Please review the attached as this assignment is also focused on the Word document; 10 pages required; $5 per budget.
The reference page must be fomatted like the below
Example of a journal reference:
Kleij, R., & Leukfeldt, E. R. (2020). Cyber Resilient Behavior: Integrating Human Behavioral Models and Resilience Engineering Capabilities into Cyber Security. International Conference on Human Factors in Cybersecurity. doi:10.1007/978-3-030-20488-4_2
Example of a book reference:
Lee, Y., & Trim, P. J. (2014). Cyber Security Management: A Governance, Risk and Compliance Framework. Abingdon: Routledge.
IT 552 Milestone Two Guidelines and Rubric
In Module Four, you will submit 10 security policies as part of the planned solution to mitigate the 10 security gaps identified in the Case Document. There
should be one policy per security gap idenitifed in the Case Document. Consider policies that address topics such as remote access, encryption and hashing (to
control data flow), auditing network accounts, configuration change management (to reduce unintentional threats), segregation of duties, mandatory vacation
(to mitigate intentional threats), personally identifiable information breaches, media protection, and social engineering. This milestone focuses on security
functionality, and each policy should be no longer than one page.
Specifically, the following critical elements must be addressed:
a) What is your proposal for mitigating the identified human factors that pose a threat to the organization’s security posture? Describe the specific policies,
processes, and practices that must be in place to address each of the following.
i. Unintentional Threats: What strategies can protect against human errors made due to cognitive factors? What strategies can protect against
human errors made due to psychosocial and cultural factors?
ii. Intentional Threats: What strategies can protect against social engineering?
b) Data Flow: How do you make sure that the data sender and the data receiver have a sound connection? How do you ensure that data is not tampered
with or altered from its intended meaning? What strategies do you propose to address poor communication?
Guidelines for Submission: Your paper must be submitted as a 10-page Microsoft Word document, with double spacing, 12-point Times New Roman font, and
one-inch margins, in APA format. Each policy should be no longer than one page.
Critical Elements Exemplary (100%) Proficient (90%) Needs Improvement (70%) Not Evident (0%) Value
Human:
Unintentional
Threats
Meets “Proficient” criteria and
proposes evidence-based
solutions for effectively
protecting against unintentional
human errors
Proposes specific policies,
processes, and practices to
protect against unintentional
human errors, including
cognitive, psychosocial, and
cultural factors
Insufficiently proposes specific
policies, processes, and
practices to protect against
unintentional human errors,
including cognitive,
psychosocial, and cultural
factors
Does not propose policies,
processes, or practices for
protecting against unintentional
human errors
25
Human: Intentional
Threats
Meets “Proficient” criteria and
proposes evidence-based
solutions for effectively
protecting against intentional
human threats
Proposes specific policies,
processes, and practices to
protect against intentional
human threats, including social
engineering
Specific policies, processes, and
practices to protect against
intentional human threats,
including social engineering are
minimally described
Does not propose policies,
processes, or practices for
protecting against intentional
human threats, including social
engineering
25
Organizational: Data
Flow
Meets “Proficient” criteria
substantiated with evidence-
based solutions for effectively
protecting against inoperative
organizational factors associated
with data flow
Proposes specific policies,
processes, and practices for
protecting against inoperative
organizational factors associated
with data flow
Specific policies, processes, and
practices for protecting against
inoperative organizational
factors associated with data
flow are lacking in detail
Does not propose policies,
processes, or practices for
protecting against inoperative
organizational factors associated
with data flow
25
Articulation of
Response
Submission is free of errors
related to citations, grammar,
spelling, syntax, and is
presented in a professional and
easy-to-read format
Submission has no major errors
related to citations, grammar,
spelling, or syntax
Submission has major errors
related to citations, grammar,
spelling, syntax, or organization
that negatively impact
readability and articulation of
main ideas
Submission has critical errors
related to citations, grammar,
spelling, syntax, or organization
that prevent the understanding
of ideas
25
Earned Total 100%
IT 552 Case for Final Project
BACKGROUND:
You were just hired as the new chief information security officer for Multiple Unite Security Assurance (MUSA) Corporation whose security posture is low. The first thing your chief executive officer tells you is that they have recently seen a presentation by one of the information security team members emphasizing the importance of having a security awareness program. As a result, you have been asked to develop a security awareness program for MUSA Corporation based on the following 10 security gaps:
1. No annual cyber security awareness training, which is causing high phishing and social engineering attacks
2. No configuration change management policy (to reduce unintentional threats)
3. No intrusion detection/prevention system
4. Logs are not being collected or analyzed
5. No media access control policy
6. No encryption or hashing to control data flow and unauthorized alteration of data
7. Vulnerability assessment is conducted every three years; unable to assess the security posture status
8. High turnover and low morale among the employees (due to lack of employee readiness programs and work planning strategy)
9. High number of theft reports and security incidents; possible unethical/disgruntled employees
10. No segregation of duties or mandatory vacation policies (to mitigate intentional threats)
To that end, you will make recommendations for enhancing security policies, practices, and processes that are currently contributing to a dysfunctional security culture. Your chief goal is to build a program that will foster a healthy security culture and ensure continuous improvement. Your task is to develop a security awareness program that consists of four major components:
1. Proposal Introduction
2. Security Policies Development
3. Continuous Monitoring Plan
4. Communication Plan