Assignment
At this point the management team is quite impressed with the work performed to this point. They like the basis you have provided to ensure compliance with State and Federal regulations and to prepare the organization for a Certification and Accreditation process. For the final deliverable, you have been asked to complete the Security Compliance Auditing Plan by providing information about the application of ISO27002 or DIACAP to their medium sized system.
Part 1 (Weeks 1-4)
You have already completed the following:
• Section 1 - Company Overview
• Section 2 - Federal and State Regulations, Directives, and Acts
• Section 3 - Compliance Plan
• Section 4 - Acceptable Use Policy
• Section 5 - Certification and Accreditation
Part 2- Finalize your Key Assignment
• Summarize DIACAP and ISO27002's framework and history.
• Choosing either DIACAP or ISO27002, update your plan to include the following:
o Describe how and where the framework could be applied.
o Include a discussion about how and if the concepts could be applied to a government or public company or is there a potential for overlap.
o Using the framework, show how it can be applied to a medium-sized system.
Add the discussion about the frameworks and their application to the section titled: Preparing for Certification.