Security strategy

Security strategy

Read the Case Study posted for this assignment. Determine the information technology/security gaps and develop a security strategy that includes issues relating to confidentiality, integrity, and availability (CIA), and that includes the key elements relative to People, Process, and Technology.

Step 1: Describe the key issues/challenges/crisis from this case study.
Step 2: Based on the information provided in the case study, describe and document the recommended security strategy to mitigate the issues/challenges identified.
Step 3: Describe the proposed security solutions and relationship to the case study.
Step 4: Document a detailed, proposed timeline for addressing each element of the strategy that you identify. Provide estimates for implementing recommended strategies, with rationale. Include what resources are necessary for completing each task in the timeline.
Step 5: Provide a high-level recommendation regarding the next steps to take in mitigating risks identified.

Using the case study and NIST SP 800-53, Identify and prioritize IT Security controls that should be implemented. Discuss any applicable US Government regulations/standards that apply to this organization (The organization is from Project 1).

Step 1: Review the selected case study and describe at least10 issues related to security, interoperability, and operations.
Step 2: Prioritize and articulate the selected requirements based on immediate need, security posture, complexity, resource availability, and cost.
Step 3: Identify at least 4 applicable government regulations/ standards that govern how the requirements must be met, implemented, or measured. Provide rationale for why these are applicable.
Step 4: Using NIST Special Publication 800-53 select at least 4 security controls that relate to these issues and describe how these controls enhance the security posture or facilitates the secure implementation of these requirements.

Select one of the security technologies you identified in either P1 or P2. Research and evaluate its capabilities, costs, maintenance requirements, flexibility, and feasibility for implementation. The analysis should include pros and cons, potential barriers to success, vulnerabilities eliminated or reduced, convergence issues, first adopters (if the technology is new), and any other issues you deem important to consider.

Develop a Security Plan and Recommendation Memo to the CIO.  The Plan must communicate the security strategy and technologies (minimum of 3) you are recommending from Project1, 2 & 3.  Include a brief description of the technologies you are proposing with associated costs, expected return on investment (ROI), mitigation of risks, barriers to success. You must also include a detailed Network Diagram illustrating how this technology fits into the infrastructure.

The Recommendation Memo is a one page Executive Memo to the CIO summarizing and introducing the Plan. The recommendation memo will be on plain white background and carry the same formatting as a formal letter. You may use one of the MS Office or similar memo styles that meet this requirement.

Using the recommendation memo and network diagram, develop a high-level plan for implementing the changes and mitigating vulnerabilities and convergence issues. The high-level plan should include all the system development life cycle (SDLC) gates/decision points and all relevant tasks. Describe and relate the implementation solution to CIA and incorporate, people, processes and technology to this plan.

This is a combination of a paper and a detailed list of steps and resources that you would follow to implement and complete this project. Think about all of the actions, resources, and tasks that you would need in order to effect a successful implementation. These should also be included as part of the plan. The instructor may provide a template to use with this assignment. The minimum structure for this assignment is below:


Purpose of Plan


Business Goals and Objectives

Project Goals and Objectives


Scope Definition

Items Beyond Scope


System Development Life Cycle/Schedule



Project Assumptions


Project Constraints

Critical Project Barriers
Powered by