organizational/ industrial assignment – Elite Custom Essays

total 20 page this
All four projects for this course will be completed from the vantage
point of a specific industry and an organization assigned to you by me
as your instructor. Here are the organizations/industries I have to
assign:
1. A research extensive public university in the higher education
sector.
2. A private hospital in the healthcare sector.
3. A public K-12 public school district in the education sector.
4. A private retail bank in the finance sector.
5. A local state municipality in the government sector.
6. A federal defense contractor in the public-private sector.
7. A national commercial retail superstore chain in the private
consumer goods sector.
Project 1: Security Models
Start Here
Security Models
[Music]
You have just taken a position as the chief information security officer
at your organization. John Williams, the chief technology officer and
your new boss, stops at your office door.
‘I know you’re busy, but I’d like you to come by my office when you get
a chance.
Excited about the prospect of something new, you grab a pen and
paper and walk to John’s office.
John says, ‘Thanks for coming over so quickly. I’ll get right to the point.
As the CISO, I’m sure that you’re aware of the recent Office of
Personnel Management breach, and the impact that this has had on
our industry.”
John continues, ‘I’m sure that you also realize the heavy burden on our
department to protect our organization’s assets and information. I
would like to make sure that a similar situation doesn’t happen here.
My first step toward preventive measures is to develop new policies
and procedures that better protect our data.
John sits at his desk and begins typing while he says, ‘That brings me
to why I asked you here. While I begin my review of current policies
and procedures, I would like you to help me by drafting a custom
security plan that best fits our organization.
John continues, ‘You should start by analyzing our security
weaknesses, or vulnerabilities, then continue with reviewing existing
security models and analyzing which attributes are best suited for our
organization. You will look at the pros and cons of each model, which
attributes are best suited for us, and the reasoning behind your
conclusions. You will need to submit your completed report to me with
a drafted security plan in two weeks.
As a new employee, you realize that this is a great opportunity to show
your new boss how you can make a positive contribution to your
organization. You know you have enough time to complete your
analysis if you start right away.
[Music]
Most companies and agencies implement security models to protect
the confidentiality, integrity, and availability (CIA) of information and
data. As security vulnerabilities and threats continue to evolve, security
systems need to adapt to effectively protect data and systems.
This is the first of four sequential projects for this course. In this
project, you will evaluate existing security models and their attributes
and ultimately recommend a custom security plan to your assigned
organization.
You will also evaluate the pros and cons of implementing particular
model attributes based on the type of organization and employees in
relation to CIA.
To complete the project, you will write a report on the importance of
security models in organizations like yours and identify the
vulnerabilities of the organization.
There are 14 steps in this project. Begin by reviewing the project
scenario and then proceed to Step 1.
Competencies
Your work will be evaluated using the competencies listed below.
 5.1: Define and appropriately use basic cybersecurity concepts
and terminology.
 6.2: Create an information security program and strategy, and
maintain alignment of the two.
 7.3: Evaluate enterprise cybersecurity policy.
 9.2: Vulnerability Assessment: Rank the vulnerabilities of a
system from a disaster-management perspective.
Step 1: Review the Assigned Organization
All four projects for this course will be completed from the vantage
point of a specific industry and an organization assigned to you by the
instructor. If you do not know your assigned organization, contact your
instructor immediately. If you want to use another organization than the
one assigned you or one not listed, contact your instructor as well.
Familiarize yourself with the organization and breach your instructor
has assigned by reviewing the details
at https://www.databreaches.net/. The descriptions include an overview
and key information about the organization on the internet, as well as
information about a breach or attempted breach. For the purposes of
this course, you will assume this organization is your employer.
You may wish to briefly research your assigned organization to gather
additional information about the organization and its security posture.
Career Connections
The breach you have been assigned is a matter of historical fact. Your
scholarly research into this matter can and should inform your
approach to cybersecurity management. Your ability to fluently
converse on past cyber breaches is one way of demonstrating to
potential employers that you have the necessary knowledge, skills, and
abilities to be a valuable addition to their team. Take notes as you read
about this breach’feel free to search for other major breaches’and
pay attention to the mistakes that were made that and what actions
were taken afterward. As a part of the interview process, you might be
asked to apply this knowledge to a new situation.
You will use this information throughout the project as you work to
develop a security plan for your organization.
In the next step, you will compile a cybersecurity overview.
Step 2: Write a Cybersecurity Background Summary
