Assignment 1: Developing the Corporate Strategy for Information Security
Due Week 4 and worth 100 points
Imagine that you are working for a startup technology organization that has had overnight success. The organization’s immediate growth requires for it to formulate a corporate strategy for information security. You have been recruited to serve as part of a team that will develop this strategy.
As part of the Information Security Strategy development, you are required to define specific Information Technology Security roles that will optimize and secure the organization’s data assets.
Write a five to seven (5-7) page paper in which you do the following, based on the scenario described below:
1. The Chief Information Security Officer (CISO) is responsible for several functions within an organization.
a. Examine three (3) specific functions a CISO and provide examples of when a CISO would execute these functions within the
b. Specify at least three (3) competencies that the CISO could perform using the provided Website titled, “ Information Technology
(IT) Security Essential Body of Knowledge (EBK): A Competency and Functional Frame-work for IT Security Workforce
2. The Chief Information Officer (CIO) is responsible for several accountability functions within an organization:
a. Identify at least four (4) functions of the CIO using the EBK as a guide. Provide examples of how the CIO would execute these
functions within an organization.
b. Classify at least two (2) security assurances that could be achieved by the CIO developing a formal security awareness, training,
and educational program.
c. Suggest methods, processes, or technologies that can be used by the CIO to certify the security functions and data assets of an
organization on a day-to-day basis.
3. Describe how the digital forensics function complements the overall security efforts of the organization.
4. Evaluate the operational duties of digital forensic personnel and how these help qualify the integrity of forensic investigations within the enterprise and industry.
5. List at least three (3) technical resources available to the digital forensics professional to perform forensic audits and investigations.
6. Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.
Your assignment must follow these formatting requirements:
- Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.
- Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.
The specific course learning outcomes associated with this assignment are:
- Describe and apply the 14 areas of common practice in the Department of Homeland Security (DHS) Essential Body of Knowledge.
- Describe best practices in cybersecurity.
- Identify and analyze the role of the Chief Information Officer, Information Security Officer, and IT Security Compliance Officer in the context of cybersecurity.
- Compare and contrast the functional roles of an organization in the context of cybersecurity.
- Describe the corollary roles of security in an enterprise.
- Evaluate the ethical concerns inherent in cybersecurity and how these concerns affect organizational policies.
- Use technology and information resources to research issues in cybersecurity.
- Write clearly and concisely about topics associated with cybersecurity using proper writing mechanics and technical style conventions.