Computer Science 7-2 Final Project Milestone Four: Statements Of Policy Assignment

/in /by

Computer Science 7-2 Final Project Milestone Four: Statements Of Policy Assignment

You will submit your plan pertaining to statements of policy. You will recommend protocols and mitigating factors to the organization. Justify how the disaster response protocols will mitigate the threats to and vulnerabilities of the organization. You will focus on disaster and incident response protocols as well as access control. Assess your proposed method for maintaining the success of the plan going forward. Justify how your method will ensure the ongoing effectiveness of the information assurance plan.

Note: If you establish protocols and mitigating factors, you can then justify expectations associated with the established protocols.ongoing effectiveness of the information assurance plan.

Don't use plagiarized sources. Get Your Custom Essay on
Computer Science 7-2 Final Project Milestone Four: Statements Of Policy Assignment
Just from $15/Page
Order Essay

One of the most important aspects of information assurance is ensuring that proper policies and procedures are established within an organization. Without proper policies and procedures, there would be no order. By implementing appropriate statements of policy and developing effective procedures, IT administrators ensure that incidents can be appropriately responded to, and that individuals within the organization understand their roles within the information assurance plan. Individuals in an organization would not be able to adequately understand their roles without the establishment of these statements of policy.

ORDER PLAGIARISM FREE PAPER NOW

Prompt

In Module Seven, you will submit your plan pertaining to statements of policy. You will establish protocols and mitigating factors to the organization. Justify how the disaster response protocols will mitigate the threats to and vulnerabilities of the organization. You will focus on disaster and incident response protocols as well as access control. Assess your proposed method for maintaining the success of the plan going forward. Justify how your method will ensure the ongoing effectiveness of the information assurance plan. Computer Science 7-2 Final Project Milestone Four: Statements Of Policy Assignment

Specifically, the following critical elements must be addressed:

  1. Statements of Policy
    1. Develop appropriate incident response protocols to respond to the various threats and vulnerabilities identified within the organization.
    2. Justify how the incident response protocols will mitigate the threats to and vulnerabilities of the organization. Support your justification with information assurance research and best practices.
    3. Develop appropriate disaster response protocols to respond to the various threats and vulnerabilities identified within the organization.
    4. Justify how the disaster response protocols will mitigate the threats to and vulnerabilities of the organization. Support your justification with information assurance research and best practices.
    5. Develop appropriate access control protocols that provide an appropriate amount of protection while allowing users to continue to operate without denial of service.
    6. Justify your access control protocols. Support your justification with information assurance research and best practices.
    7. Recommend a method for maintaining the information assurance plan once it has been established.
    8. Justify how your maintenance plan will ensure the ongoing effectiveness of the information assurance plan. Support your justification with information assurance research and best practices.

What to Submit

Your paper must be submitted as a three- to four-page Microsoft Word document with double spacing, 12-point Times New Roman font, one-inch margins, and at least three sources cited in APA format.

IT 549 Final Project Guidelines and Rubric
Overview
The final projectfor this course is the creation of a functional information assurance plan.
The effective managementofinformation and protection of pertinentdata is essentialfor leveraging the required knowledge to serve customers and stakeholders on a continuous basis.
Employing information assurance bestpracticeswill ensure a firm is able to eliminate hierarchical structures, become moreflat, and have greater customer touch points by leveraging the
correctinformation atthe righttime. Successful firmswill maintain an established information assurance plan and posture that are reviewed on a weekly basis.
This assessmentwill consistofthe creation of a functional information assurance plan. You will find, and review, a real-world business scenario (e.g. SonyBreach, TargetBreach, HomeDepot
Breach) in order to apply information assurance research and incorporate industry bestpractices to your recommendations for specific strategic and tactical steps. These skills are crucialfor
you to become a desired assetto organizations seeking industry professionals in the information assurance field.
The projectis divided into four milestones, which will be submitted atvarious points throughoutthe course to scaffold learning and ensure quality final submissions. These milestoneswill be
submitted in Modules Two, Four, Five, and Seven. The final productwill be submitted in ModuleNine.
In this assignment, you will demonstrate your mastery ofthe following course outcomes:
Assess confidentiality, integrity, and availability ofinformation in a given situation for their relation to an information assurance plan
Propose appropriate protocols for incident and disaster responses and managing security functions that adhere to bestpractices for information assurance
Analyze threatenvironments using information assurance research and industry bestpractices to inform network governance
Recommend strategies based on information assurance bestpractices for maintaining an information assurance plan
Evaluate the appropriateness ofinformation assurance decisions about security, access controls, and legal issues
Assess applicable threats and vulnerabilities related to information assurance to determine potential impacton an organization and mitigate associated risks
Prompt
Your information assurance plan should answer the following prompt: Reviewthe scenario and create an information assurance plan for the organization presented in the scenario.
Specifically, the following critical elements mustbe addressed in your plan:
I. Information AssurancePlan Introduction
a. Provide a brief overviewofthe goals and objectives of your information assurance plan, including the importance of ensuring the confidentiality, integrity, and availability of
information. What are the benefits of creating and maintaining an information assurance plan around those key concepts?
b. Assess the confidentiality, integrity, and availability ofinformation within the organization.
 
