Description

In 8-10 double-spaced pages, evaluates the cybersecurity policy of their or another organization in terms of completeness, compliance, organization and organization related interests, and other aspects, such as how to prevent its failure.  Discuss how the policy addresses the cybersecurity issues discussed in the vulnerability identification & exploitation materials presented in the Erickson and Weidman texts.

Select an organization you admire (public sector, private sector, professional association, limited liability corporation, entrepreneurial, other) and solicit its cybersecurity policy. Such document(s) may be available as a link on its homepage, part of the organization’s policies and procedures (P&P) manual, the subject or reference used in an academic or trade journal case study in information systems, or any other source—human or Internet. The cybersecurity policy may not necessarily reside as a single document and thus you may find it necessary to synthesize elements to have a resource that reasonably articulates the organization’s cybersecurity policy.

Take special note that there is a minimum of three critical aspects to this assignment. One, as emphasized above, is to identify an organization whose cybersecurity policy is available. Federal civil sector organizations may be candidates. A company where you are currently or would like to be employed may be a candidate. Also consider an organization that routinely deals in information gathering and dissemination for the public good, such as a library using content filtering software to curtail questionable Internet browsing by its visitors. Start your search for a suitable organization early and anticipate that you may have to browse several before finding one suitable for this assignment.

A second critical aspect is to identify evaluation criteria or performance measures for the cybersecurity policy. Refer to applicable government, industry, and regulatory standards. In some cases, you may need to consider criminal or civil liability issues, and thus evaluation criteria may emanate from the judicial guidance.

A third critical aspect is application of your evaluation criteria to elements of the cybersecurity policy identified for analysis. Such analysis is likely to be qualitative for some aspects; quantitative for other aspects; and a hybrid for still other aspects of the policy. As such, your choice of measures and analytical techniques must be reasonable and justifiable.