Project #55804 - Information security policy analysis


Every organization must consider the mandatory and recommended practices when creating its information security program and/or security policies. Legislative documents such as FISMA are mandatory, yet standards documents such as FIPS 200 can also be mandatory. The selected organization used one or more standard when creating its information security program. For this project, you will identify a standard used by your organization in its information security program, then compare and contrast with another similar standard.


Learning Objectives 

After completing this project, students will be able to:


  1. Identify recognized US Standards Organizations
  2. Describe at least two technical standards
  3. Compare and contrast technical standards for information systems security technologies.
  4. Describe how the technical standards impact the selected organizations' information security programs


Your research paper should be at least three (3), full pages, double spaced, 1-inch margins, in New Times Roman 12-pitch font, with a cover page (name, course number, date, title of paper) and a reference page. The cover page and reference page are not included in the three-page minimum. Papers not meeting the three full-page minimum will lose points. You must have at least three scholarly sources, correctly formatted per APA guidelines. Submit your research paper to the appropriate TurnItIn assignment area by the due date.


Detailed Description of Learning Activity

1. Review your organization's information security program documentation and determine what standard(s) the organization used to create the program.

2. Pick one of the following three standard options for your comparison:

ü  FIPS 200 and ISO 27002

ü  FIPS 140-2 and ISO 19790

ü  DES/3DES/AES (if you select this option you must compare all three standards against each other)

3. Select three (3) to five (5) points of analysis (POAs) from the FIPS 200, FIPS 140-2, or AES standard.

4. Find the equivalent POA in the ISO 27002, ISO 19790, or 3DES/DES standard respectively.

5. Write your research paper. At a minimum, the paper should include

ü  an Introduction that includes the purpose of your paper, introduces the organization, and explains why you selected the standards you are researching

ü  a Standards section that describes from a general standpoint, the two standards you selected for the paper

ü  a Points of Analysis section that describes your three to five points, from a general standpoint

ü  a Compare and Contrast section explaining the diffrences between the two standards, using details and specifics

ü  Use spell and grammar check before submitting. It is also a good idea to have someone else read your paper.

ü  Submit the project to TurnItIn by the due date.

6. Examples of POAs:

ü  Cryptographic Key Management (FIPS 140-2)

ü  Security Levels of Cryptographic Modules (140-2)

ü  Key Length (AES)

ü  Performance (AES)

ü  System Impact Levels (FIPS 200)

ü  Security Control Selection (FIPS 200)

7. Make sure you use the rubric. If you check off all items in a specific grade category, then you could/should earn those respective points. For example, if you only include 3 POAs, you cannot earn more than 5 points for that section.

Subject Computer
Due By (Pacific Time) 02/07/2015 04:00 pm
Report DMCA

Chat Now!

out of 1971 reviews

Chat Now!

out of 766 reviews

Chat Now!

out of 1164 reviews

Chat Now!

out of 721 reviews

Chat Now!

out of 1600 reviews

Chat Now!

out of 770 reviews

Chat Now!

out of 766 reviews

Chat Now!

out of 680 reviews
All Rights Reserved. Copyright by - Copyright Policy