Part 1: Developing Comprehensive Organizational Strategy for Information Assurance

Throughout this course, you explored perspectives on ways to develop an organizational strategy for information assurance. In order to be successful, the strategy needs to be designed and implemented as a whole. Now it is time to integrate your learning from previous units.

To prepare for this Project, apply “The Process” you followed for the Unit 4 Project and continue to reference the fictitious organization you have developed for earlier Project assignments. You will need to state your assumptions and create sample data for this fictional case. Create outlines, tables, or diagrams, as needed, to convey the high-level security plan for the organization.

Write a 3- to 5-page paper about a comprehensive organizational strategy for information assurance for your organization. Include the following points:

• Determine what questions regarding different key areas of security are important to have answered, and then describe what is measured, how data for measurement is gathered, and how results are calculated.
• Develop 4–5 examples of strategic metrics that demonstrate the key areas of security for the organization.
• Generate sample data that will be displayed graphically in part 2 of this unit’s Project.

Note:One of the strategic metrics should be related to the IAM Project (from Units 3–6) showing how deployment of an IAM tool and new processes enabled important business functionality. The other 3–4 examples should come from the operational metrics you developed in Unit 7.

Use the following rubric to estimate your grade on this part of the assignment: Rubric for Unit 8 Project Part 1

Return to top

Part 2: Creating Presentation for Comprehensive Organizational Strategy for Information Assurance

Developing a strategy is not enough; as a professional you need to present your strategy to the important stakeholders to get their support and approval for resources. A very good strategy, if poorly communicated, may not receive top management support for implementation.

For this part of the Project, create a PowerPoint presentation (5–7 slides) that shows a well-developed information assurance strategy, one that covers “The Process” well (Brotby, 2009, pp. 100–104). Use graphical representations to show how the organization is achieving its goals or at least trending that way. Incorporate your sample data from part 1 of the Project in this unit as your graphical representation.

Note:This presentation should be a high-level PowerPoint presentation, aimed at executives—most of whom are from outside the IT department—showing key areas of security and how well they are managed. The presentation should consist of one slide per metric, with a very basic graphical representation, using the best practices suggested in Jaquith (2007). Include the oral script for your presentation in the notes section for each of the slides.

 

Readings

• Brotby, K. (2009).Information security governance: A practical development and implementation approach. Hoboken, NJ: Wiley.
  • Chapter 5, “Strategic Metrics”In this chapter you are introduced to the strategic requirements for security. You will examine strategic aspects of IT security governance and how to address them.
  • Chapter 12, “Implementing Strategy”In this chapter you are introduced to the process of implementing a strategy. You explore ways to translate a strategy into a series of actionable items.
• Jaquith, A. (2007).Security metrics: Replacing fear, uncertainty, and doubt. Upper Saddle River, NJ: Pearson.
  • Chapter 8, “Designing Security Scorecards”In this chapter you are introduced to the concept of defining metrics. You will examine ways to apply “The Balanced Scorecard” to align information security with business objectives.