Organization Security Assessment Project
Review an organization’s needs and address all the challenges involved with implementing and/or changing information technology focusing on information security in a complex organization. Students will analyze organizational objectives and propose a solution and a full implementation plan. The proposed solution must address strategies for overcoming the challenges of information security related projects such as assessing risks, reduction of funding, and keeping the support of executive management. Students will utilize skills gained throughout the program to demonstrate the ability to design an information security project from conception to post deployment (Prerequisite: Successful completion of all core and specialization coursework).
Detailed Work Plan (In attachment template that you need to follow in details)
1. Choose an organization .
– The organization may be an entire company or a particular department/division in a company
– The organization should be large enough (more than 20 employees)
– The organization should have a decent IT system with a communication network (intranet).
2. IT Architecture Analysis
3. Identify security threats and security controls.
4. Security Evaluation
– Risk Identification
– Carry out a Risk Assessment using CRAMM (CCTA Risk Analysis and Management Method) [CS562 Module 9]
– Choosing a security evaluation standard (Common Criteria, etc.) [CS562 Module 8, 10-11]
– Carry out the security evaluation strictly following the chosen standard.
6. Proposition (and maybe Implementation) of Security Improvements
– Propose a suitable security policy
– Identify appropriate Security Controls
– Propose security controls implementation plan
– Propose an appropriate Security Life-Cycle and Security Management Plan
– Proposing an appropriate plan to establish a security culture (trainings, Awareness, etc.) [CS562 Modules 11-13]
– Cost Analysis
– Ethical Considerations in the proposal