Assignment
Project Guidelines
Overview
The final project for this course is the creation of a functional information assurance plan.
The effective management of information and protection of pertinent data is essential for leveraging the required knowledge to serve customers and stakeholders on a continuous basis. Employing information assurance best practices will ensure a firm is able to eliminate hierarchical structures, become more flat, and have greater customer touch points by leveraging the correct information at the right time. Successful firms will maintain an established information assurance plan and posture that are reviewed on a weekly basis.
This assessment will consist of the creation of a functional information assurance plan. You will review a real-world business scenario in order to apply information assurance research and incorporate industry best practices to your recommendations for specific strategic and tactical steps. These skills are crucial for you to become a desired asset to organizations seeking industry professionals in the information assurance field.
The project is divided into four milestones, which will be submitted at various points throughout the course to scaffold learning and ensure quality final submissions. These milestones will be submitted in Modules Two, Four, Five, and Seven. The final product will be submitted in Module Nine.
In this assignment, you will demonstrate your mastery of the following course outcomes:
• Assess confidentiality, integrity, and availability of information in a given situation for their relation to an information assurance plan
• Propose appropriate protocols for incident and disaster responses and managing security functions that adhere to best practices for information assurance
• Analyze threat environments using information assurance research and industry best practices to inform network governance
• Recommend strategies based on information assurance best practices for maintaining an information assurance plan
• Evaluate the appropriateness of information assurance decisions about security, access controls, and legal issues
• Assess applicable threats and vulnerabilities related to information assurance to determine potential impact on an organization and mitigate associated risks
Prompt
Your information assurance plan should answer the following prompt: Review the scenario and create an information assurance plan for the organization presented in the scenario.
Specifically, the following critical elements must be addressed in your plan:
I. Information Assurance Plan Introduction
a) Provide a brief overview of the goals and objectives of your information assurance plan, including the importance of ensuring the confidentiality, integrity, and availability of information. What are the benefits of creating and maintaining an information assurance plan around those key concepts?
b) Assess the confidentiality, integrity, and availability of information within the organization.
c) Evaluate the current protocols and policies the organization has in place. What deficiencies exist within the organization's current information assurance policies? What are the potential barriers to implementation of a new information assurance plan?
II. Information Security Roles and Responsibilities
a) Analyze the role of the key leaders within the organization specific to how their responsibilities are connected to the security of the organization's information. What is the relationship between these roles?
b) Evaluate key ethical and legal considerations related to information assurance that must be taken into account by the key leaders within the organization. What are the ramifications of key leaders not properly accounting for ethical and legal considerations?
c) What are the key components of information assurance as they relate to individual roles and responsibilities within the information assurance plan? For example, examine the current policies as they relate to confidentiality, integrity, and availability of information.
III. Risk Assessment
a) Analyze the environment in which the organization operates, including the current protocols and policies in place related to information assurance.
b) Evaluate the threat environment of the organization.
c) Based on your analysis and evaluation, what are the best approaches for implementing information assurance principles? Where do you see the most areas for improvement to current protocols and policies?
d) Assess the threats and vulnerabilities of the organization by creating a risk matrix to outline the threats and vulnerabilities found and determine possible methods to mitigate the identified dangers.
IV. Statements of Policy
a) Develop appropriate incident response protocols to respond to the various threats and vulnerabilities identified within the organization.
b) Justify how the incident response protocols will mitigate the threats to and vulnerabilities of the organization. Support your justification with information assurance research and best practices.
c) Develop appropriate disaster response protocols to respond to the various threats and vulnerabilities identified within the organization.
d) Justify how the disaster response protocols will mitigate the threats to and vulnerabilities of the organization. Support your justification with information assurance research and best practices.
e) Develop appropriate access control protocols that provide an appropriate amount of protection while allowing users to continue to operate without denial of service.
f) Justify your access control protocols. Support your justification with information assurance research and best practices.
g) Recommend a method for maintaining the information assurance plan once it has been established.
h) Justify how your maintenance plan will ensure the ongoing effectiveness of the information assurance plan. Support your justification with information assurance research and best practices.
V. Conclusion
a) Summarize the need for an information assurance plan for the selected organization, including the legal and ethical responsibilities of the organization to implement and maintain an appropriate information assurance plan.
b) Defend the key elements of your information assurance plan, including which members of the organization would be responsible for each element.
Milestone One: Information Assurance Plan Introduction
In Module Two, you will submit your introduction to the information assurance plan. This section of the plan will provide the overview of the current state of the organization. Provide a brief overview of the goals and objectives of your information assurance plan, including the importance of ensuring the confidentiality, integrity, and availability of information. What are the benefits of creating and maintaining an information assurance plan around those key concepts? Are there current protocols and policies the organization has in place? Additionally, what deficiencies exist within the organization's current information assurance policies? What are the potential barriers to implementation of a new information assurance plan?
Milestone Two: Information Security Roles and Responsibilities
In Module Four, you will submit your roles and responsibilities portion of the final project. Who are the key leaders of the organization specific to how their responsibilities are connected to the security of the organization's information? You must also identify key ethical considerations. What are the ramifications of key leaders not properly accounting for ethical and legal considerations? What are the key components of information assurance as they relate to individual roles and responsibilities within the information assurance plan? For example, examine the current policies as they relate to confidentiality, integrity, and availability of information.
Milestone Three: Risk Assessment
In Module Five, you will submit the risk assessment portion of the information assurance plan. You will provide the organization with an assessment of the threat environment and the risks within, as well as methods designed to mitigate these risks. Based on your analysis and evaluation, what are the best approaches for implementing information assurance principles? Where do you see the most areas for improvement to current protocols and policies?
Milestone Four: Statements of Policy
In Module Seven, you will submit your plan pertaining to statements of policy. You will recommend protocols and mitigating factors to the organization. Justify how the disaster response protocols will mitigate the threats to and vulnerabilities of the organization. You will focus on disaster and incident response protocols as well as access control. Assess, your proposed method for maintaining the success of the plan going forward. Justify how your method will ensure the ongoing effectiveness of the information assurance plan.
Attachment:- Introduction_Plan.rar