8/13/23, 1:00 AM Assignment Information
https://snhu.brightspace.com/d2l/le/content/1339735/viewContent/25616773/View 2/8
c. Evaluate the currentprotocols and policies the organization has in place. Whatdeficiencies existwithin the organization’s currentinformation assurance policies? What are the
potential barriers to implementation of a newinformation assurance plan?
II. Information SecurityRoles and Responsibilities
a. Analyze the role ofthe key leaderswithin the organization specific to howtheir responsibilities are connected to the security ofthe organization’s information. Whatis the
relationship between these roles?
b. Evaluate key ethical and legal considerations related to information assurance thatmustbe taken into accountby the key leaderswithin the organization. What are the ramifications
of key leaders notproperly accounting for ethical and legal considerations?
c. What are the key components ofinformation assurance as they relate to individual roles and responsibilitieswithin the information assurance plan? For example, examine the
currentpolicies as they relate to confidentiality, integrity, and availability ofinformation.
III. RiskAssessment
a. Analyze the environmentin which the organization operates, including the currentprotocols and policies in place related to information assurance.
b. Evaluate the threatenvironmentofthe organization.
c. Based on your analysis and evaluation, what are the best approaches for implementing information assurance principles? Where do you see the most areas for improvementto
currentprotocols and policies?
d. Assess the threats and vulnerabilities ofthe organization by creating a risk matrix to outline the threats and vulnerabilities found and determine possible methods to mitigate the
identified dangers.
IV. Statements of Policy
a. Develop appropriate incident response protocols to respond to the various threats and vulnerabilities identified within the organization.
b. Justify howthe incident response protocolswill mitigate the threats to and vulnerabilities ofthe organization. Supportyour justification with information assurance research and
bestpractices.
c. Develop appropriate disaster response protocols to respond to the various threats and vulnerabilities identified within the organization.
d. Justify howthe disaster response protocolswill mitigate the threats to and vulnerabilities ofthe organization. Supportyour justification with information assurance research and
bestpractices.
e. Develop appropriate access control protocols thatprovide an appropriate amountof protection while allowing users to continue to operatewithoutdenial of service.
f. Justify your access control protocols. Supportyour justification with information assurance research and bestpractices.
g. Recommend a method for maintaining the information assurance plan once ithas been established.
h. Justify howyour maintenance plan will ensure the ongoing effectiveness ofthe information assurance plan. Supportyour justification with information assurance research and best
practices.
V. Conclusion
8/13/23, 1:00 AM Assignment Information
https://snhu.brightspace.com/d2l/le/content/1339735/viewContent/25616773/View 3/8
a. Summarize the need for an information assurance plan for the selected organization, including the legal and ethical responsibilities ofthe organization to implement and maintain an
appropriate information assurance plan.
b. Defend the key elements of your information assurance plan, including which members ofthe organization would be responsible for each element.

