1. Who needs an Information Security Program?
Prepare a two page briefing paper (5 to 7 paragraphs) which provides background to senior leadership and corporate board for the case study “company.” (Use the case study and provide specific information about “the company”).
In your briefing paper, provide background about the standard is (what it requires) and how the company can benefit from implementing a formally documented information security management system (program). You should also address the standard’s requirements for policies to support the information security program.
Your briefing paper should fully answer the question “Why should our company adopt an ISO/IEC 27001 compliant Information Security Program?”
Provide in-text citations and references for 3 or more authoritative sources. Put the reference list at the end of your posting.
2. Communicating Policies to Employees and Managers
Review the case study and the weekly readings. Use the case study and provide specific information about “the company” in your response.
Prepare a one page briefing statement (3 to 5 paragraphs) for the company’s CISO which presents a strategy for communicating a new “social media” policy to field office employees and managers. This policy will restrict the freedoms that field offices have previously had with respect to establishing and managing their own “branded” social media accounts for marketing and communications about the services offered at each field office.
Consider whether or not your strategy should include:
- Distribution of printed copies of the policies
- Email distribution
- Web links to an internal Website
- Face-to-face briefing of field office staff and managers (with or without Question & Answer session)
- Newsletter
- Other (?)
Provide in-text citations and references for 3 or more authoritative sources. Put the reference list at the end of your posting.
3.Implementing Risk Management Strategies
Choose one of the policy implementation documents from this week’s readings (a) DHS Risk Management Fundamentals OR (b) DoD Cybersecurity Culture and Compliance Initiative.
Using your selected policy implementation document (DHS or DoD), prepare a two page briefing paper (5 to 7 paragraphs) for the senior leadership and corporate board of the case study “company.” (Use the case study and provide specific information about “the company” as appropriate for your briefing).
In your briefing paper, you should address how this type of document can be used to support implementation of specific risk management strategies.
- For the DHS document you should focus on the use of training and doctrine (establishing a specific business process) as a risk management strategy. Discuss the pro’s and con’s of using a single risk management process across all corporate operations.
- For the DoD document you should focus on the use of “culture shift” as a risk management strategy. Discuss the pro’s and con’s of using “culture shift” and “individual responsibility / accountability” as a risk management strategy.
Provide in-text citations and references for 3 or more authoritative sources. Put the reference list at the end of your posting.
