Assignment 1: Developing the Corporate Strategy for Information Security 

 100 points

Imagine that you are working for a startup technology organization that has had overnight success. The organization’s immediate growth requires for it to formulate a corporate strategy for information security.  You have been recruited to serve as part of a team that will develop this strategy.

As part of the Information Security Strategy development, you are required to define specific Information Technology Security roles that will optimize and secure the organization’s data assets.

Review the followingWebsitetitled “Information Technology (IT) Security Essential Body of Knowledge (EBK): A Competency and Functional Frame-work for IT Security Workforce Development” for additional information necessary to complete this assignment. 

Write a five to seven (5-7) page paper in which you do the following, based on the scenario described below:

 

1. The Chief Information Security Officer (CISO) is responsible for several functions within an organization.

     a. Examine three (3) specific functions a CISO and provide examples of when a CISO would execute these functions within the 

         organization.

     b. Specify at least three (3) competencies that the CISO could perform using the provided Website titled, “ Information Technology 

         (IT) Security Essential Body of Knowledge (EBK): A Competency and Functional Frame-work for IT Security Workforce 

         Development.”

2. The Chief Information Officer (CIO) is responsible for several accountability functions within an organization:

     a. Identify at least four (4) functions of the CIO using the EBK as a guide. Provide examples of how the CIO would execute these 

         functions within an organization. 

     b. Classify at least two (2) security assurances that could be achieved by the CIO developing a formal security awareness, training, 

         and educational program.

     c. Suggest methods, processes, or technologies that can be used by the CIO to certify the security functions and data assets of an 

         organization on a day-to-day basis.

 

3. Describe how the digital forensics function complements the overall security efforts of the organization.

 

4. Evaluate the operational duties of digital forensic personnel and how these help qualify the integrity of forensic investigations within the enterprise and industry.

 

5. List at least three (3) technical resources available to the digital forensics professional to perform forensic audits and investigations. 

 

6. Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources. 

Your assignment must follow these formatting requirements:

 

• Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.
• Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length

 

 

 