ORDER PLAGIARISM FREE PAPER NOW

Milestones
MilestoneOne: Information AssurancePlan Introduction
In ModuleTwo, you will submityour introduction to the information assurance plan. This section ofthe plan will provide the overviewofthe current state ofthe organization. Provide a brief
overviewofthe goals and objectives of your information assurance plan, including the importance of ensuring the confidentiality, integrity, and availability ofinformation. What are the benefits
of creating and maintaining an information assurance plan around those key concepts? Are there currentprotocols and policies the organization has in place? Additionally, whatdeficiencies
existwithin the organization’s currentinformation assurance policies? What are the potential barriers to implementation of a newinformation assurance plan? This milestone is graded with the
MilestoneOneRubric.
MilestoneTwo: Information SecurityRoles and Responsibilities
In Module Four, you will submityour roles and responsibilities portion ofthe final project. Who are the key leaders ofthe organization specific to howtheir responsibilities are connected to the
security ofthe organization’s information? You must also identify key ethical considerations. What are the ramifications of key leaders notproperly accounting for ethical and legal
considerations? What are the key components ofinformation assurance as they relate to individual roles and responsibilitieswithin the information assurance plan? For example, examine the
currentpolicies as they relate to confidentiality, integrity, and availability ofinformation. This milestone is graded with theMilestoneTwo Rubric.
MilestoneThree: RiskAssessment
In Module Five, you will submitthe risk assessmentportion ofthe information assurance plan. You will provide the organization with an assessmentofthe threatenvironment and the risks
within, aswell as methods designed to mitigate these risks. Based on your analysis and evaluation, what are the best approaches for implementing information assurance principles? Where do
you see the most areas for improvementto currentprotocols and policies? This milestone is graded with theMilestoneThreeRubric.
Milestone Four: Statements of Policy
In Module Seven, you will submityour plan pertaining to statements of policy. You will establish protocols and mitigating factors to the organization. Justify howthe disaster response protocols
will mitigate the threats to and vulnerabilities ofthe organization. You willfocus on disaster and incident response protocols aswell as access control. Assess your proposed method for
maintaining the success ofthe plan going forward. Justify howyour method will ensure the ongoing effectiveness ofthe information assurance plan. This milestone is graded with theMilestone
Four Rubric.
Final Submission: Information AssurancePlan
In ModuleNine, you will submityour information assurance plan. It should be a complete, polished artifact containing all ofthe critical elements ofthe final product. It should reflectthe
incorporation offeedback gained throughoutthe course. This submission will be graded with the Final ProductRubric.
8/13/23, 1:00 AM Assignment Information
https://snhu.brightspace.com/d2l/le/content/1339735/viewContent/25616773/View 4/8
What to Submit
Your information assurance plan should adhere to the following formatting requirements: 10–12 pages, double-spaced, using 12-pointTimesNewRoman font and one-inch margins. Computer Science 7-2 Final Project Milestone Four: Statements Of Policy Assignment. Use discipline-appropriate citations.
Final Project Rubric
Criteria Exemplary (100%) Proficient(90%) Needs Improvement(70%) NotEvident(0%) Value
Overviewof Goals and
Objectives
Meets “Proficient” criteria and
quality of overviewestablishes
expertise in the discipline
Provides a brief but
comprehensive overviewofthe
goals and objectives ofthe
information assurance plan,
including the importance of
ensuring the confidentiality,
integrity, and availability of
information and the benefits of
creating and maintaining an
information assurance plan
Provides a brief overviewofthe
goals and objectives ofthe
information assurance plan but
does notinclude the
importance of ensuring the
confidentiality, integrity, and
availability ofinformation or
the benefits of creating and
maintaining an information
assurance plan
Does notprovide a brief
overviewofthe goals and
objectives ofthe information
assurance plan
4
Confidentiality, Integrity, and
Availability ofInformation
Meets “Proficient” criteria and
demonstrates a nuanced
understanding of key
information assurance
concepts
Accurately assesses the
confidentiality, integrity, and
availability ofinformation
within the organization
Assesses the confidentiality,
integrity, and availability of
information within the
organization but some
elements ofthe assessmentmay
be illogical or inaccurate
Does not assess the
confidentiality, integrity, and
availability ofinformation
within the organization
5
CurrentProtocols and
Policies
Meets “Proficient” criteria and
demonstrates deep insightinto
complex deficiencies and
barriers to implementation of a
newinformation assurance
plan
Logically evaluates the current
protocols and policies in place,
including deficiencies that
currently exist and potential
barriers to implementation of a
newinformation assurance
plan
Evaluates the currentprotocols
and policies in place butdoes
not address the deficiencies
that currently existor potential
barriers to implementation of a
newinformation assurance
plan, or evaluation is illogical
Does notevaluate the current
protocols and policies in place
4
Responsibilities ofKey
Leaders
Meets “Proficient” criteria and
demonstrates a nuanced