In Step 1, you familiarized yourself with your assigned organization.
Now, it is time to write a cybersecurity overview. Write a three-page
background summary that includes a general overview of cybersecurity
and a section on enterprise cybersecurity.
Include the following items in the general overview of cybersecurity:
 Compare and contrast cybersecurity and computer security.
 Discuss data flows across networks. As part of this discussion, it
may help to review the following topics: binary digits,  nontextual
data , ASCII, hexadecimal, computer networks, network devices
and cables, and network protocols.
 Discuss basic cybersecurity concepts and vulnerabilities,
including flaws that can exist in software. As part of this
discussion, it may help to review the following topics: systems,
utilities, and application software, software, interaction of
software, and creating a program.
 Discuss common cybersecurity attacks. Helpful topics
include protocols, web sessions, and security issues, servers and
firewalls, a closer look at the World Wide Web and web markup
language, cyberattacks, and attack vectors.
 Discuss penetration testing.
 Discuss how to employ network forensic analysis tools (NFAT) to
identify software communications vulnerabilities.
Include the following items in the enterprise cybersecurity section:
 List and discuss the major concepts of enterprise cybersecurity,
including confidentiality, integrity, and availability (CIA)
 Discuss the principles that underlie the development of an
enterprise cybersecurity policy framework and implementation
plan.
 List the major types of cybersecurity threats that a modern
enterprise might face.
You will attach this cybersecurity background summary to the security
assessment in a later project step.
Submit the cybersecurity background summary for feedback.
Step 3: Analyze Security Weaknesses
After writing the cybersecurity background summary, you are ready to
analyze the security weaknesses of your assigned organization. When
analyzing cybersecurity weaknesses, there are several areas to
consider.
Analyze the organization’s security from the following perspectives:
1. a technology perspective
2. a people perspective
3. a policy perspective
You will include this information in the security assessment. In the next
step, you will consider risk factors. 
Step 4: Compile a Risk Summary
Now that you have looked at security weaknesses, it’s time to identify
areas that should be improved or strengthened, including potential
risks associated with maintaining the current security posture. Discuss
how you would employ network analysis tools to identify software
communications vulnerabilities. Make sure to include the following
information:
1. Classify risks according to relevant criteria.
2. Explain system and application security threats and
vulnerabilities.
3. Prioritize risks from internal and external sources.
4. Assess the cybersecurity threats faced by your entity.
You will include this information in the security assessment, which you
will compile in the next step.
Step 5: Submit a Security Weakness Assessment
From the information that you gathered in the previous steps, develop
a two-page summary of your organization’s security weaknesses.
Identify threats, risks, and vulnerabilities to achieve a holistic view of
risk across the entity.
Consider areas that should be improved from a technology
perspective, a people perspective, and a policy perspective. Also note
potential risks associated with maintaining the current security posture.
You will reference this security assessment later when you make your
business case and final recommendation.
Submit the security assessment for feedback.
Step 6: Begin a Security Models Summary
Confidentiality, integrity, and availability (CIA triad), as well as
authentication and nonrepudiation, are fundamental security concepts
that must be considered when assessing and developing security
options. Cybersecurity models have been developed to address some
or all of these security concepts.
While these models were generally created to address a specific
business case, each of the models has attributes that could be used to
assemble a custom security plan. In order to draft a custom security
plan for your organization, you will need to understand basic security
models. You will identify key features, weaknesses, and targeted
sectors and/or infrastructures.
In this step and the following step, you will develop a short summary
for each of the security models listed. These reports will serve as an
Appendix A to the final memo and will document the security models
and their attributes in advance of the memo that you will deliver with
your recommended approach.
Each summary should include a descriptive and evaluative paragraph
on the following attributes:
Include the origins of the model (who developed it, when was it
developed, and the context under which it was developed), main
characteristics of the model (details on the business, sector, industry
for whom the model was developed), and key features of the model.
Write summaries for the following common models:
 Bell-LaPadula
 Biba’s Strict Integrity Policy
 Clark-Wilson
 Chinese Wall
When you have completed these summaries, continue to the next step,
where you’ll write a summary for the next four security models.
Step 7: Continue the Security Models Summary
Continue summarizing the various cybersecurity models, as in the
previous step. Again, identify key features, weaknesses, and targeted
sectors/infrastructures and develop a short summary for each of the
security models listed below. These reports will be added to Appendix
A for the final memo and will document the security models and their
attributes in advance of the memo that you will deliver with your
recommended approach.
