you must develop DoD-approved policies and standards for your IT infrastructure

Anonymous
timer Asked: Oct 21st, 2018
account_balance_wallet $175

Question Description

Scenario

You work for a high-tech company with approximately 390 employees. Your firm recently won a large DoD contract, which will add 30% to the revenue of your organization. It is a high-priority, high-visibility project. You will be allowed to make your own budget, project timeline, and tollgate decisions.

This course project will require you to form a team and develop the proper DoD security policies required to meet DoD standards for delivery of technology services to the U.S. Air Force Cyber Security Center (AFCSC), a DoD agency. To do this, you must develop DoD-approved policies and standards for your IT infrastructure (see the “Tasks” section below). The policies you create must pass DoD-based requirements. Currently, your organization does not have any DoD contracts and thus has no DoD-compliant security policies or controls in place.

Your firm's computing environment includes the following:

  • 12 servers running Microsoft Server 2012 R2, providing the following:
    • Active Directory (AD)
    • Domain Name System (DNS)
    • Dynamic Host Configuration Protocol (DHCP)
    • Enterprise Resource Planning (ERP) application (Oracle)
    • A Research and Development (R&D) Engineering network segment for testing, separate from the production environment
    • Microsoft Exchange Server for e-mail
    • Symantec e-mail filter
    • Websense for Internet use
  • Two Linux servers running Apache Server to host your Web site
  • 390 PCs/laptops running Microsoft Windows 7 or Windows 8, Microsoft Office 2013, Microsoft Visio, Microsoft Project, and Adobe Reader
  • Select a team leader for your project group.
  • Create policies that are DoD compliant for the organization’s IT infrastructure.
  • Develop a list of compliance laws required for DoD contracts.
  • List controls placed on domains in the IT infrastructure.
  • List required standards for all devices, categorized by IT domain.
  • Develop a deployment plan for implementation of these polices, standards, and controls.
  • List all applicable DoD frameworks in the final delivery document.
  • Write a professional report that includes all of the above content-related items.
  • I developed a list of compliance laws required for DoD contracts.
  • I listed controls placed on domains in the IT infrastructure.
  • I listed required standards for all devices, categorized by IT domain.
  • I developed DoD policies and standards for our organization’s IT infrastructure.
  • I developed a deployment plan for implementation of these polices, standards, and controls.
  • I listed all applicable DoD frameworks in the final report.
  • I found additional references/resources than those provided.
  • I created an academic paper describing the policies, standards, and controls that would make our organization DoD compliant.
  • I submitted my work by the due date including the PPT slides.

Tasks

You should:


Submission Requirements

  • Format: Microsoft Word
  • Font: Times New Roman, Size 12, Double-Space
  • Citation Style: APA format
  • At least 10 references (including the book)
  • Length10-12 pages (not including title page and references pages)

Self-Assessment Checklist

Tutor Answer

Missmourine
School: Carnegie Mellon University

Kindly us this document as the final answerBest regards

0
DOD APPROVED POLICIES

DOD Approved Policies
Student’s Name
Institutional Affiliation

Policies Manual

Purpose
To establish which DoD Information Security policies apply to ABC123
Communications Inc. and their subsidiaries. This organization has procured a large DoD contract
to build their next generation cyber defense systems. To comply with DoD Best Practice in
regards to Information Security, Information Assurance, and Data at Rest we must re-examine
our current standards to ensure we can safeguard any DoD data on our systems.

Policy Statement
The IT Security Awareness Training program is mandatory for all ABC123
Communications Inc. Inc. employees, contractors, and vendors. This policy supersedes all
previous policies pertaining to the use of ABC123 Communications network services, devices,
and attached peripherals (Andrew Shulman, Workplace Surveillance Project, July 9, 2001).
This change is part of a DoD contract that is being negotiated. In order to be fully considered it is
imperative that our information systems be in compliance with their standards, this falls under
DoD directive 8570.
Authority, Responsibility, and Duties
The National Institute of Standards and Technology (NIST) Information Standard
Organization (ISO 17799:2005) requires the ABC123 Communications Inc. to establish a
baseline for IT security controls, which will allow the ABC123 Communications Inc to
accomplish its mission in a safe and secure environment. The ABC123 Communications Inc is
instituting a Security Awareness Training program for all ABC123 Communications Inc.
employees, student, vendors, contractors, and business partners to comply with this standard.

