Project Assignment: Cybersecurity Policy Catalog

Capstone Project Overview

The purpose of this Capstone Project is for students to examine and solve real world information assurance problems and apply associated techniques to create practical solutions. The course takes an integrative and senior security officer approach to address the policy, risk, and control opportunities within cyberspace and IT environments. Deliverables 1 through 5 focus on preparing students toward the final Capstone Project. Skills, experience, and knowledge gained through the completion of prerequisite courses will be used throughout each deliverable. The project contents to be addressed are as follows:

Project Deliverable: Cybersecurity Policy Catalog

Project Deliverable is a two-part deliverable using MS Word and MS Project, or their open source equivalents. This assignment focuses on information as an asset and logical security techniques for a hypothetical law firm. The goal of this deliverable is to secure an information security policy, suggesting the fundamental guidelines should an untoward event occur. It can be seen that information assets security management can be reduced down to three basic principles: integrity, confidentiality, and availability. Structure a policy around and within computers and associated equipment, as well as the people using it. Note: You may create and / or make all necessary assumptions needed for the completion of this assignment.

Submission Requirements

• Infrastructure Document (MS Word)
• Security Project Plan (MS Project)

Section 1

Write a three to five page paper in which you:

1. Create a cyber-security policy describing the principle, the objective, and policy statement for the law firm's company network.

2. Describe the roles and responsibilities by groups (e.g., position director of network security, the network security manager, network security engineers, IT area), defining roles and responsibilities.

3. Suggest the cyber-security policy statement, an explanation of the policy statement, and the reasons why the policy statement may be controversial.

4. Determine the security testing methodology you would use to facilitate the assessment of technical controls.

Section 2

5. Use Microsoft Project, or an open source alternative such as OpenProj, to create a security project plan for the law firm. The project plan should include:

a. Tasks, subtasks, resources, and predecessors.
b. An outline of the planning, analysis, design, and implementation phases.
c. The use of cyber-security in the information systems development life cycle.

Your assignment must follow these formatting requirements:

• Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.

• Include a cover page containing the title of the assignment, the student's name, the professor's name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.

The specific course learning outcomes associated with this assignment are:

• Determine the strategy for cybersecurity and public policy development in the U.S.
• Use technology and information resources to research issues in information assurance.
• Write clearly and concisely about information assurance topics using proper writing mechanics and technical style conventions.