remember every weeks 1 trough 5 are in this final draft!
Key Assignment
The Key Assignment final draft should include the following sections:
- Section 1: Information Security Management
- This section will be used to describe the organization and establish the security model to be used by the organization.
- Section 2: Security Program
- This section will focus on existing frameworks that can help in the implementation of a security plan and what a security organization should look like.
- Section 3: Security Policies
- This section looks at security policies and their creation.
- Section 4: Assessing Risk
- This section will focus on risk assessments and methodologies that are used to perform one.
- Section 5: Controlling Risk
- This final section combines all of the previous sections and gives the opportunity to look at mechanisms to control risk.
Be sure to include an abstract and a References page in your final draft.
The project deliverables for Week 5 are as follows:
- Section 5: Controlling Risk
- Given the following categories or areas where risk exists, and then the 3 assets for each, describe how you will test for associated risk:
- Administrative
- Human resources: Hiring and termination practices
- Organizational structure: A formal security program
- Security policies: Accurate, updated, and known or used
- Technical
- Access control: Least privileged
- System architecture: Separated network segments
- System configurations: Default configurations
- Physical
- Heating and air conditioning: Proper cooling and humidity
- Fire: Fire suppression
- Flood: Data center location
- Administrative
- Once you have described the tests that will be conducted to test each, assume that failure or holes were found in each of them.
- Next, describe at least 3 safeguards for each that could be put in place to address the risk.
- Given the following categories or areas where risk exists, and then the 3 assets for each, describe how you will test for associated risk: