Information Assurance

Anonymous
timer Asked: Nov 6th, 2016

Question description

I need someone to complete Milestone one of the attached PDF. I need this completed in 4 hours.

IT 549 Final Project Guidelines and Rubric Overview The final project for this course is the creation of a functional information assurance plan. The effective management of information and protection of pertinent data is essential for leveraging the required knowledge to serve customers and stakeholders on a continuous basis. Employing information assurance best practices will ensure a firm is able to eliminate hierarchical structures, become more flat, and have greater customer touch points by leveraging the correct information at the right time. Successful firms will maintain an established information assurance plan and posture that are reviewed on a weekly basis. This assessment will consist of the creation of a functional information assurance plan. You will review a real-world business scenario in order to apply information assurance research and incorporate industry best practices to your recommendations for specific strategic and tactical steps. These skills are crucial for you to become a desired asset to organizations seeking industry professionals in the information assurance field. The project is divided into four milestones, which will be submitted at various points throughout the course to scaffold learning and ensure quality final submissions. These milestones will be submitted in Modules Two, Four, Five, and Seven. The final product will be submitted in Module Nine. In this assignment, you will demonstrate your mastery of the following course outcomes:       Assess confidentiality, integrity, and availability of information in a given situation for their relation to an information assurance plan Propose appropriate protocols for incident and disaster responses and managing security functions that adhere to best practices for information assurance Analyze threat environments using information assurance research and industry best practices to inform network governance Recommend strategies based on information assurance best practices for maintaining an information assurance plan Evaluate the appropriateness of information assurance decisions about security, access controls, and legal issues Assess applicable threats and vulnerabilities related to information assurance to determine potential impact on an organization and mitigate associated risks Prompt Your information assurance plan should answer the following prompt: Review the scenario and create an information assurance plan for the organization presented in the scenario. Specifically, the following critical elements must be addressed in your plan: I. Information Assurance Plan Introduction a) Provide a brief overview of the goals and objectives of your information assurance plan, including the importance of ensuring the confidentiality, integrity, and availability of information. What are the benefits of creating and maintaining an information assurance plan around those key concepts? b) Assess the confidentiality, integrity, and availability of information within the organization. c) Evaluate the current protocols and policies the organization has in place. What deficiencies exist within the organization’s current information assurance policies? What are the potential barriers to implementation of a new information assurance plan? II. Information Security Roles and Responsibilities a) Analyze the role of the key leaders within the organization specific to how their responsibilities are connected to the security of the organization’s information. What is the relationship between these roles? b) Evaluate key ethical and legal considerations related to information assurance that must be taken into account by the key leaders within the organization. What are the ramifications of key leaders not properly accounting for ethical and legal considerations? c) What are the key components of information assurance as they relate to individual roles and responsibilities within the information assurance plan? For example, examine the current policies as they relate to confidentiality, integrity, and availability of information. III. Risk Assessment a) Analyze the environment in which the organization operates, including the current protocols and policies in place related to information assurance. b) Evaluate the threat environment of the organization. c) Based on your analysis and evaluation, what are the best approaches for implementing information assurance principles? Where do you see the most areas for improvement to current protocols and policies? d) Assess the threats and vulnerabilities of the organization by creating a risk matrix to outline the threats and vulnerabilities found and determine possible methods to mitigate the identified dangers. IV. Statements of Policy a) Develop appropriate incident response protocols to respond to the various threats and vulnerabilities identified within the organization. b) Justify how the incident response protocols will mitigate the threats to and vulnerabilities of the organization. Support your justification with information assurance research and best practices. c) Develop appropriate disaster response protocols to respond to the various threats and vulnerabilities identified within the organization. d) Justify how the disaster response protocols will mitigate the threats to and vulnerabilities of the organization. Support your justification with information assurance research and best practices. e) Develop appropriate access control protocols that provide an appropriate amount of protection while allowing users to continue to operate without denial of service. f) Justify your access control protocols. Support your justification with information assurance research and best practices. g) Recommend a method for maintaining the information assurance plan once it has been established. h) Justify how your maintenance plan will ensure the ongoing effectiveness of the information assurance plan. Support your