Each summary should include a descriptive and evaluative paragraph
on the following attributes:
Include the origins of the model (who developed it, when was it
developed, and the context under which it was developed), main
characteristics of the model (details on the business, sector, industry
for whom the model was developed), and key features of the model.
Write summaries for the following models:
 Clinical Information Systems Security
 Noninterference Security
 Deducibility Security
 Graham-Denning
When you have finished both steps and the Security Models Summary,
submit Appendix A for feedback.
Step 8: Analyze the Security Models
Now that you are familiar with existing common security models,
analyze each of the security models that you reviewed in the last two
steps and their attributes against the needs of your organization as
identified in the earlier steps. The information that you gather here will
contribute to your security plan.
In the next step, you will look at features that will work for the
organization.
Step 9: Identify Relevant Model Features
Next, identify features from the models that apply to your assigned
organization’s security needs. Also include any security attributes that
you believe are important for your organization but are not included in
any of the models. The information that you gather here, along with the
information gathered in the previous step, will contribute to the security
plan.
When you are finished, in the next step you will put together a security
plan for the organization.
Step 10: Design a Custom Security Plan
Having completed an assessment of your organization’s security
posture and the analysis of security models, you will now design a
custom security plan for the organization. The custom security plan
should meet the following criteria:
 The security plan should coincide with the organization’s IT
vision, mission, and goals.
 Include an information security program that aligns with business
strategy.
 Incorporate all internal and external business functions within the
organization’s security programs.
 Classify risks according to relevant criteria.
 Prioritize threats from both internal and external sources.
 Rank the most relevant security attributes for the organization
and list them in priority order. This list will serve as Appendix B to
your final assignment.
Submit Appendix B for feedback.
Step 11: Develop a Business Case for Your Organization
With the new security plan written, you will need to develop a business
case for it to include in the memo to the CTO. Using your knowledge of
the organization’s security posture from Step 1 and your understanding
of applicable security model features, make the case for changes to
the organization. Include the rationale for change and any impacts to
the business.
Also include an implementation plan. Describe the present situation in
the organization and the associated risks assumed given the security
weaknesses.
The work you do in this step will become the first of three sections of
the three-page memo in the last step of the project.
In the next step, you will work on another section of the memo, security
models.
Step 12: Identify Security Model Attributes
Next, detail the security model attributes that best apply to the
organization. Identify the model, if any, from which the attributes are
derived and why the attribute applies to the organization.
The work you do in this step will become the second section of the
memo in Step 14.
Assess Security Improvement Potential
Finally, give your best judgment on the potential to improve the security
posture of the organization when your recommendations are
implemented. You will need to evaluate the pros and cons of
implementation in relation to CIA. Discuss the risks and impacts to
include a high-level assessment of financials. Consider how business
continuity and continued alignment will be maintained.
The work you do in this step will become the third section of the memo
in the final step.
Step 14: Develop and Submit a Security Plan
Recommendation Memorandum
Compile the analyses completed in the last three steps into a
memorandum from you to your supervisor. This memo should be three
pages, excluding Appendices A and B, and should clearly articulate the
business case for adopting features from the reviewed security models.
It should include the following:
 a description of the security model attributes
 an assessment of the weaknesses in the organization that the
security features will address
 your rationale for selecting the specific security attributes and
your prognosis of success, noting risks and impacts to include a
high-level assessment of financials
 the policies and procedures that will need to be in place for the
security plan to work
 the infrastructure that will need to be in place for the security
program to operate and to align with each entity within the
organization
 a plan for evaluating the security plan’s effectiveness
Update the appendices according to the feedback received. Submit the
memorandum along with Appendices A and B.
Check Your Evaluation Criteria
Before you submit your assignment, review the competencies below,
which your instructor will use to evaluate your work. A good practice
would be to use each competency as a self-check to confirm you have
incorporated all of them. To view the complete grading rubric, click My
Tools, select Assignments from the drop-down menu, and then click
the project title.
 5.1: Define and appropriately use basic cybersecurity concepts
and terminology.
 6.2: Create an information security program and strategy, and
maintain alignment of the two.
 7.3: Evaluate enterprise cybersecurity policy.
 9.2: Vulnerability Assessment: Rank the vulnerabilities of a
system from a disaster-management perspective.

