Cash-back offer from March 1st to 8th, 2024: Get a flat 10% cash-back credited to your account for a minimum transaction of $50.Post Your Questions Today!

Question DetailsNormal
$ 50.00

Assessment item 2 - Security policy and standards

Question posted by
Online Tutor Profile
request

Assessment item 2 - Security policy and standards

The CISO's priority is to revise ACME's enterprise information security policy and specific security control standard requirements. To facilitate this the CISO has published a strategic security view, which supports ACMEs corporate aspirations. This strategic view reads as follows:

The Information Security division of ACME Widgets Inc. will strive to ensure that all sensitive corporate and customer information is always protected when being sent, received, processed, or stored in any medium as part of any business process. ACME will identify, implement and operate world-class preventative, detective and responsive security controls to always protect our business information. Furthermore, ACME will actively seek to attract and retain appropriate skills and expertise to ensure that all phases of the business systems' lifecycle are protected, including architecture, design, build, and operations.

The security policy will provide a clear vision of ACME's commitment to protecting its business information. A security policy explains the "what" of the enterprise security strategy - the senior management expectations of what broad goals ACME will set itself for preventing, detecting and responding to cyber incidents.

Security control standards provide the "how" of the security strategy and must clearly align with the security policy. You will create a set of specific implementation standards and/or behavioural expectations that will facilitate secure design, configuration and operational decisions by ACME's technology staff. Control standards must be specific, clearly guiding behaviour and able to be objectively measured for compliance.

YOUR TASK

As part of your role as lead consultant on one of the focus streams of the ACME security uplift programme, you will contribute to the 'ACME Cyber Security Standards' (ACSS), comprising:

3-4 security policy statements that apply to your chosen focus area and that align with the strategic vision.

10-15 specific control requirements that align with one or more policy statements and describe how a person or system will be configured or behave in order to preserve the security of ACME's information.

The ACSS should incorporate any relevant regulation or legislation that is applicable to ACME, given the nature, location and scope of their business. Utilise your research from Assignment 1 to select appropriate regulatory and/or legislative contexts and drivers for your policy statements and control requirements.

Your submission should include:

A description of the intent, audience and scope of the cyber security standards

3-4 security policy statements describing the security objectives of your focus area.

A clearly presented set of 10-15 specific security control requirements that:

Link to the parent policy statements.

Are supported by referenced industry frameworks.

Include any relevant regulatory or legislative linkage.

Clear accountabilities for implementing each required configuration or behaviour.

Your submission should be of sufficient length to comprehensively address the specific implementation requirements of each policy objective. It may be useful to tabulate the specific requirements to better demonstrate their relationship to the security policy and any supporting material. Overall (including any tables) your submission should be approximately 2000 words in length.

Rationale

x

This assessment task will assess the following learning outcome/s:

be able to formulate a security policy.

be able to identify, analyse and select secure system architecture elements.

be able to justify key elements of operations security

Criteria: Document control Clear and concise introduction and articulation of the scope, audience, and applicability of the cyber security standards. An accurate and thorough list of accountable and responsible parties in relation to the requirements.

HD: Clear and concise introduction explaining the drivers for and purpose of the standards. A comprehensive definition of scope and a thorough list of administrative and operational stakeholders

Criteria: Policy statementsClear, concise, and accurate statements explaining the security objectives of the chosen focus area, in the context of the ACME business.

HD: Student has clearly, concisely and accurately articulated an appropriate selection of policy objectives that clearly relate to the chosen focus area

concise, and appropriate descriptions

Available Answer
$ 50.00

[Solved] Assessment item 2 - Security policy and standards

  • This solution is not purchased yet.
  • Submitted On 12 Aug, 2023 06:41:23
Answer posted by
Online Tutor Profile
solution
Assessment item 2 - Security policy and standards The CISO's priority is to revise ACME's enterprise information security policy and specific security control standard requirements. To facilitate this the CISO has published a strategic security view, which supports ACMEs corporate aspirations. This strategic view reads as follows: The Information Security division of ACME Widgets Inc. will strive to ensure that all sensitive corporate and customer information is always protected when being sent, received, processed, or stored in any medium as part of any business process. ACME will identify, implement and operate world-class preventative, detective and responsive security controls to always protect our business information. Furthermore, ACME will actively seek to attract and retain appropriate skills and expertise to ensure that all phases of the business systems' lifecycle are protected, including architecture, design, build, and operations. The security policy will provide a clear vision of ACME's commitment to protecting its business information. A security policy explains the "what" of the enterprise security...
Buy now to view the complete solution
Other Similar Questions
User Profile
Kevin...

B6028 Module 4 Assignment 2 Internal Environmental Scan Organizational Assessment

Module 5 - M5 Assignment 2 Internal Environmental Scan/Organizational Assessment     Internal Environmental Scan/Organizational Assessment This section provides the opportunity to develop your course project. Conducting...
User Profile
QUIZB...

NURS 6512 Week 6 Midterm Exam: Advanced Health Assessment: Walden University (Already Graded A)

NURS 6512 Week 6 Midterm Exam: Advanced Health Assessment: Walden University 1. Before performing an abdominal examination, the examiner should: 2. During an interview, tears appear in the patient’s eyes and his voice b...
User Profile
ultra...

HIUS 221 reading comprehension assessment 3 solutions answers key

Liberty University HIUS 221 reading comprehension assessment 3 complete solutions correct answers key Question 1 Read the following passage, then answer the questions below. It is with reluctance that I make the demand for...

User Profile
NUMBE...

1 Comparative Assessment Case Description

ECI Case Enterprise system is the best choice for ECI Inc. This is in reference to the following identified issues relating to the business processes: • Customers are complaining that it takes ages to trade their cars in �...
User Profile
AceTu...

IFSM 300 Final Assessment Exam | Complete Solution

B. The Competitive Rivalry is the primary factor in the development of future business and their information technology strategy because of the VCMD is doing great in today's business sector, Victor knows about the expanded p...

The benefits of buying study notes from CourseMerits

homeworkhelptime
Assurance Of Timely Delivery
We value your patience, and to ensure you always receive your homework help within the promised time, our dedicated team of tutors begins their work as soon as the request arrives.
tutoring
Best Price In The Market
All the services that are available on our page cost only a nominal amount of money. In fact, the prices are lower than the industry standards. You can always expect value for money from us.
tutorsupport
Uninterrupted 24/7 Support
Our customer support wing remains online 24x7 to provide you seamless assistance. Also, when you post a query or a request here, you can expect an immediate response from our side.
closebutton

$ 629.35