Assignment
CSF framework, and the ISO/IEC 27001:2013 certification process to expand their understanding through the lens of an internal auditor for a small and medium-sized business. The student may select to address the scenario from a federal or private sector perspective, but must be sure to denote which sector is chosen and apply the appropriate logic to the steps needed to secure compliance.
Scenario
The federal and private sector organization is considering ISO/IEC 27001:2013 certification and currently holds a Level 3 strategic alignment organizational alignment maturity (established policies, procedures, and SOPs). The organization requires additional work to obtain an optimized state and you have been asked to lead the effort to get them there.
In a 750- to 1,000-word paper, describe the steps you would use to help the organization begin to prepare for this certification. Make sure to address the following:
1. What is the organizational readiness for certification? Review the Strategic Alignment Maturity Model Levels for this portion.
2. How many members of your internal audit team will you need to perform the risk assessment? How long will the risk assessment take?
3. What internal technology teams and other key stakeholders will you need to engage?
4. Provide a brief description of the ISO/IEC 27001:2013 or FISMA certification process (dependent on sector type chosen).
Format your assignment according to the following formatting requirements:
1. The answer should be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides.
2. The response also includes a cover page containing the title of the assignment, the student's name, the course title, and the date. The cover page is not included in the required page length.
3. Also include a reference page. The Citations and references should follow APA format. The reference page is not included in the required page length.