Are their independent organizations, such as NIST or the FBI, recommending the security initiative you are proposing? Explain what they recommend and why they can be trusted to provide reasonable guidance.

The proposal will be delivered from the perspective of an Information Security Consultant that has been engaged by a hypothetical organization that should be described during the proposal. Each student, or team of students, will develop a business proposal for an information security initiative to be considered by senior management of the hypothetical organization. Assume that senior managers in the organization are the target audience, including the Chief Executive Officer, Chief Financial Officer, Chief Compliance Officer, and Chief Information Officer. The proposal will be delivered in the form of a written memo which must include all of the requirements listed below to be considered complete. The formatting of the memo is flexible but should include all of the requirements.

a) Background on the organization, including size, core competencies, industry, challenges, and strategic direction. Help the reader imagine the context of the organization that has engaged you to perform an information security risk assessment and deliver a proposal for improvement.

b) Describe the problem to be solved by your proposal. Consider an unresolved security risk which you believe can be mitigated using the approach you are proposing. It could be a change to people, process, technology, or facilities. It might even involve more than one of those elements. What is the likely impact if the risk is NOT mitigated? Explain why you are confident that your proposed approach will be successful in solving the problem you identified.

c) Describe key considerations shaped your perspective as an Information Security Consultant. How would the changes you propose result in protection of the organization – have other organizations suffered a loss when facing similar challenges? Cite specific real cases that were publicized where organizations suffered because they lacked the security you are recommending.

d) Is there a regulatory / legal requirement for you to have the security control you are proposing? Consider the industry of your hypothetical organization and consider the requirements or best practices in that industry.

e) Are their independent organizations, such as NIST or the FBI, recommending the security initiative you are proposing? Explain what they recommend and why they can be trusted to provide reasonable guidance.

f) If your proposal is approved, what project management considerations have you already developed? What are the risks to the successful delivery of the project? What new processes will be created and necessary to sustain the security controls you have introduced with this project?

g) Will vendor services be needed for your initiative to be successful? Describe those services and give examples of providers that we are likely to engage.

h) What financial costs have you estimated will be associated with your proposal? Distinguish between one-time and recurring annual costs. Distinguish because hardware, software, services, and human labor, as appropriate. Remember to associate the cost of control with the potential cost of an incident, such that it only makes sense to approve your proposal if your project costs less than the incident itself.

i) What training should be developed in support of your proposed change? Will this impact internal staff and their productivity? Do external stakeholders, such as regulators, partners, and customers need to be informed?

j) It is possible your proposal cannot be funded at this time; what alternative risk management approaches do you recommend be considered for the good of the organization in the event that your proposal is not approved and funded?

The post Are their independent organizations, such as NIST or the FBI, recommending the security initiative you are proposing? Explain what they recommend and why they can be trusted to provide reasonable guidance. appeared first on Essay Hotline.