Assignment: Cybersecurity and Privacy
• Your CEO has become increasingly concerned with the cybersecurity and privacy issues and incidents over the past few years, including lost laptops, data leakage incidents, stolen PII from major companies, such as Sony Playstation, wireless network vulnerabilities, remote access issues, and others. Though these incidents have not occurred in the organization, the CEO is concerned that employee and customer data is not properly protected. He needs a policy that addresses cybersecurity and privacy auditing and a plan for conducting the audits. Thus, as the Information Security Manager in this medium-sized organization, imagine you have been tasked with developing a cybersecurity and privacy policy as well as a list of IT audit tasks for cybersecurity and privacy.
Develop a 3 page paper Cybersecurity and Privacy Policy that will be presented to senior leadership for approval, which includes at a minimum:
1. Cybersecurity overview
2. Privacy overview
3. Scope
4. Goals and objectives
5. Compliance with applicable laws and regulations
6. Management oversight and responsibility
7. Areas covered in the IT audits
8. Frequency of the audits
9. Use at least three quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.
Your assignment must follow these formatting requirements:
• Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.
• Include a cover page containing the title of the assignment, the student's name, the professor's name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.
The specific course learning outcomes associated with this assignment are:
• Describe the process of performing effective information technology audits and general controls.
• Explain the role of cybersecurity privacy controls in the review of system processes.
• Discuss and develop strategies that detect and prevent fraudulent business practices.
• Use technology and information resources to research issues in information technology audit and control.
• Write clearly and concisely about topics related to information technology audit and control using proper writing mechanics and technical style conventions.