1

Policies Manual
The Office of ABC123 Communications Inc. Technology and Human Resources shall:
1. Provide, implement and maintain ongoing Training on Security awareness regarding
information technology by utilizing different delivery techniques in sessions of awareness, using
email distribution for communications of security awareness and finally publish a web site aimed
at promoting and reinforcing Policies of ABC123 Communication Inc., employee roles and good
security practices,
2. Monitor compliance and establish accountability by doing implementation of a tracking
system that is automated so as to capture key information concerning the activity of a program.
(i.e certificates, courses, attendance and others)
3. To address deployment method (for example offsite, web-based, onsite), quality, level of
difficulty, ease of use, currency, relevancy, suggestion for modification and duration of session,
Implement formal evaluation and feedback mechanism.
Administrators, Staff: Contractors, Vendors, and Business Partners who use
ABC123 Communications Inc. IT systems will be required to:
1. Do a completion of the yearly online training on security awareness in every twelve (12)
months. Completion of the course on Security Awareness Training is a requirement
within 30 days since the date they were hired or before allowed access to the ABC123
Communications information technology systems and data.
2. As a way of acknowledging that they have become aware of the security best practices,
their responsibilities in the protection of the ABC123 Communication’s information
technology data and systems, sign an "Acceptable Use Policy and IT Acceptable Use
Standards and User Acknowledgement Agreement". Without this agreement, access to
ABC123 Communications Inc. computer technology will be denied.

2

Policies Manual

Employees (i.e. full-time, part-time, and contractor) are required to:
1. Prior to receiving access to the ABC123 Communication’s IT data and system, ensure
completion of the online Security Awareness Training course.
2. As a way of acknowledging that they have become aware of the security best practices,
their responsibilities in the protection of the ABC123 Communication’s information
technology data and systems, sign an "Acceptable Use Policy and IT Acceptable Use
Standards and User Acknowledgement Agreement".
Supervisors, Managers, Deans, and Directors are required to:
1. Make sure every employee under her/his supervision has availed himself or herself and
completed the Training on security awareness and are supposed to make sure to include
the training as part of the evaluation of the employee’s annual performance.
2. In the personnel department file, maintain a record of every employee’s Security
Awareness Training Certificate. Also, forward a copy of the employee’s certificate to the
department of Human Resource for purposes of the employee’s personal file.

Definitions
A. Information Assets are defined as (1) All categories of automated information, including
(but not limited to) records, files, and data bases; and (2) information technology facilities,
equipment (including personal computer systems), and software owned or leased by the
ABC123 Communications Inc.. This includes all ABC123 Communications Inc. IT systems and
data.

3

Policies...

flag Report DMCA
Review

Anonymous
Tutor went the extra mile to help me with this essay. Citations were a bit shaky but I appreciated how well he handled APA styles and how ok he was to change them even though I didnt specify. Got a B+ which is believable and acceptable.

Similar Questions
Hot Questions
Related Tags
Study Guides

Brown University





1271 Tutors

California Institute of Technology




2131 Tutors

Carnegie Mellon University




982 Tutors

Columbia University





1256 Tutors

Dartmouth University





2113 Tutors

Emory University





2279 Tutors

Harvard University





599 Tutors

Massachusetts Institute of Technology



2319 Tutors

New York University





1645 Tutors

Notre Dam University





1911 Tutors

Oklahoma University





2122 Tutors

Pennsylvania State University





932 Tutors

Princeton University





1211 Tutors

Stanford University





983 Tutors

University of California





1282 Tutors

Oxford University





123 Tutors

Yale University





2325 Tutors