Project 5: need this by Sunday april 15. This is the one in which only 3 ponts has to be done out of 10.
Note to David: I have chosen telecommunication and mediaas a topic.
Your security consulting firm has been retained by an insurance company to help it develop and implement a risk reduction program for companies purchasing cybersecurity liability insurance. The next task on this multi-year contract is to develop a set of program plans for organization-level information security programs for small businesses (i.e., up to 100 employees, no more than five offices / work locations). These documents must be tailored to specific industries and, due to the high percentage of Internet-based businesses seeking cybersecurity insurance, must address state, federal, and international laws, regulations, and standards.
- To begin this assignment, your team (group) must select one industry or business type from the list below, which links out to the U.S. Small Business Administration website, (If you wish to use an industry or business type not in this list you must first obtain permission from your instructor.)
- Agriculture
- Construction
- Consumer Goods & Services
- Financial Services
- Health Care
- Housing & Real Estate
- Manufacturing
- Marketing and Social Media
- Online Businesses
- Pharmaceuticals & Biotechnology
- Telecommunications & Media
- Transportation & Logistics
- Next, read Information Security Program Background Information and Concepts.
- Investigate how businesses in your selected industry use information technology to do business. Research your industry using the UMUC library and the Internet. As a starting point use the business guides found at
- As a team, complete the information security program requirements gathering and analysis exercise using the provided worksheet.
- Finally, each team (group) is to write and submit a five- to eight-page organization-level information security program plan, tailored to your chosen industry or type of business, using information from your completed worksheet. Use the outline provided below as a guide for writing your program plan. Organization-level information security program plans describe/specify the required organization and management structures (people and processes) as well as the technologies used to implement required information security protections and countermeasures.
Outline: Information Security Program Plan
Note to David: please do only first 3 marked in bold letters.
- Introduction
- Security Policy and Planning
- Personnel Management
- Physical Security Management
- Data Security Management
- Software Security Management
- Hardware Security Management
- Network Security Management
- Business Continuity / Disaster Recovery
Incident Reporting and Management
Project 6
This needs to be done by april 19th.
Information Security White Paper
Watch the Information Technology Security for Small Businesses video from the National Institutes of Standards and Technology (NIST):
Link:-
- Video Transcript (Courtesy of NIST)
- Source: National Institute of Standards and Technology (Creator). (2009, September 30). Information technology security for small businesses [Video]. Retrieved from
- Then write an information security white paper that can be used to market your firm’s security consulting services to small businesses in the Washington, DC, area. Your white paper must:
- Be concise—no more than three pages long.
- Provide a general explanation of the business need for information security (protection measures) even in the smallest of businesses (e.g., protect against loss of profit, damage to company’s reputation, costs of litigation, etc.).
- Explain information security threats and vulnerabilities in plain English to small business owners who, while experts in their own business areas, have limited knowledge of computers, networks, and software.
- Explain the following key concepts as part of the threats and vulnerabilities discussion:
- confidentiality
- integrity
- availability
- non-repudiation
- authentication
- authorization
- risk
- Recommend technologies, processes, and policies that can be used to solve or mitigate one of the following common information security threats:
- data breach and/or data theft (confidential client information)
- denial-of-service (DOS) attacks
- insider theft of intellectual property
- deliberate corruption of electronic files (hacker attack or malicious insider) including virus/worm infections
- Discuss the impact or results that can be expected:
- costs and benefits of effective protection measures
- costs and penalties of ineffective or nonexistent protection measures
- Remember to present your white paper and cite your sources in APA format and use only authoritative/scholarly sources such as journal articles, books, government documents, and other industry publications (e.g., trade journals or magazines for health care or security professionals). The title page and list of references are not included in the required page count.