Information Security White Paper
Watch theInformation Technology Security for Small Businessesvideo from the National Institutes of Standards and Technology (NIST) (
Then write an information security white paper that can be used to market your firm’s security consulting services to small businesses in the Washington, DC, area. Your white paper must:
  1. Be concise—no more than three pages long.
  2. Provide a general explanation of the business need for information security (protection measures) even in the smallest of businesses (e.g., protect against loss of profit, damage to company’s reputation, costs of litigation, etc.).
  3. Explain information security threats and vulnerabilities in plain English to small business owners who, while experts in their own business areas, have limited knowledge of computers, networks, and software.
  4. Explain the following key concepts as part of the threats and vulnerabilities discussion:
  • confidentiality
  • integrity
  • availability
  • non-repudiation
  • authentication
  • authorization
  • risk
  1. Recommend technologies, processes, and policies that can be used to solve or mitigate one of the following common information security threats:
  • data breach and/or data theft (confidential client information)
  • denial-of-service (DOS) attacks
  • insider theft of intellectual property
  • deliberate corruption of electronic files (hacker attack or malicious insider) including virus/worm infections
  1. Discuss the impact or results that can be expected:
  • costs and benefits of effective protection measures
  • costs and penalties of ineffective or nonexistent protection measures
Remember to present your white paper and cite your sources in APA format and use only authoritative/scholarly sources such as journal articles, books, government documents, and other industry publications (e.g., trade journals or magazines for health care or security professionals). The title page and list of references are not included in the required page count.
To cite the video in your paper use:
(National Institute of Standards and Technology, 2009)
For your reference list entry for the video use:
National Institute of Standards and Technology (Creator). (2009, September 29).Information technology security for small businesses[Video]. Retrieved from
Information Security White Paper: 13 points
Item from Assignment / Weight / Points
Provides a general explanation of the business need for information security (protection measures) even in the smallest of businesses (e.g., protect against loss of profit, damage to company’s reputation, costs of litigation, etc.). Usesinformation from NIST Small Business Guide NISTIR 7621 and/or video from assignment (must cite one or both). / 15% / 1.8
Explain information security threats and vulnerabilities in plain English to small business owners who, while experts in their own business areas, have limited knowledge of computers, networks, and software. / 15% / 1.8
Explain the following key concepts as part of the threats and vulnerabilities discussion: confidentiality, integrity, availability, non-repudiation, authentication and authorization, risk. / 10% / 2.2
Recommend technologies, processes, and policies that can be used to solve or mitigate one of the following common information security threats:
  1. data breach and/or data theft (confidential client information)
  2. denial-of-service (DOS) attacks
  3. insider theft of intellectual property
  4. deliberate corruption of electronic files (hacker attack or malicious insider) including virus/worm infections
/ 15% / 1.8
Discuss the impact or results that can be expected:
  1. costs and benefits of effective protection measures
  2. costs and penalties of ineffective or nonexistent protection measures
/ 15% / 1.8
Finds and Applies New Knowledge. Uses 5 authoritative sources beyond the textbook. Partial credit given for fewer than 5. (“C” performance = 3 sources beyond textbook.) Cites sources in APA format. All sources meet UMUC library’s criteria for authoritative/scholarly sources. Qualifying sources include: journal articles, books, government documents, newspapers (including “blogs” on news organization websites), vendor white papers, and industry publications (e.g., trade journals).
  1. References are in APA format (correct format for type of reference, correct information in fields, correct formatting within fields, no missing information).
  2. In-text citations are in APA format (correct placement, correct information).
  3. Follows 80/20 Rule (80% paraphrase, <20% direct quotes). All quotes have page numbers in citations.
/ 10% / 1.2
Organization & Appearance:
  1. Microsoft Word document, standard size (8.5” x 11”) pages, white background.
  2. Consistent formatting: 1” margins, paragraphs ½” first line indent, references ½” hanging indent, and all text is BLACK in Times New Roman 12-point font.
  3. Do not include pictures, tables, or diagrams in your narrative.
  4. Uses section headings (Level 1, Level 2, Level 3, etc.). Three suggested major headings: Introduction, Analysis, Summary and Conclusions.
  5. Separate title page with title, name, date
  6. Separate references page with “References” heading.
  7. Meets page count requirement (no more than double the max length)
/ 10% / 1.2
Execution:
  1. Writing meets the needs of the stated audience. For this assignment, this includes writing a white paper as an APA formatted paper. (Memo and/or email format submissions are not acceptable.)
  2. College level writing with proper grammar, well structured paragraphs and sentences, appropriate word choice, no use of contractions, no use of first person (“I” or “we”), no use of second person (“you”).
  3. Polished and proof read: no spelling, punctuation, or capitalization errors.
/ 10% / 1.2