justification with information assurance research and best practices. V. Conclusion a) Summarize the need for an information assurance plan for the selected organization, including the legal and ethical responsibilities of the organization to implement and maintain an appropriate information assurance plan. b) Defend the key elements of your information assurance plan, including which members of the organization would be responsible for each element. Milestones Milestone One: Information Assurance Plan Introduction In Module Two, you will submit your introduction to the information assurance plan. This section of the plan will provide the overview of the current state of the organization. Provide a brief overview of the goals and objectives of your information assurance plan, including the importance of ensuring the confidentiality, integrity, and availability of information. What are the benefits of creating and maintaining an information assurance plan around those key concepts? Are there current protocols and policies the organization has in place? Additionally, what deficiencies exist within the organization’s current information assurance policies? What are the potential barriers to implementation of a new information assurance plan? This milestone is graded with the Milestone One Rubric. Milestone Two: Information Security Roles and Responsibilities In Module Four, you will submit your roles and responsibilities portion of the final project. Who are the key leaders of the organization specific to how their responsibilities are connected to the security of the organization’s information? You must also identify key ethical considerations. What are the ramifications of key leaders not properly accounting for ethical and legal considerations? What are the key components of information assurance as they relate to individual roles and responsibilities within the information assurance plan? For example, examine the current policies as they relate to confidentiality, integrity, and availability of information. This milestone is graded with the Milestone Two Rubric. Milestone Three: Risk Assessment In Module Five, you will submit the risk assessment portion of the information assurance plan. You will provide the organization with an assessment of the threat environment and the risks within, as well as methods designed to mitigate these risks. Based on your analysis and evaluation, what are the best approaches for implementing information assurance principles? Where do you see the most areas for improvement to current protocols and policies? This milestone is graded with the Milestone Three Rubric. Milestone Four: Statements of Policy In Module Seven, you will submit your plan pertaining to statements of policy. You will recommend protocols and mitigating factors to the organization. Justify how the disaster response protocols will mitigate the threats to and vulnerabilities of the organization. You will focus on disaster and incident response protocols as well as access control. Assess, your proposed method for maintaining the success of the plan going forward. Justify how your method will ensure the ongoing effectiveness of the information assurance plan. This milestone is graded with the Milestone Four Rubric. Final Submission: Information Assurance Plan In Module Nine, you will submit your information assurance plan. It should be a complete, polished artifact containing all of the critical elements of the final product. It should reflect the incorporation of feedback gained throughout the course. This submission will be graded with the Final Product Rubric. Deliverables Milestone Deliverable Module Due Grading 1 Information Assurance Plan Introduction Two Graded separately; Milestone One Rubric 2 Four Graded separately; Milestone Two Rubric 3 Information Security Roles and Responsibilities Risk Assessment Five Graded separately; Milestone Three Rubric 4 Statements of Policy Seven Graded separately; Milestone Four Rubric Final Submission: Information Assurance Plan Nine Graded separately; Final Product Rubric Final Product Rubric Guidelines for Submission: Your information assurance plan should adhere to the following formatting requirements: 10–12 pages, double-spaced, using 12point Times New Roman font and one-inch margins. Use discipline-appropriate citations. Instructor Feedback: This activity uses an integrated rubric in Blackboard. Students can view instructor feedback in the Grade Center. For more information, review these instructions. Critical Elements Overview of Goals and Objectives Confidentiality, Integrity, and Availability of Information Exemplary (100%) Meets “Proficient” criteria and quality of overview establishes expertise in the discipline Proficient (90%) Provides a brief but comprehensive overview of the goals and objectives of the information assurance plan, including the importance of ensuring the confidentiality, integrity, and availability of information and the benefits of creating and maintaining an information assurance plan Meets “Proficient” criteria and Accurately assesses the demonstrates a nuanced confidentiality, integrity, and understanding of key information availability of information within assurance concepts the organization Current Protocols and Policies Meets “Proficient” criteria and demonstrates deep insight into complex deficiencies and barriers to implementation of a new information assurance plan Logically evaluates the current protocols and policies in place, including deficiencies that currently exist and potential barriers to implementation of a new information assurance plan Responsibilities of Key Leaders Meets “Proficient” criteria and demonstrates a nuanced understanding of the relationship between these roles and information security Analyzes the role of the key leaders within the organization specific to how their responsibilities are connected to the security of the organization’s information Needs Improvement (70%) Provides a brief overview of the goals and objectives of the information assurance plan but does not include the importance of