a security gap analysis
  • 2. which is one of the component of security awareness program which showed the 10 security findings. As one of the means of conducting the program, I will submit awareness program proposal. Objective This SOW (Statement of Work) is being done on behalf of the senior information officer. He has requested for the creation of an agency-wide security awareness program by handing over the security gap analysis which was done prior to this process. Hence the major aim of this document is to set a security awareness program which shows ten major key security findings. The document will also include a risk assessment of the current security awareness practices, processes and practices. By having this document, the organization will be able to have a well-organized maintenance plan. It is also important in maintaining and establishing an information- security awareness program (United States, 2000). Background The mission of the organization is to provide efficient IT services with the best security program in place with an aim of protecting organizations assets. 1. Technical infrastructure The organization is engaged in short-term effort aiming at modernizing its information-processing infrastructure. These efforts have incorporated software enhancements, installation of firewalls and high end network systems for an improved communication. The senior information officer is the one who is responsible top oversee modernization effort. He has of late completed conducting a security awareness program and deployment of the organization’s LAN (Local area Network). The hardware being used is of CISCO products. 2. Computing Environment The organization’s desktop computers are of Windows 2007/ 98
  • 3. and 95. The servers are of Pentium with over 1 GB RAM. The current NOS (Network operating system) are window based. 3. Security Posture of the Organization The organization has a basic network structure with only one router which acts as a firewall. It has several working stations and switches to this working stations. In addition the organization has installed Kasperky’s antivirus in of their desktop machines with a motive of reducing external threats. The data server is highly secured with Kaspersky’s antivirus. The organization physical security in server rooms has rocks, network closets and the network cabinet is rocked always. The organization has a worry on its current security plan this is because of hackers, spammers and cybercrimes. Also the security plan of the organization has not proved to have the best controls after the current security gap analysis that was conducted. Security Gaps Findings From the findings one of the largest organization’s risks is not the weakness in the IT infrastructure but the action and reaction of the employees. This has happen through disclosure of sensitive information by the workers and social engineering attacks. After the gap analysis report, the organization found that confidential customer data and the some of the IT assets were at risk. From the gap analysis findings it is evident that loss of customer confidential information was very high. The risks in Information technology assets were classified as moderate. The top ten security findings were internet; this has become one of the greatest avenues for hackers. Others are data breaches, ransom ware, browser plug-ins, virus, worms, spyware, key loggers, rogue security software and pharming. Lastly some of the organization factors are contributing to unhealthy of IT assets. Example a poor plan by the organization CEO of the best IT personnel, identification of the critical assets of the organization, wrong mapping of the existing cyber security capabilities across the organization so as to identify organizational risks, poor assessment of the organization’s
  • 4. security maturity level and poor identification of the potential cyber security threats (Roper, 2006). The best practices in the organizational security program Assemble all the security awareness team. The team will be mandated in ensuring development, maintenance and delivery of the security awareness. The recommendation is for the team to be well-staffed. In addition to this all the employee dough to be trained on the ten securities gas findings. The security awareness program ought to have reference materials such as ISO 27002:2013 which outlines the code practices of the information security control, the NIST (National Institute of Standards and Technology) and COBIT 5 (Desman, 2002). Tasks Some of the roles to be performed include performing a general description of the security posture of the organization and a risk analysis, drafting security deliverable of the organization and outlining responsibilities of each and every member in the organization in ensuring the security of organizational assets. Personnel It is highly recommended that security training includes how social engineering happens and what are the consequences to the organization IT assets. One of the ways hackers are using social engineering is to acquire user’s credentials. The program should tailor this awareness to reflect the types of attacks that the organization is encountering and what the organization can encounter in long-run. As one of the findings from the security gap is confidentiality of customers’ data, it is highly recommended that different ways of how to safeguard customers’ information to be covered at the basic level for all the personnel. Example is protecting data in electronic and non- electronic form. Others that need to be included in the awareness program is organization’s security awareness policy, the impact of unauthorized access and the awareness of the CHD security requirements (Gardner, 2014).
