Policy Case Study
Congratulations! You have just been hired by a major
security consulting firm that has recently won several contracts to support
chief information security officers (CISOs) in the Washington, DC, area. As
part of your first consulting assignment, you have been asked to research and
write a short case study (three pages) in which you discuss the legal
environment (i.e., policies, regulations, and laws) and its impact upon how an
organization (e.g., business, government agency, nonprofit) ensures the
confidentiality, integrity, and availability of information and information
systems. You have one week to complete your assignment.
The immediate audience for your case study is a group of
senior managers (stakeholders) in a client organization who are not familiar
with information security laws and practices. These managers need a brief
overview of the legal environment to assist them in reviewing and commenting upon
a new governance policy for their organization’s information security program.
Your case study should be general enough, however, that it can be reused with
Your supervisor has also given you a “heads up” about a
trap that previous consultants have missed when completing similar work for
other clients: the termpolicy has two meanings that you must address: (a)
government policies (e.g., those issued by federal, state, local, or tribal
governments) and (b) organizational policies(e.g., those written to guide an
organization’s compliance with laws, regulations, and policies).
Remember to cite your sources in APA format and use only
authoritative/scholarly sources such as journal articles, books, government
documents, and other industry publications (e.g., trade journals or magazines
for health care or security professionals). The title page and list of
references are not included in the required page count.