Assignment:
The purpose of this assignment is to identify an appropriate information security (InfoSec) governance program for a company, using a quantitative risk assessment to justify the investment in the program and an executive summary to concisely present findings.
Using the case study company selected for the Topic 1 assignment, write a paper (1,250 to 1,500 words) that recommends and justifies a particular InfoSec governance to C-suite (executive-level) management.
Directions
Be sure to include the following:
- Description of an InfoSec governance program appropriate for the selected company.
- Recommend a governance program.
- Describe the security strategy used.
- Explain the risk management methodology.
- Identify security policies.
- Identify how ethics plays a role in the InfoSec governance program.
- Explanation of a quantitative risk assessment justifying investments in information security. Include a cost-benefit analysis using the annual loss expectancy.
Description of findings in the form of an executive summary (150 to 200 words).
Requirements
Include at least three academic references for this assignment.
Prepare this assignment according to the guidelines found in the APA Style Guide, located in the Student Success Center. An abstract is not required.