  • 5. Conclusion This SOW document has highlighted the objective of SOW. The document has addressed four critical elements which must be addressed in the security program, these are; the security posture of the organization and the major findings from the security gap analysis, the human factors which undermine the security of the organization IT assets and organization factors that contribute to unhealthy of the organization. Lastly I have included what need to be done in the security awareness program. References United States. & United States. (2000). Summary statement of work. Washington: National Commission on Air Quality. Desman, M. B. (2002). Building an information security awareness program. Boca Raton: Auerbach Publications. Gardner, B., & Thomas, V. (2014). Building an information security awareness program: Defending against social engineering and technical threats. Waltham, Massachusetts: Syngress. Roper, C. A., Grau, J. J., & Fischer, L. F. (2006). Security
  • 6. education, awareness, and training: From theory to practice. Burlington, MA: Elsevier Butterworth-Heinemann. IT 552 Final Project Guidelines and Rubric Overview The final project for this course is the creation of a security awareness program proposal. In any type of enterprise, the security of property, information, products, and employees is of critical importance. Many security threats are caused by malicious intent, but, more often than not, security threats occur because of unintentional human error. In the final project for this course, you will evaluate the current security climate of an organization and develop a plan for mitigating against both malicious and unintentional human errors that could compromise the security of the organization. In addition to developing mitigation strategies, you must appropriately communicate those plans to the diverse, affected stakeholder groups for effective implementation. Ultimately, this assessment prepares you to successfully develop security awareness programs that not only protect the security of an organization’s information, but also enhance the health of the overall security culture. The project is divided into four milestones, which will be submitted at various points throughout the course to scaffold learning and ensure quality final submissions. These milestones will be submitted in Modules Two, Four, Six, and Eight. The final proposal will be submitted
  • 7. in Module Nine. In this assignment, you will demonstrate your mastery of the following course outcomes: organizations by evaluating relevant human factors and applicable information security policies, practices, and processes potential malicious and unintentional threats to organizations’ security postures organizational factors that contribute to unhealthy security cultures in organizations security awareness programs to diverse stakeholders for effectively fostering healthy security cultures in organizations Prompt You were just hired as the new chief information security officer for a large corporation whose security posture is low. The first thing your chief executive officer tells you is that he has recently seen a presentation by one of the information security team members emphasizing the importance of having a security awareness program. As a result, you have been asked to develop a security awareness program based on the specific needs of the organization. To that end, you
  • 8. will make recommendations for enhancing security policies, practices, and processes that are currently contributing to a dysfunctional security culture. Your chief goal is to build a program that will foster a healthy security culture and ensure continuous improvement. Your final project is to create a security awareness program proposal that addresses the needs of this case. Specifically, the following critical elements must be addressed: I. Introduction a) What is the purpose of your proposal? Why is the new security awareness program vital for the organization? Use specific examples to illustrate your claims. b) Overall, how would you characterize the security posture of the organization? What were the major findings in your risk assessment of the organization’s current security awareness policies, practices, and processes? c) Specifically, are there human factors that adversely affect the security climate within the organization? If so, how? Be sure to consider unintentional and intentional threats to a healthy security culture. d) Specifically, are there organizational factors that contribute to an unhealthy security culture in the organization? If so, how? Be sure to consider
  • 9. organizational data flow, work setting, work planning and control, and employee readiness. II. Proposal a) What is your proposal for mitigating the identified human factors that pose a threat to the organization’s security posture? Describe the specific policies, processes, and practices that must be in place to address each of the following. i. Unintentional Threats: What strategies can protect against human errors made due to cognitive factors? What strategies can protect against human errors made due to psychosocial and cultural factors? ii. Intentional Threats: What strategies can protect against social engineering? b) What is your proposal for resolving inoperative organizational factors that pose a threat to the organization’s security posture? Describe the specific policies, processes, and practices that should be in place to address each of the following. i. Data Flow: How do you make sure that the data sender and the data receiver have a sound connection? How do you ensure that data is not tampered with or altered from its intended meaning? What strategies do you propose to address poor communication? ii. Work Settings: What strategies do you propose to address distractions, insufficient resources, poor management systems, or inadequate security practices?
