Assignment:
Assignment Description
Using ISO 27002 Controls as a guide and utilizing supporting industry publications, prepare a business plan in 2,000 words to confront 3 management and 3 technical risks and vulnerabilities. Use APA standards and at least 5 references.
Each of your Individual Projects from will serve as a part of the Key Assignment in the final two units of the course.
Assignment Details
Assessing risk is paramount when considering management and technical strategies to protect enterprise information and communication technology (ICT) systems. Organizations such as the International Organization for Standardization (ISO) have crafted frameworks such as ISO 27002, which is an international standard that identifies practices for an information security management system (ISMS) program.
For this assignment, and after reviewing the 14 techniques outlined in ISO 27002, perform research and write a business plan to incorporate 3 managerial and 3 technical examples of building and maintaining an effective ISMS program. This assignment is not an essay but rather, a business plan on implementing key considerations and the value of ISMS options. Provide real-world examples outlining practices that were implemented and whether they have been effective or ineffective. If not effective, how did the measures fail, and how can your business plan overcome lessons learned?
ISO 27002 Controls
1. Information Security Policy
2. Organizing of Information Security
3. Human Resources Security
4. Asset Management
5. Access Control
6. Cryptography
7. Physical and Environmental Security
8. Operational Security
9. Communications Security
10. System Acquisition, Development, and Maintenance
11. Suppliers Relationships
12. Information Security Incident Management
13. Information Security Aspects of Business Continuity Management
14. Compliance
Please submit your assignment.
For assistance with your assignment, please use your text, Web resources, and all course materials.
Reading Assignment
Unit 1 Reading Materials
• Click on this link to read a discussion of board involvement in cybersecurity risk management and program strategy.
• Click on this link to read the contents of ISO/IEC 27002: 2013. It is a narrative and description of the 14 ISO 27002controls.
• This article discusses the four steps toKey Performance Indicators and Key Risk Indicators. Click here to read the article.
• This article examines five recommendations for effective risk management. Click on this link to read the article.
Assignment Objectives
• Examine cybersecurity from a technical and managerial perspective.