Prime Paper Help
Calculate your paper price
Pages (550 words)
Approximate price: -

Why Work with Us

Top Quality and Well-Researched Papers

We always make sure that writers follow all your instructions precisely. You can choose your academic level: high school, college/university or professional, and we will assign a writer who has a respective degree.

Professional and Experienced Academic Writers

We have a team of professional writers with experience in academic and business writing. Many are native speakers and able to perform any task for which you need help.

Free Unlimited Revisions

If you think we missed something, send your order for a free revision. You have 10 days to submit the order for review after you have received the final document. You can do this yourself after logging into your personal account or by contacting our support.

Prompt Delivery and 100% Money-Back-Guarantee

All papers are always delivered on time. In case we need more time to master your paper, we may contact you regarding the deadline extension. In case you cannot provide us with more time, a 100% refund is guaranteed.

Original & Confidential

We use several writing tools checks to ensure that all documents you receive are free from plagiarism. Our editors carefully review all quotations in the text. We also promise maximum confidentiality in all of our services.

24/7 Customer Support

Our support agents are available 24 hours a day 7 days a week and committed to providing you with the best customer experience. Get in touch whenever you need any assistance.

Try it now!

Calculate the price of your order

Total price:
$0.00

How it works?

Follow these simple steps to get your paper done

Place your order

Fill in the order form and provide all details of your assignment.

Proceed with the payment

Choose the payment system that suits you most.

Receive the final file

Once your paper is ready, we will email it to you.

Our Services

No need to work on your paper at night. Sleep tight, we will cover your back. We offer all kinds of writing services.

Essays

Essay Writing Service

No matter what kind of academic paper you need and how urgent you need it, you are welcome to choose your academic level and the type of your paper at an affordable price. We take care of all your paper needs and give a 24/7 customer care support system.

Admissions

Admission Essays & Business Writing Help

An admission essay is an essay or other written statement by a candidate, often a potential student enrolling in a college, university, or graduate school. You can be rest assurred that through our service we will write the best admission essay for you.

Reviews

Editing Support

Our academic writers and editors make the necessary changes to your paper so that it is polished. We also format your document by correctly quoting the sources and creating reference lists in the formats APA, Harvard, MLA, Chicago / Turabian.

Reviews

Revision Support

If you think your paper could be improved, you can request a review. In this case, your paper will be checked by the writer or assigned to an editor. You can use this option as many times as you see fit. This is free because we want you to be completely satisfied with the service offered.