understanding ofthe
relationship between these
roles and information security
Analyzes the role ofthe key
leaderswithin the organization
specific to howtheir
responsibilities are connected
to the security ofthe
organization’s information
Analyzes the role ofthe key
leaderswithin the organization
butmisses key roles or aspects
of responsibilities specific to
the security ofthe
organization’s information
Does not analyze the role ofthe
key leaderswithin the
organization
5
8/13/23, 1:00 AM Assignment Information
https://snhu.brightspace.com/d2l/le/content/1339735/viewContent/25616773/View 5/8
Criteria Exemplary (100%) Proficient(90%) Needs Improvement(70%) NotEvident(0%) Value
Key Ethical and Legal
Considerations
Meets “Proficient” criteria and
provides complex or insightful
reflection ofthe ramifications
of key leaders notproperly
accounting for ethical and legal
considerations
Accurately evaluates key ethical
and legal considerations related
to information assurance that
mustbe taken into accountby
the key leaderswithin the
organization, including the
ramifications of key leaders not
properly accounting for ethical
and legal considerations
Evaluates ethical and legal
considerations related to
information assurance that
mustbe taken into accountby
the key leaderswithin the
organization butdoes not
include the ramifications of key
leaders notproperly
accounting for ethical and legal
considerations, or evaluation is
inaccurate
Does notevaluate ethical and
legal considerations related to
information assurance that
mustbe taken into accountby
the key leaderswithin the
organization
5
KeyComponents of
Information Assurance
Meets “Proficient” criteria and
demonstrates a nuanced
understanding of howeach key
componentidentified impacts
each individual’s role and
responsibility
Comprehensively addresses
components ofinformation
assurance as they relate to
individual roles and
responsibilitieswithin the
information assurance plan
Addresses components of
information assurance as they
relate to individual roles and
responsibilitieswithin the
information assurance plan but
does not address
confidentiality, integrity, and/or
availability ofinformation
Does not address any
components ofinformation
assurance as they relate to
individual roles and
responsibilitieswithin the
information assurance plan
5
Analysis of Environment Meets “Proficient” criteria and
demonstrates unique or
insightful reflection of current
protocols and policies
Logically analyzes the
environmentin which the
organization operates,
including the currentprotocols
and policies in place related to
information assurance
Analyzes the environmentin
which the organization
operates butdoes notinclude
the currentprotocols and
policies in place related to
information assurance
Does not analyze the
environmentin which the
organization operates
5
ThreatEnvironment Meets “Proficient” criteria and
demonstrates deep insightinto
hidden or complex threats or
vulnerabilities
Accurately analyzes the threat
environmentofthe
organization
Evaluates the threat
environmentofthe
organization butmisses crucial
threats or vulnerabilities, or the
evaluation is inaccurate
Does notevaluate the threat
environmentofthe
organization
5
8/13/23, 1:00 AM Assignment Information
https://snhu.brightspace.com/d2l/le/content/1339735/viewContent/25616773/View 6/8
Criteria Exemplary (100%) Proficient(90%) Needs Improvement(70%) NotEvident(0%) Value
BestApproaches Meets “Proficient” criteria and
demonstrates unique or
insightful reflection regarding
areas for improvement
Comprehensively discusses
best approaches for
implementing information
assurance principles, including
areas ofimprovementto
currentprotocols and policies
Discusses best approaches for
implementing information
assurance principles, butdoes
notfully develop ideas related
to areas ofimprovementto
currentprotocols and policies
Does notdiscuss best
approaches for implementing
information assurance
principles
5
RiskMatrix Meets “Proficient” criteria and
demonstrates deep insightinto
hidden or complex threats or
vulnerabilities and possible
methods to mitigate the
identified dangers
Creates a risk matrix to
comprehensively and
accurately assess the threats to
and vulnerabilities ofthe
organization, including
possible methods to mitigate
the identified dangers
Creates a risk matrix to assess
the threats to and
vulnerabilities ofthe
organization butdoes not
include possible methods to
mitigate the identified dangers,
or assessmentis incomplete or
inaccurate
Does not create a risk matrix to
assess the threats to and
vulnerabilities ofthe
organization
5
IncidentResponseProtocols Meets “Proficient” criteria and
provides secondary incident
response protocols in the event
thatprimary protocols fail
Develops appropriate incident
response protocols to respond
to the various threats and
vulnerabilities identified
Develops incident response
protocols to respond to the
various threats and
vulnerabilities identified, but
they are not all appropriate or
do not respond to allthe threats
and vulnerabilities
Does notdevelop incident
response protocols
5
Justification ofIncident
ResponseProtocols
Meets “Proficient” criteria and
provides unique or insightful
reflection into the dangers of
notproviding for adequate
incident response protocols
Logically justifies howthe
incident response protocols
will mitigate the threats to and
vulnerabilities ofthe
organization with supportfrom
information assurance
research and bestpractices
Justifies howthe incident
response protocolswill mitigate
the threats to and
vulnerabilities ofthe
organization with minimal
supportfrom information
assurance research and best
practices, or justification is
illogical
Does notjustify howthe
