Question
Case Study A security blizzard Recently you attended a planning session for IT regarding the various security standards such as Payment Card Industry (PCI), HIPAA,
Case Study A security blizzard
Recently you attended a planning session for IT regarding the various security standards such as Payment Card Industry (PCI), HIPAA, OWASP, White House Directives, Technical Bulletins and alerts from anti-virus providers. The gaps between these guidelines recommended and what your company actually had in place were thoroughly reviewed and placed on a back log list. By the end of the multi-day session the back log list was quite lengthly. An attempt was made to prioritize them but the implementation of some would impact strategic business projects. Clearly the business will need to help prioritize the back log. But how best to engage the business, prioritize all these items and adequately mitigate risk across the enterprise? You recall from MIS 412, the COBIT 5.0 model, and think that it would be useful. You do a quick review of APO13 Manage Security before bringing this to your manager to solve this enterprise planning problem.
Using APO13 ( See D2L Content, Cobit Folder, Cobit 5 Enabling )
[Question 1 - 3 points] What are the three APO13 practice areas
Establish and maintain an ISMS.
Define and manage information security risk treatment plan
Monitor and review the ISMS.
[Question 2 - 6 points] What are the six key deliverables indicated by the three practice areas:
ISMS policy
ISMS scope statement
Information security risk treat plan
Information security business case
ISMS audit report
Recommendations for improving the ISMS.
[Question 3 - 3 points] Based on this case description, which activities ( of the 19 APO13 family) would you rate as the top 3 to help this situation?
Define and communicate information security management roles and responsibilities.
Formulate and maintain an information security risk treatment plan aligned with strategic objectives and the enterprise architecture. Ensure that the plan identifies the appropriate and optimal management practices and security solution, with associated resource, responsibilities, and priorities for managing identified information security risk.
Recommend information security training and awareness programmers..
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started