Assignment task: In the "Benchmark - Impact Analysis Part 1: Information Acquisition" assignment, you wrote a compliance report to the CIO from a legal standpoint. In this part of the impact analysis, you will gauge and evaluate your chosen organization's current state of security and protection protocols and mechanisms.
Write a 1,250- to 1,500-word report that will be reviewed by the CIO and System Security Authority (SSA), addressing the following:
1. Identify gaps when security measures fail, challenges, and opportunities for improvement by conducting a thorough audit.
2. Examine concepts of privacy and the effects the internet has on privacy.
3. Identify the industry-specific cyber laws in relation to inquiries and incidents to obtain data and evidence.
4. Assess the critical information infrastructure and determine the configuration of physical assets, logical controls, data storage and encryption, firewalls, servers, routers, switches, hubs, and so forth to be compliant.
5. Identify at least ten key auditable elements that would help determine the current state of the organization's cybersecurity posture. Explain the relevance of each element to the security and protection protocols and mechanisms.
6. Indicate the legal elements and liability (costs) that the industry may encounter for noncompliance.