  • 10. iii. Work Planning and Control: What strategies do you propose to address job pressure, time factors, task difficulty, change in routine, poor task planning or management practice, or lack of knowledge, skills, and ability? iv. Employee Readiness: What strategies do you propose to address inattention, stress and anxiety, fatigue and boredom, illness and injury, drug side effects, values and attitudes, or cognitive factors (e.g., misperception, memory, or judgment)? III. Communication Plan a) What messaging strategies should be used to ensure that stakeholders understand, buy into, and support the continuous improvement of your proposed security awareness program? Provide specific examples of the types of communication you are proposing. b) In a broader sense, how would you convince diverse stakeholders of the overall need for a healthy security culture? How do you make it real and relevant for nontechnical audiences? Milestones Milestone One: Statement of Work In Module Two, you will create a statement of work (SOW) based on the scenario provided in the Case Document. Be sure
  • 11. to include the purpose of the proposal, address the security concerns of the chief executive officer, explain why the security awareness proposal will be vital to the organization, describe how the security posture will be addressed, clarify how human factors will be assessed, and list any organizational factors that will contribute to the status of the security posture. The SOW should also address the scope of the work, project objectives, business needs, business goals, technical requirements, deliverables, tasks to achieve the deliverables, high-level schedule of completing the deliverables and tasks, and personnel and equipment requirements. The SOW will serve as the basis for developing the final proposal. The format of this assignment will be a two- to four-page Word document. This assignment will be graded using the Milestone One Rubric. Milestone Two: Security Policies Development In Module Four, you will submit 10 security policies as part of the planned solution to mitigate the security gaps identified in the Case Document. This assignment will include a list of access control policies addressing remote access, encryption and hashing (to control data flow), auditing network accounts, configuration change management (to reduce unintentional threats), segregation of duties, mandatory vacation (to mitigate intentional threats), personally identifiable information breaches, media protection, and social engineering. This milestone focuses on security functionality, and each policy should be no longer than one page. This assignment will be graded using the Milestone Two Rubric. Milestone Three: Continuous Monitoring Plan In Module Six, you will submit a continuous monitoring plan
  • 12. laying out the foundation for continuously monitoring the organization against malicious activities and intentional and unintentional threats. This milestone also focuses on work setting techniques and work planning policies to help employees improve their stress anxiety, fatigue, and boredom. As part of the planned solution, you will propose to mitigate the security gaps for the corporation given in the Case Document. You will need to explain what security tools (firewall, intrusion prevention system/intrusion detection system, antivirus, content filtering, encryption, etc.) and employee readiness strategies (training programs, rewards systems, physical wellness programs, etc.) will be used. The format should be a four- to five- page Word document. This assignment will be graded using the Milestone Three Rubric. Milestone Four: Communication Plan In Module Eight, you will submit a communication plan that addresses and summarizes the importance of a security awareness program. How can it enhance the success of the organization? The goal of the communication plan is to find and implement messaging strategies to gain senior management’s buy-in and support of the security program. Cyber laws, personally identifiable information breaches and implications, costs of security breaches, and advantages of awareness programs should be addressed. The plan should also include how the awareness training and the security policies and procedures will improve the security posture and culture throughout the organization. The format of this assignment will be a Word document. This assignment will be graded using the Milestone Four Rubric. Final Submission: Security Awareness Program Proposal
  • 13. In Module Nine, you will submit the security awareness program proposal. It should be a complete, polished artifact containing all of the critical elements of the final proposal. It should reflect the incorporation of feedback gained throughout the course. The proposal will consist of the executive summary, communication plan, statement of work, policies and procedures, proposed solutions to the security vulnerabilities, schedule for completing the proposed solutions, budget, and plans to continuously monitor the organization for malicious behaviors. This assignment will be graded using the Final Product Rubric. Deliverables Milestone Deliverables Module Due Grading 1 Statement of Work Two Graded separately; Milestone One Rubric 2 Security Policies Development Four Graded separately; Milestone Two Rubric 3 Continuous Monitoring Plan Six Graded separately; Milestone Three Rubric 4 Communication Plan Eight Graded separately; Milestone Four Rubric Final Submission: Security Awareness
  • 14. Program Proposal Nine Graded separately; Final Product Rubric Final Product Rubric Guidelines for Submission: Written components of projects must follow these formatting guidelines when applicable: double spacing, 12-point T imes New Roman font, one-inch margins, and APA citations. Page-length requirements: 25–30 pages (not including cover page and references). Instructor Feedback: This activity uses an integrated rubric in Blackboard. Students can view instructor feedback in the Grade Center. For more information, review these instructions. Critical Elements Exemplary (100%) Proficient (90%) Needs Improvement (70%) Not Evident (0%) Value Introduction: Purpose Meets “Proficient” criteria and demonstrates keen insight or a nuanced perspective on the significance of security awareness programs Illustrates the purpose of the proposal using specific examples that demonstrate why the program is vital for