Unacceptable Meets
Minimum
Expectations Fair Proficient Exemplary Below 60% F 60-69% D 70-79% C 80-89% B 90-100% A Did not submit or
incompletely
examined three (3)
specific functions a
CISO; did not
submit or
incompletely
provided examples
of when a CISO
would execute
these functions
within the
organization. Insufficiently
examined three
(3) specific
functions a
CISO;
insufficiently
provided
examples of
when a CISO
would execute
these functions
within the
organization. Partially
examined three
(3) specific
functions a
CISO; partially
provided
examples of
when a CISO
would execute
these functions
within the
organization. Satisfactorily
examined three
(3) specific
functions a
CISO;
satisfactorily
provided
examples of
when a CISO
would execute
these functions
within the
organization. Thoroughly
examined three
(3) specific
functions a
CISO;
thoroughly
provided
examples of
when a CISO
would execute
these functions
within the
organization. 1b. Specify at least
three (3) competencies
that the CISO could
perform using the
provided website titled,
“Information
Technology (IT)
Security Essential
Body of Knowledge
(EBK): A Competency
and Functional Framework for IT Security
Workforce
Development.”
Weight: 10% Did not submit or
incompletely
specified at least
three (3)
competencies that
the CISO could
perform using the
provided website
titled, “Information
Technology (IT)
Security Essential
Body of
Knowledge (EBK):
A Competency and
Functional Framework for IT
Security Workforce
Development.” Insufficiently
specified at least
three (3)
competencies
that the CISO
could perform
using the
provided
website titled,
“Information
Technology (IT)
Security
Essential Body
of Knowledge
(EBK): A
Competency
and Functional
Frame-work for
IT Security
Workforce
Development.” Partially
specified at least
three (3)
competencies
that the CISO
could perform
using the
provided website
titled,
“Information
Technology (IT)
Security
Essential Body
of Knowledge
(EBK): A
Competency and
Functional
Frame-work for
IT Security
Workforce
Development.” Satisfactorily
specified at
least three (3)
competencies
that the CISO
could perform
using the
provided
website titled,
“Information
Technology (IT)
Security
Essential Body
of Knowledge
(EBK): A
Competency
and Functional
Frame-work for
IT Security
Workforce
Development.” Thoroughly
specified at least
three (3)
competencies
that the CISO
could perform
using the
provided website
titled,
“Information
Technology (IT)
Security
Essential Body
of Knowledge
(EBK): A
Competency
and Functional
Frame-work for
IT Security
Workforce
Development.” 2a. Identify at least
four (4) functions of the
CIO using the EBK as
a guide. Provide
examples of how the
CIO would execute
these functions within
an organization. Did not submit or
incompletely
identified at least
four (4) functions
of the CIO using
the EBK as a
guide; did not
submit or
incompletely
provided examples
of how the CIO
would execute
these functions
within an
organization. Insufficiently
identified at
least four (4)
functions of the
CIO using the
EBK as a guide;
insufficiently
provided
examples of
how the CIO
would execute
these functions
within an
organization. Partially
identified at least
four (4) functions
of the CIO using
the EBK as a
guide; partially
provided
examples of how
the CIO would
execute these
functions within
an organization. Satisfactorily
identified at
least four (4)
functions of the
CIO using the
EBK as a guide;
satisfactorily
provided
examples of
how the CIO
would execute
these functions
within an
organization. Thoroughly
identified at least
four (4) functions
of the CIO using
the EBK as a
guide;
thoroughly
provided
examples of how
the CIO would
execute these
functions within
an organization. Did not submit or
incompletely
classified at least
two (2) security
assurances that
could be achieved
by the CIO
developing a
formal security
awareness,
training, and
educational
program. Insufficiently
classified at
least two (2)
security
assurances that
could be
achieved by the
CIO developing
a formal security
awareness,
training, and
educational
program. Partially
classified at least
two (2) security
assurances that
could be
achieved by the
CIO developing
a formal security
awareness,
training, and
educational
program. Satisfactorily
classified at
least two (2)
security
assurances that
could be
achieved by the
CIO developing
a formal
security
awareness,
training, and
educational
program. Thoroughly
classified at
least two (2)
security
assurances that
could be
achieved by the
CIO developing
a formal security
awareness,
training, and
educational
program. Criteria 1a. Examine three (3)
specific functions a
CISO and provide
examples of when a
CISO would execute
these functions within
the organization.
Weight: 10% Weight: 10% 2b. Classify at least
two (2) security
assurances that could
be achieved by the
CIO developing a
formal security
awareness, training,
and educational
program.
Weight: 10% 2c. Suggest methods,
processes, or
technologies that can
be used by the CIO to
certify the security
functions and data
assets of an
organization on a dayto-day basis.
Weight: 10% 3. Describe how the
digital forensics
function complements
the overall security
efforts of the
organization.
Weight: 10% 4. Evaluate the
operational duties of
digital forensic
personnel and how
these help qualify the
integrity of forensic
investigations within
the enterprise and
industry.
Weight: 15% 5. List at least three (3)
technical resources
available to the digital
forensics professional
to perform forensic
audits and
investigations.
Weight: 10% 6. 3 references
Weight: 5% 7. Clarity, writing
mechanics, and
formatting
requirements
Weight: 10% Did not submit or
incompletely
suggested
methods,
processes, or
technologies that
can be used by the
CIO to certify the
security functions
and data assets of
an organization on
a day-to-day basis. Insufficiently
suggested
methods,
processes, or
technologies
that can be used
by the CIO to
certify the
security
functions and
data assets of
an organization
on a day-to-day
basis. Partially
suggested
methods,
processes, or
technologies that
can be used by
the CIO to certify
the security
functions and
data assets of an
organization on a
day-to-day basis. Satisfactorily
suggested
methods,
processes, or
technologies
that can be
used by the CIO
to certify the
security
functions and
data assets of
an organization
on a day-to-day
basis. Thoroughly
suggested
methods,
processes, or
technologies
that can be used
by the CIO to
certify the
security
functions and
data assets of
an organization
on a day-to-day
basis. Did not submit or
incompletely
described how the
digital forensics
function
complements the
overall security
efforts of the
organization. Insufficiently
described how
the digital
forensics
function
complements
the overall
security efforts
of the
organization. Partially
described how
the digital
forensics
function
complements the
overall security
efforts of the
organization. Satisfactorily
described how
the digital
forensics
function
complements
the overall
security efforts
of the
organization. Thoroughly
described how
the digital
forensics
function
complements
the overall
security efforts
of the
organization. Did not submit or
incompletely
evaluated the
operational duties
of digital forensic
personnel and how
these help qualify
the integrity of
forensic
investigations
within the
enterprise and
industry. Insufficiently
evaluated the
operational
duties of digital
forensic
personnel and
how these help
qualify the
integrity of
forensic
investigations
within the
enterprise and
industry. Partially
evaluated the
operational
duties of digital
forensic
personnel and
how these help
qualify the
integrity of
forensic
investigations
within the
enterprise and
industry. Satisfactorily
evaluated the
operational
duties of digital
forensic
personnel and
how these help
qualify the
integrity of
forensic
investigations
within the
enterprise and
industry. Thoroughly
evaluated the
operational
duties of digital
forensic
personnel and
how these help
qualify the
integrity of
forensic
investigations
within the
enterprise and
industry. Did not submit or
incompletely listed
at least three (3)
technical
resources
available to the
digital forensics
professional to
perform forensic
audits and
investigations. Insufficiently
listed at least
three (3)
technical
resources
available to the
digital forensics
professional to
perform forensic
audits and
investigations. Partially listed at
least three (3)
technical
resources
available to the
digital forensics
professional to
perform forensic
audits and
investigations. Satisfactorily
listed at least
three (3)
technical
resources
available to the
digital forensics
professional to
perform forensic
audits and
investigations. Thoroughly
listed at least
three (3)
technical
resources
available to the
digital forensics
professional to
perform forensic
audits and
investigations. No references
provided Does not meet
the required
number of
references; all
references poor
quality choices. Does not meet
the required
number of
references;
some references
poor quality
choices. Meets number
of required
references; all
references high
quality choices. Exceeds number
of required
references; all
references high
quality choices. 5-6 errors
present 3-4 errors
present 0-2 errors
present More than 8 errors 7-8 errors
present
present