Documents

3313485_1577955921_Exampletask2

Description
Description:
Categories
Published
of 12
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Related Documents
Share
Transcript
  Running head: VLT TASK 2   1   VLT Task 2   Western Governors University    VLT TASK 2   2   Contents   A. Scope for the ISMS plan being developed in the case study  ........................................ 4   1. Describe the business objectives being developed in the case study for the organization  ................................................................................................................................. 4   2. Describe the guiding security principles based on the case study  ............................. 4   3. Justify the organization’s business processes that should be included in the scope  .. 4   What the process is  ..................................................................................................... 5   How you would apply the process to the scenario  ...................................................... 5   Why the process is needed or should be included in the scope of the ISMS  .............. 5   4. Justify the information systems that should be included in the scope  ....................... 6   What the information system that should be included is  ............................................ 6   What the duties of the information system are  ........................................................... 6   Why this information system should be included in the scope of the ISMS plan  ...... 6   5. Justify the IT infrastructure that should be included in the scope  ............................. 7   Including a description of the data flow  ..................................................................... 8   B. Recommend additional steps to address the identified risks in the case study that the organization would need to take to implement the ISMS plan  ....................................................... 9   1. Discuss what each recommended step entails based on your evaluation of the conducted risk assessment  .......................................................................................................... 9   Creation of a disaster recovery plan (DRP)  ................................................................ 9   Creation of a password policy ..................................................................................... 9    VLT TASK 2   3   Creation of a remote access policy  ........................................................................... 10   2. Justify each recommended step based on your evaluation of the conducted risk assessment  ................................................................................................................................. 10   Creation of a disaster recovery plan (DRP)  .............................................................. 10   Creation of a password policy ................................................................................... 10   Creation of a remote access policy  ............................................................................ 11   References  ......................................................................................................................... 12    VLT TASK 2   4   A. Scope for the ISMS plan being developed in the case study   This section defines the scope for the ISMS plan being developed for this case study.   1. Describe the business objectives being developed in the case study for the organization   According to the executive summary of the attached risk assessment the main business objectives are “to promote improvements in the quality and usefulness of medical grants through federally supported research, evaluation, and sharing of information.” (Davis)   2. Describe the guiding security principles based on the case study   The guiding security principles are based on the ISO standards under 27000 which include the standards under ISO 27001. These standards are the best known and internationally accepted standards for an information security management system (ISMS). (ISO/IEC 27000 family - Information security management systems, n.d.)   ISO 27001   According to the ISO 27001 standard the three cornerstones of information security are Confidentiality, Integrity, and Availability (CIA). These three will be used as guiding principles for the scope of the ISMS plan being developed. Confidentiality will ensure that only authorized users can access information. Integrity will assure that the information is not being changed in an unauthorized manger. And availability will assure that the information is able to be accessed by authorized users with reasonable effort.   3. Justify the organization’s business processes that should be included in the scope   This section will cover the organization’s business processes that should be included in the scope and will cover (1) what the process is, (2) how I would apply the process to the scenario, and (3) why the process is needed or should be included in the scope of the ISMS.  
Search
Similar documents
Tags
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks
SAVE OUR EARTH

We need your sign to support Project to invent "SMART AND CONTROLLABLE REFLECTIVE BALLOONS" to cover the Sun and Save Our Earth.

More details...

Sign Now!

We are very appreciated for your Prompt Action!

x