Part A -

Throughout the course, you have researched information security legal and regulatory frameworks from international, national, state, and local laws. You have also researched the role of standards bodies and policies in the work of creating an information legal and regulatory framework.

Select a multinational company located in the United States that does business overseas.

Use the study materials and engage in any additional research needed to fill in knowledge gaps. Analyze cybersecurity laws that will impact this organization based on business locations. Research information security legal and regulatory frameworks from international, national, state, and local laws that effect this business and the role of standards bodies and policies in the work of creating an information legal and regulatory framework.

Key concepts to be covered in this essay:

• Analyze cybersecurity laws that will impact this organization based on the type of organization (for example, public, private, government, or nonprofit).
• Analyze cybersecurity laws that will impact this organization based on the industry standards and norms.
• Recommend a strategy to ensure that this organization is in compliance with all relevant cybersecurity laws.

Assignment Requirements

• Written communication: Written communication is free of errors that detract from the overall message.
• APA formatting: Resources and citations are formatted according to APA (6th edition) style and formatting.
• Length of paper: 4-5 pages, excluding the references page.
• Font and font size: Times New Roman, 12 point.

Part B -

Information security policies are the core internal guidance for an organization and must be enacted prior to the purchase of information security controls. There is a bit of a "chicken and egg" dispute in the information security community as to whether it is appropriate to first engage in risk assessment with policies created to address those findings or whether it is appropriate to first create policies against which a risk assessment can be performed. On a more granular level, security policy is meant to document what is important to a particular organization related to information technology assets, including data. This sequential order is critical to the success of an information security program because a successful program ensures that organizations do not spend too little or too much money when purchasing controls to enforce these policy decisions. For example, it is possible to purchase a certificate that uses DNA as the key to enforce an access control policy, but there are very few situations where that would be an appropriate or balanced choice.

You are a new information security officer for Metro City Community College. Metro City has a small urban campus in downtown Detroit and also offers their catalog of courses online. One of the first tasks you are assigned is to create the information security policies that will guide all subsequent security projects that you propose.

Use the study materials and engage in any additional research needed to fill in knowledge gaps. Describe the overall objectives of creating information security policy for this institution. This essay needs to:

• Analyze the benefits and challenges of enforcing information security policies within government agencies and organizations.
• Evaluate how creation and enforcement of information security policies can impact customers and business partners that have a relationship with a government agency or organization.

Assignment Requirements

• Written communication: Written communication is free of errors that detract from the overall message.
• APA formatting: Resources and citations are formatted according to APA (6th edition) style and formatting.
• Length of paper: 4-5 pages, excluding the references page.
• Font and font size: Times New Roman, 12 point.