  • 15. the organization Describes the purpose of the proposal, but either does not include specific examples or those examples do not demonstrate why the program is vital for the organization Does not describe the purpose of the proposal 8 Introduction: Security Posture Meets “Proficient” criteria and demonstrates keen insight or a nuanced perspective in the evaluation of the overall security posture Makes a justifiable claim about the overall security posture of the organization and supports using specific findings from the risk assessment Makes a claim about the overall security posture of the organization, but it is either not justifiable or not well supported by findings from the risk
  • 16. assessment Does not make a claim about the overall security posture of the organization 8 http://snhu- media.snhu.edu/files/production_documentation/formatting/rubr ic_feedback_instructions_student.pdf Introduction: Human Factors Meets “Proficient” criteria and demonstrates keen insight or a nuanced perspective on the impacts of human factors on the security climate Identifies specific human factors that adversely affect the security climate and illustrates their impacts using examples of relevant unintentional and intentional threats Identifies human factors that adversely affect the security climate, but does not illustrate their impacts using examples of
  • 17. relevant unintentional and intentional threats Does not identify human factors that adversely affect the security climate 8 Introduction: Organizational Factors Meets “Proficient” criteria and demonstrates keen insight or a nuanced perspective on the impacts of organizational factors on the security climate Identifies organizational factors that contribute to an unhealthy security culture and illustrates their impact using relevant examples of data flow, work setting, work planning and control, and employee readiness Identifies organizational factors that contribute to an unhealthy security culture, but does not illustrate their impact using relevant examples of data flow, work setting, work planning and
  • 18. control, and employee readiness Does not identify organizational factors that contribute to an unhealthy security culture 8 Proposal: Human Factors: Unintentional Meets “Proficient” criteria and proposal reflects keen insight or includes creative solutions for effectively protecting against unintentional human errors Proposes specific policies, processes, and practices to protect against unintentional human errors, including cognitive, psychosocial, and cultural factors Proposes policies, processes, or practices that would not effectively protect against unintentional human errors, including cognitive, psychosocial, or cultural factors
  • 19. Does not propose policies, processes, or practices for protecting against unintentional human errors 8 Proposal: Human Factors: Intentional Meets “Proficient” criteria and proposal reflects keen insight or includes creative solutions for effectively protecting against intentional human threats Proposes specific policies, processes, and practices to protect against intentional human threats, including social engineering Proposes policies, processes, or practices that would not effectively protect against intentional human threats, including social engineering Does not propose policies, processes, or practices for protecting against intentional human threats, including social engineering
  • 20. 8 Proposal: Organizational Factors: Data Flow Meets “Proficient” criteria and proposal reflects keen insight or includes creative solutions for effectively protecting against inoperative organizational factors associated with data flow Proposes specific policies, processes, and practices for protecting against inoperative organizational factors associated with data flow Proposes specific policies, processes, or practices that would not effectively protect against inoperative organizational factors associated with data flow Does not propose policies, processes, or practices for protecting against inoperative organizational factors associated with data flow
  • 21. 8 Proposal: Organizational Factors: Work Settings Meets “Proficient” criteria and proposal reflects keen insight or includes creative solutions for effectively protecting against inoperative organizational factors associated with work settings Proposes specific policies, processes, and practices for protecting against inoperative organizational factors associated with work settings Proposes specific policies, processes, or practices that would not effectively protect against inoperative organizational factors associated with work settings Does not propose policies, processes, or practices for protecting against inoperative
  • 22. organizational factors associated with work settings 8 Proposal: Organizational Factors: Work Planning Meets “Proficient” criteria and proposal reflects keen insight or includes creative solutions for effectively protecting against inoperative organizational factors associated with work planning and control Proposes specific policies, processes, and practices for protecting against inoperative organizational factors around work planning and control Proposes specific policies, processes, or practices that would not effectively protect against inoperative organizational factors associated with work planning and control Does not propose policies, processes, or practices for
  • 23. protecting against inoperative organizational factors associated with work planning and control 8 Proposal: Organizational Factors: Employee Readiness Meets “Proficient” criteria and proposal reflects keen insight or includes creative solutions for effectively protecting against inoperative organizational factors associated with employee readiness Proposes specific policies, processes, and practices for protecting against inoperative organizational factors around employee readiness Proposes specific policies, processes, or practices that would not effectively protect against inoperative organizational factors associated with employee readiness
