Information Security Models

Information Security Models - Week 7Learning Objective: Compare and contrast common security models.Assignment RequirementsQ1. Information security models are standards that are used for reference or comparison and often serve as the stepping-off point for emulation and adoption. Your task for this assignment is:Introduce the concept of using information security models (why are they important).Explain that some security architecture models are implemented into computer hardware and software, some are implemented as policies and practices, and some encompass both.Describe, compare, and contrast TWO common security models.Conclude with your recommendation of which model would be best to use in your organization.Submission RequirementsFormat: Microsoft WordFont:Arial, 12-Point, Double- SpaceCitation Style: APALength: 23 pages (plus a cover sheet)Q2. Outline of an Information Security Program - Week 6Assignment RequirementsAninformationsecurity program, as described inThe Many Facets of an Information Security Program, identifiesthe structured effort needed tocontain risks to the information assets of the organization.ReviewThe Many Facets of an Information Security Programfrom the SANS Institute.Outline the 11 supporting programs within an Information Security Program.In each of the 11 sections, provide a brief description of why YOU think these programs should be included.Submission RequirementsFormat: Microsoft WordFont:Arial, 12-Point, Double- SpaceCitation Style: APALength: 23 pages (plus a cover sheet)Q3. Three Major Types of Information Security Policies - Week 5Learning Objective: Recognize the three major types of information security policy and know what goes into each type.The NIST published Generally Accepted Principles and Practices for Securing Information Technology Systems (NIST 800-14) in 1996.For many years government agencies used NIST 800-14 as a source for developing information security policies (program, issue-specific, systems-specific, and etc.). The guide was also to prepare for contingencies, incident handling, and training.Assignment RequirementsReview 800-14Generally Accepted Principles and Practices for Securing Information Technology Systems->http://csrc.nist.gov/publications/nistpubs/800-14/800-14.pdfAfter reviewing the NIST document and completing the reading assignment, write a 2-3 page paper that addresses the following:In the introduction, describe the importance of security policies.Use your text or other resources and provide an introduction to the three major types of information security policies. (Enterprise information security program policy, Issue-specific information security policies, Systems-specific information security policies)Identify types of information is contained in each of the three types of policies.Compare and contrast the three policies.Conclusion:How much have policies changed since the 1996 publication? Are the same principles identified in 1996 applicable to today? Your thoughts?Submission RequirementsFormat: Microsoft WordFont:Arial, 12-Point, Double- SpaceCitation Style: APALength: 23 pages (plus a cover sheet)