ensuring the confidentiality, integrity, and availability of information or the benefits of creating and maintaining an information assurance plan Not Evident (0%) Does not provide a brief overview of the goals and objectives of the information assurance plan Value 4 Assesses the confidentiality, integrity, and availability of information within the organization but some elements of the assessment may be illogical or inaccurate Evaluates the current protocols and policies in place but does not address the deficiencies that currently exist or potential barriers to implementation of a new information assurance plan, or evaluation is illogical Analyzes the role of the key leaders within the organization but misses key roles or aspects of responsibilities specific to the security of the organization’s information Does not assess the confidentiality, integrity, and availability of information within the organization 5 Does not evaluate the current protocols and policies in place 4 Does not analyze the role of the key leaders within the organization 5 Key Ethical and Legal Meets “Proficient” criteria and Considerations provides complex or insightful reflection of the ramifications of key leaders not properly accounting for ethical and legal considerations Key Components of Information Assurance Meets “Proficient” criteria and demonstrates a nuanced understanding of how each key component identified impacts each individual’s role and responsibility Analysis of Environment Meets “Proficient” criteria and demonstrates unique or insightful reflection of current protocols and policies Threat Environment Meets “Proficient” criteria and demonstrates deep insight into hidden or complex threats or vulnerabilities Best Approaches Meets “Proficient” criteria and demonstrates unique or insightful reflection regarding areas for improvement Accurately evaluates key ethical and legal considerations related to information assurance that must be taken into account by the key leaders within the organization, including the ramifications of key leaders not properly accounting for ethical and legal considerations Evaluates ethical and legal considerations related to information assurance that must be taken into account by the key leaders within the organization but does not include the ramifications of key leaders not properly accounting for ethical and legal considerations, or evaluation is inaccurate Comprehensively addresses Addresses components of components of information information assurance as they assurance as they relate to relate to individual roles and individual roles and responsibilities within the responsibilities within the information assurance plan but information assurance plan does not address confidentiality, integrity, and/or availability of information Logically analyzes the Analyzes the environment in environment in which the which the organization operates organization operates, including but does not include the current the current protocols and policies protocols and policies in place in place related to information related to information assurance assurance Accurately analyzes the threat Evaluates the threat environment environment of the organization of the organization but misses crucial threats or vulnerabilities, or the evaluation is inaccurate Comprehensively discusses best Discusses best approaches for approaches for implementing implementing information information assurance principles, assurance principles, but does including areas of improvement not fully develop ideas related to to current protocols and policies areas of improvement to current protocols and policies Does not evaluate ethical and legal considerations related to information assurance that must be taken into account by the key leaders within the organization 5 Does not address any components of information assurance as they relate to individual roles and responsibilities within the information assurance plan 5 Does not analyze the environment in which the organization operates 5 Does not evaluate the threat environment of the organization 5 Does not discuss best approaches for implementing information assurance principles 5 Risk Matrix Incident Response Protocols Justification of Incident Response Protocols Disaster Response Protocols Justification of Disaster Response Protocols Meets “Proficient” criteria and demonstrates deep insight into hidden or complex threats or vulnerabilities and possible methods to mitigate the identified dangers Creates a risk matrix to comprehensively and accurately assess the threats to and vulnerabilities of the organization, including possible methods to mitigate the identified dangers Develops appropriate incident response protocols to respond to the various threats and vulnerabilities identified Creates a risk matrix to assess the threats to and vulnerabilities of the organization but does not include possible methods to mitigate the identified dangers, or assessment is incomplete or inaccurate Meets “Proficient” criteria and Develops incident response provides secondary incident protocols to respond to the response protocols in the event various threats and that primary protocols fail vulnerabilities identified, but they are not all appropriate or do not respond to all the threats and vulnerabilities Meets “Proficient” criteria and Logically justifies how the Justifies how the incident provides unique or insightful incident response protocols will response protocols will mitigate reflection into the dangers of not mitigate the threats to and the threats to and vulnerabilities providing for adequate incident vulnerabilities of the organization of the organization with minimal response protocols with support from information support from information assurance research and best assurance research and best practices practices, or justification is illogical Meets “Proficient” criteria and Develops appropriate disaster Develops disaster response demonstrates deep insight into response protocols to respond to protocols to respond to the responding to hidden or complex the various threats