Project 1: Developing Comprehensive Organizational Strategy for Information Assurance
Throughout this course, you explored perspectives on ways to develop an organizational strategy for information assurance. In order to be successful, the strategy needs to be designed and implemented as a whole. Now it is time to integrate your learning from previous Weeks.
To prepare for this Project, apply The Process you followed for the Week 4 Project and continue to reference the fictitious organization you have developed for earlier Project assignments. You will need to state your assumptions and create sample data for this fictional case. Create outlines, tables, or diagrams, as needed, to convey the high-level security plan for the organization.
Write a 3- to 5-page paper about a comprehensive organizational strategy for information assurance for your organization. Include the following points:
Determine what questions regarding different key areas of security are important to have answered, and then describe what is measured, how data for measurement is gathered, and how results are calculated.
Develop 45 examples of strategic metrics that demonstrate the key areas of security for the organization.
Generate sample data that will be displayed graphically in part 2 of this Weeks Project.
Note: One of the strategic metrics should be related to the IAM Project (from Weeks 36) showing how deployment of an IAM tool and new processes enabled important business functionality. The other 34 examples should come from the operational metrics you developed in Week 7.
Project 2: Creating Presentation for Comprehensive Organizational Strategy for Information Assurance
Developing a strategy is not enough; as a professional you need to present your strategy to the important stakeholders to get their support and approval for resources. A very good strategy, if poorly communicated, may not receive top management support for implementation.
For this part of the Project, create a PowerPoint presentation (57 slides) that shows a well-developed information assurance strategy, one that covers The Process well (Brotby, 2009, pp. 100104). Use graphical representations to show how the organization is achieving its goals or at least trending that way. Incorporate your sample data from part 1 of the Project in this Week as your graphical representation.
Note: This presentation should be a high-level PowerPoint presentation, aimed at executivesmost of whom are from outside the IT departmentshowing key areas of security and how well they are managed. The presentation should consist of one slide per metric, with a very basic graphical representation, using the best practices suggested in Jaquith (2007). Include the oral script for your presentation in the notes section for each of the slides.
By Day 7
Required Readings
Brotby, K. (2009). Information security governance: A practical development and implementation approach. Hoboken, NJ: Wiley.
Chapter 5, Strategic Metrics
In this chapter you are introduced to the strategic requirements for security. You will examine strategic aspects of IT security governance and how to address them.
Chapter 12, Implementing Strategy
In this chapter you are introduced to the process of implementing a strategy. You explore ways to translate a strategy into a series of actionable items.
Jaquith, A. (2007). Security metrics: Replacing fear, uncertainty, and doubt. Upper Saddle River, NJ: Pearson.
Chapter 8, Designing Security Scorecards
In this chapter you are introduced to the concept of defining metrics. You will examine ways to apply The Balanced Scorecard to align information security with business objectives.