CIT 430 Information Security Management
Task
You are a small consulting company in Information Security Management. You have been employed by a company named Zayed Air, a small no frills airline in Abu Dhabi, to make a proposal for information security management. Zayed Air is similar in structure to Fly Dubai but much smaller.
They have asked you to provide in your proposal an outline of how you will address some main requirements. If they accept your proposal then they will award you the contract to implement it.
Zayed Air’s main requirements are in the areas of contingency planning, policies, SETA, risk assessment and management. The sections that you will address in your proposal are given below.
Your whole team must work on each section of the proposal. If I suspect that the work has been divided such that, for example, one person works on contingency and another on risk assessment then you will receive a very low mark.
Even though this is a group project you will be assessed individually. At the end of the semester each team member will make a presentation to the class. Each member will present parts of the project and answer questions on the project. You will need to demonstrate a sound fundamental understanding of your project. You will not be told which part of the project to present until the start time of the presentation. You will not be allowed to read slides or to read from prepared notes. I will ask you detailed questions on any aspect of your project during the presentation period. Visitors may also attend the presentation and will ask questions.
The English in your final project should be to a good standard.
Project sections:
Overview of Zayed Air.
Provide a brief description of the airline with a chart or charts showing different functional areas in the airline.
Make a list of the information assets in each of the different functional areas of the airline that you can think of.
Make a list of the interdependencies with a description. Include external interdependencies.
Give the approximate number of employees.
Contingency planning
Produce a planning framework for contingency planning by providing a template for each of the following components:
Business Impact Analysis
Incident Response Plan
Disaster Recovery Plan
Business Continuity Plan
This does not require you to complete these components; only provide an outline that can be filled in to create these plans. You may find templates online that could be used and require minor modification. (If you are unable to edit the templates you can provide statements of the amendments you would make.)
For your DRP and BCP clearly state your definition of each at the beginning. You may, if you wish, produce one BCP rather than the DRP and BCP. Again, if you do, state your definition of BCP at the beginning of that section.
Enterprise Information Security Policy
Create an Enterprise Information Security Policy, based on the template in the text. Feel free to use assumptions to fill the policy with information as if you are going to be the CISO of Zayed Air. A detailed policy is not required – include the important components with brief descriptions
Issue Specific Policies
Create a list outlining the main ISSPs that Zayed Air will need (up to 10), and specify what each policy should address (one or two sentences each). As an example, create one issue specific security policy based on the template in the text. For example you may choose to address fair and responsible use of office e-mail. Feel free to use assumptions to add information to the policy as if you are the CISO of Zayed Air.
Risk Assessment
Create a framework or outline for a risk assessment. The framework should contain a series of templates that could be used in doing an actual assessment. Refer only to chapter 8 of text when developing this framework. There is no need to complete any of the templates – they should communicate to the reader what type of information needs to be collected for analysis at Zayed Air, and input into a risk management plan. (You may find templates online that could be modified and used).
Security Staff
Build a security team for this size organization including specifications for the numbers and types of security professionals needed. For each position state qualifications and experience required for the new staff that will be recruited.
IMPORTANT
For each section of your project write at least half a page (and place it at the start of the section) justifying the templates that you chose. Explain why you are using a particular template or explain your approach or make comments about the template.
Additionally, for each section of the project, list the main headings that you have in the template for that section. You must ensure that you do not omit any important part. For example, for the BIA you must say what are the main headings or parts to your BIA and you should be confident that you have not missed something important.
For a custom paper on the above topic, place your order now!
What We Offer
• On-time delivery guarantee
• PhD-level professionals
• Automatic plagiarism check
• 100% money-back guarantee
• 100% Privacy and Confidentiality
• High Quality custom-written papers