incident response protocols
will mitigate the threats and
vulnerabilities to the
organization
5
8/13/23, 1:00 AM Assignment Information
https://snhu.brightspace.com/d2l/le/content/1339735/viewContent/25616773/View 7/8
Criteria Exemplary (100%) Proficient(90%) Needs Improvement(70%) NotEvident(0%) Value
Disaster ResponseProtocols Meets “Proficient” criteria and
demonstrates deep insightinto
responding to hidden or
complex threats or
vulnerabilities
Develops appropriate disaster
response protocols to respond
to the various threats and
vulnerabilities identified
Develops disaster response
protocols to respond to the
various threats and
vulnerabilities identified, but
they are not all appropriate or
do not respond to allthe threats
and vulnerabilities
Does notdevelop disaster
response protocols
4
Justification of Disaster
ResponseProtocols
Meets “Proficient” criteria and
provides unique or insightful
reflection into the dangers of
notproviding for adequate
disaster response protocols
Logically justifies howthe
disaster response protocolswill
mitigate the threats to and
vulnerabilities ofthe
organization with supportfrom
information assurance
research and bestpractices
Justifies howthe disaster
response protocolswill mitigate
the threats to and
vulnerabilities ofthe
organization with minimal
supportfrom information
assurance research and best
practices, or justification is
illogical
Does notjustify howthe
disaster response protocolswill
mitigate the threats to and
vulnerabilities ofthe
organization
5
AccessControl Protocols Meets “Proficient” criteria and
demonstrates unique or
insightful reflection into
appropriate protocols
Develops appropriate access
control protocols thatprovide
an appropriate amountof
protection while allowing users
to continue to operatewithout
denial of service
Develops access control
protocols, butthey do not
provide an appropriate amount
of protection while allowing
users to continue to operate
withoutdenial of service
Does notdevelop access
control protocols
4
Justification ofAccess
Control Protocols
Meets “Proficient” criteria and
provides unique or insightful
reflection into the dangers of
notproviding for adequate
access control protocols
Logically justifies the access
control protocolswith support
from information assurance
research and bestpractices
Justifies the access control
protocolswith minimal support
from information assurance
research and bestpractices, or
justification is illogical
Does notjustify the access
control protocols
5
Method for Maintaining the
Information AssurancePlan
Meets “Proficient” criteria and
provides an established interval
for the recommended
maintenance actions
Recommends a comprehensive
method for maintaining the
information assurance plan
once ithas been established
Recommends a method for
maintaining the information
assurance plan once ithas been
established but
recommendations are notfully
developed
Does not recommend a method
for maintaining the information
assurance plan once ithas been
established
5
8/13/23, 1:00 AM Assignment Information
https://snhu.brightspace.com/d2l/le/content/1339735/viewContent/25616773/View 8/8
Criteria Exemplary (100%) Proficient(90%) Needs Improvement(70%) NotEvident(0%) Value
Justification of Maintenance Plan
Meets “Proficient” criteria and
provides insightinto the
dangers of notproviding for an
adequate maintenance plan
Logically justifies howthe
maintenance plan will ensure
the ongoing effectiveness ofthe
information assurance plan
with supportfrom information
assurance research and best
practices
Justifies howthe maintenance
plan will ensure the ongoing
effectiveness ofthe information
assurance plan with minimal
supportfrom information
assurance research and best
practices or justification is
illogical
Does notjustify howthe
maintenance plan will ensure
the ongoing effectiveness ofthe
information assurance plan
5
Summary of Need for
Information AssurancePlan
Meets “Proficient” criteria and
demonstrates a nuanced
understanding ofthe need for
an information assurance plan
Concisely summarizes the need
for an information assurance
plan, including the legal and
ethical responsibilities ofthe
organization to implement and
maintain an appropriate
information assurance plan
Summarizes the need for an
information assurance plan but
does notinclude the legal and
ethical responsibilities ofthe
organization to implement and
maintain an appropriate
information assurance plan or
is not concise
Does not summarize the need
for an information assurance
plan
5
Defense ofKey Elements of
Information AssurancePlan
Meets “Proficient” criteria and
demonstrates a nuanced
understanding of which
members ofthe organization
should be responsible for each
element
Strongly defends key elements
ofthe information assurance
plan, including which members
ofthe organization would be
responsible for each element
and who should be contacted in
the eventof an incident
Defends key elements ofthe
information assurance plan but
does notincludewhich
members ofthe organization
would be responsible for each
element, or defense isweak
Does notdefend elements of
the information assurance plan
5
Articulation of Response Submission is free of errors
related to citations, grammar,
spelling, syntax, and
organization and is presented
in a professional and easy-toread format
Submission has no major errors
related to citations, grammar,
spelling, syntax, or organization
Submission has major errors
related to citations, grammar,
spelling, syntax, or organization
thatnegatively impact
readability and articulation of
main ideas
Submission has critical errors
related to citations, grammar,
spelling, syntax, or organization
thatpreventunderstanding of
ideas
4
Total: 100%