and various threats and threats or vulnerabilities vulnerabilities identified vulnerabilities identified, but they are not all appropriate or do not respond to all the threats and vulnerabilities Meets “Proficient” criteria and Logically justifies how the Justifies how the disaster provides unique or insightful disaster response protocols will response protocols will mitigate reflection into the dangers of not mitigate the threats to and the threats to and vulnerabilities providing for adequate disaster vulnerabilities of the organization of the organization with minimal response protocols with support from information support from information assurance research and best assurance research and best practices practices, or justification is illogical Does not create a risk matrix to assess the threats to and vulnerabilities of the organization 5 Does not develop incident response protocols 5 Does not justify how the incident response protocols will mitigate the threats and vulnerabilities to the organization 5 Does not develop disaster response protocols 4 Does not justify how the disaster response protocols will mitigate the threats to and vulnerabilities of the organization 5 Access Control Protocols Meets “Proficient” criteria and demonstrates unique or insightful reflection into appropriate protocols Develops appropriate access control protocols that provide an appropriate amount of protection while allowing users to continue to operate without denial of service Justification of Access Meets “Proficient” criteria and Logically justifies the access Control Protocols provides unique or insightful control protocols with support reflection into the dangers of not from information assurance providing for adequate access research and best practices control protocols Method for Meets “Proficient” criteria and Recommends a comprehensive Maintaining the provides an established interval method for maintaining the Information for the recommended information assurance plan once Assurance Plan maintenance actions it has been established Develops access control protocols, but they do not provide an appropriate amount of protection while allowing users to continue to operate without denial of service Justifies the access control protocols with minimal support from information assurance research and best practices, or justification is illogical Recommends a method for maintaining the information assurance plan once it has been established but recommendations are not fully developed Justification of Meets “Proficient” criteria and Logically justifies how the Justifies how the maintenance Maintenance Plan provides insight into the dangers maintenance plan will ensure the plan will ensure the ongoing of not providing for an adequate ongoing effectiveness of the effectiveness of the information maintenance plan information assurance plan with assurance plan with minimal support from information support from information assurance research and best assurance research and best practices practices or justification is illogical Summary of Need for Meets “Proficient” criteria and Concisely summarizes the need Summarizes the need for an Information demonstrates a nuanced for an information assurance information assurance plan but Assurance Plan understanding of the need for an plan, including the legal and does not include the legal and information assurance plan ethical responsibilities of the ethical responsibilities of the organization to implement and organization to implement and maintain an appropriate maintain an appropriate information assurance plan information assurance plan or is not concise Defense of Key Meets “Proficient” criteria and Strongly defends key elements of Defends key elements of the Elements of demonstrates a nuanced the information assurance plan, information assurance plan but Information understanding of which members including which members of the does not include which members Assurance Plan of the organization should be organization would be of the organization would be responsible for each element responsible for each element and responsible for each element, or who should be contacted in the defense is weak event of an incident Does not develop access control protocols 4 Does not justify the access control protocols 5 Does not recommend a method for maintaining the information assurance plan once it has been established 5 Does not justify how the maintenance plan will ensure the ongoing effectiveness of the information assurance plan 5 Does not summarize the need for an information assurance plan 5 Does not defend elements of the information assurance plan 5 Articulation of Response Submission is free of errors Submission has no major errors related to citations, grammar, related to citations, grammar, spelling, syntax, and organization spelling, syntax, or organization and is presented in a professional and easy-to-read format Submission has major errors related to citations, grammar, spelling, syntax, or organization that negatively impact readability and articulation of main ideas Submission has critical errors related to citations, grammar, spelling, syntax, or organization that prevent understanding of ideas Earned Total 4 100%

Tutor Answer

(Top Tutor) Studypool Tutor
School: New York University
Studypool has helped 1,244,100 students
flag Report DMCA
Similar Questions
Hot Questions
Related Tags
Study Guides

Brown University





1271 Tutors

California Institute of Technology




2131 Tutors

Carnegie Mellon University




982 Tutors

Columbia University





1256 Tutors

Dartmouth University





2113 Tutors

Emory University





2279 Tutors

Harvard University





599 Tutors

Massachusetts Institute of Technology



2319 Tutors

New York University





1645 Tutors

Notre Dam University





1911 Tutors

Oklahoma University





2122 Tutors

Pennsylvania State University





932 Tutors

Princeton University





1211 Tutors

Stanford University





983 Tutors

University of California





1282 Tutors

Oxford University





123 Tutors

Yale University





2325 Tutors