  • 24. Does not propose policies, processes, or practices for protecting against inoperative organizational factors associated with employee readiness 8 Communication Plan: Messaging Strategies Meets “Proficient” criteria and proposal represents highly effective or creative strategies for ensuring stakeholder comprehension and buy-in Proposes messaging strategies for ensuring stakeholder comprehension and buy-in and illustrates with specific examples of proposed communications Proposes messaging strategies that either would not ensure stakeholder comprehension and buy-in or does not illustrate with specific examples of proposed communications Does not propose messaging
  • 25. strategies for ensuring stakeholder comprehension and buy-in 8 Communication Plan: Security Culture Meets “Proficient” criteria and justifications are highly compelling or reflect a nuanced perspective on the importance of a healthy security culture Justifies the overall need for and importance of a healthy security culture in a way that would be likely to persuade even nontechnical audiences Justifies the overall need for and importance of a healthy security culture, but arguments are not compelling for nontechnical audiences Does not justify the overall need for and importance of a healthy security culture 8
  • 26. Articulation of Response Submission is free of errors related to citations, grammar, spelling, syntax, and organization and is presented in a professional and easy-to-read format Submission has no major errors related to citations, grammar, spelling, syntax, or organization Submission has major errors related to citations, grammar, spelling, syntax, or organization that negatively impact readability and articulation of main ideas Submission has critical errors related to citations, grammar, spelling, syntax, or organization that prevent the understanding of ideas 4 Earned Total 100%
  • 27. IT 552 Milestone Two Guidelines and Rubric In Module Four, you will submit 10 security policies as part of the planned solution to mitigate the security gaps identified in the Case Document. This assignment will include a list of access control policies addressing remote access, encryption and hashing (to control data flow), auditing network accounts, configuration change management (to reduce unintentional threats), segregation of duties, mandatory vacation (to mitigate intentional threats), personally identifiable information breaches, media protection, and social engineering. This milestone focuses on security functionality, and each policy should be no longer than one page. Specifically, the following critical elements must be addressed: a) What is your proposal for mitigating the identified human factors that pose a threat to the organization’s security posture? Describe the specific policies, processes, and practices that must be in place to address each of the following. i. Unintentional Threats: What strategies can protect against human errors made due to cognitive factors? What strategies can protect against human errors made due to psychosocial and cultural factors? ii. Intentional Threats: What strategies can protect against
  • 28. social engineering? b) Data Flow: How do you make sure that the data sender and the data receiver have a sound connection? How do you ensure that data is not tampered with or altered from its intended meaning? What strategies do you propose to address poor communication? Guidelines for Submission: Your paper must be submitted as a 10-page Microsoft Word document, with double spacing, 12- point Times New Roman font, and one-inch margins, in APA format. Each policy should be no longer than one page. Instructor Feedback: This activity uses an integrated rubric in Blackboard. Students can view instructor feedback in the Grade Center. For more information, review these instructions. Critical Elements Exemplary (100%) Proficient (90%) Needs Improvement (70%) Not Evident (0%) Value Human: Unintentional Threats Meets “Proficient” criteria and proposes evidence-based solutions for effectively protecting against unintentional human errors Proposes specific policies, processes, and practices to
  • 29. protect against unintentional human errors, including cognitive, psychosocial, and cultural factors Insufficiently proposes specific policies, processes, and practices to protect against unintentional human errors, including cognitive, psychosocial, and cultural factors Does not propose policies, processes, or practices for protecting against unintentional human errors 25 Human: Intentional Threats Meets “Proficient” criteria and proposes evidence-based solutions for effectively protecting against intentional human threats Proposes specific policies, processes, and practices to protect against intentional human threats, including social engineering
  • 30. Specific policies, processes, and practices to protect against intentional human threats, including social engineering are minimally described Does not propose policies, processes, or practices for protecting against intentional human threats, including social engineering 25 http://snhu- media.snhu.edu/files/production_documentation/formatting/rubr ic_feedback_instructions_student.pdf Organizational: Data Flow Meets “Proficient” criteria substantiated with evidence- based solutions for effectively protecting against inoperative organizational factors associated with data flow Proposes specific policies, processes, and practices for protecting against inoperative organizational factors associated with data flow
  • 31. Specific policies, processes, and practices for protecting against inoperative organizational factors associated with data flow are lacking in detail Does not propose policies, processes, or practices for protecting against inoperative organizational factors associated with data flow 25 Articulation of Response Submission is free of errors related to citations, grammar, spelling, syntax, and is presented in a professional and easy-to-read format Submission has no major errors related to citations, grammar, spelling, or syntax Submission has major errors related to citations, grammar, spelling, syntax, or organization that negatively impact readability and articulation of main ideas Submission has critical errors
  • 32. related to citations, grammar, spelling, syntax, or organization that prevent the understanding of ideas 25 Earned Total 100%