Assignment: Security Compliance
• Section 1 - Company Overview
• Section 2 - Federal and State Regulations, Directives, and Acts
o Identify and describe 5 Federal Regulationsyour company needs to understand and have compliance
o Identify and describe 2 State Regulationsyour company needs to understand and have compliance
o Describe how each of these regulations apply to the specific company
• Section 3 - Compliance Plan
o Describe Policies, Standards, Processes and Guidelines
o Discuss the relationship between Controls and Audits
o The Sarbanes-Oxley Act
o The different implications Regulations have on Government and non-Government entities
• Section 4 - Acceptable Use Policy
o Global Regulations
o Safe Harbor
o Work Councils
o Acceptable Use Policy and Enforcement Ethics
• Section 5 - Certification and Accreditation
o Certification and Accreditation
o Certification and Accreditation Frameworks
• Section 6 - Preparing for Certification
o DIACAP
o ISO27002
• Reference
Section 1: 1 page
• Overview
Section 2: 3 pages/refences
• Describe 5 different Federal Regulations your company needs to understand and have compliance
• Describe 2 different State Regulations your company needs to understand and have compliance
• Discuss how each of these regulations are applicable to the company
Section 3: 2 pages/refences
• Include a report about at least 3 incidents that are considered a contributing factor for the enactment of this regulation specific to the chosen company's infrastructure.
• Ensure to include what specifically the act means to the IT organization.
• What does it specify that needs to be done?
• What does the regulation mean for public, private, and government organizations as well as especially to the company the student has chosen?
Section 4: 2pages/refences
• Create an Acceptable Use Policy for the organization the student has chosen.
• In a separate discussion (meaning outside of the policy) talk about the tools and processes that can be used for investigate violations.
• What are the ethical considerations that the company and end users need to be aware of?
Section 5: 2 pages/refences
• Take this opportunity to define the difference between Certification and Accreditation.
• To help with the process and not have to make up one on your own, describe at least 3 Industry/International Certification Frameworks that are used to evaluate the Security of an Application or System.
• Describe Common Criteria as one of the frameworks.
Section 6: 2 pages/refences
• Summarize DIACAP and ISO27002's framework and history.
• Choosing either DIACAP or ISO27002, update your plan to include the following:
o Describe how and where the framework could be applied.
o Include a discussion about how and if the concepts could be applied to a government or public company or is there a potential for overlap.
o Using the framework, show how it can be applied to a medium-sized system.
Format your assignment according to the following formatting requirements:
1. The answer should be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides.
2. The response also include a cover page containing the title of the assignment, the student's name, the course title, and the date. The cover page is not included in the required page length.
3. Also Include a reference page. The Citations and references should follow APA format. The reference page is not included in the required page length.