The purpose of this Capstone Project is for students to examine and solve real world information assurance problems and apply associated techniques to create practical solutions. The course takes an integrative and senior security officer approach to address the policy, risk, and control opportunities within cyberspace and IT environments. Deliverables 1 through 5 focus on preparing students toward the final Capstone Project. Skills, experience, and knowledge gained through the completion of prerequisite courses will be used throughout each deliverable. The project contents to be addressed are as follows:
Security Policy Documentation
Due Week 6 and worth 90 points
Project Deliverable 3 is a two-part deliverable using MS Word and MS Project, or their open source equivalents. Note: You may create and / or make all necessary assumptions needed for the completion of this assignment.
Research the Internet for a large organization, reviewing its cybersecurity policy.
From your textbook, examine the phrase “policy as a project” from the Cyber Security Policy Guidebook, taking into account the security cycle.
Submission Requirements
Document (MS Word)
Microsoft Project (MS Project)
Section 1
Write a three to four (3-4) page paper in which you:
Analyze the strategy used to protect the large organization you researched from hackers, fraud, and theft.
Describe how your researched large organization uses “policy as a project” in its program.
Analyze the general consequences of not having a policy for cybersecurity. Justify your thoughts with real-world examples.
Cover the basic needs should there be a lack of cybersecurity policy in an organization. Decide what can be done to provide a base for security needs.
Section 2
Using Microsoft Project, or an open source alternative such as OpenProj, to:
5. Record all tasks, subtasks, resources, and time related to the security cycle.
6. Outline the organization’s business, the systems, mission, and / or risk management phases in your design.
7. Your milestones should show how you are reducing cybersecurity risk rather than compliance and best practices.