You are the new CISO of ______________________________, a multi-state organization. Based on your initial interview and research you did prior to accepting the position, you believe the organization is only roughly 30% compliant with government and industry regulations. Prior to hiring you, the organization attempted to maintain compliance and all information technology (IT) matters in-house. You believe the best way to proceed is to get a detailed “view” of the organization by hiring a third-party evaluator and then determining if the work to become fully compliant and to maintain that posture should be conducted in-house or outsourced to a third party.
The issues facing you and your organization include the urgency of knowing of instances of noncompliance, the threat of an issue occurring or becoming public, the potential harm to customers/patients/students, and potential loss of revenue and what could be huge fines. One area that will require attention is ensuring that all regulations are followed. To do that, you will need to research the specific industry and identify the specific compliance requirements.
As you progress through the modules, the work you complete will become part of your final project submission. Each milestone is a stand-alone assignment that should be completed and submitted per the course schedule, but which will be re-used as part of the final project submission. All work is individual except for the team report to the board, which will be completed with a team constructed from this course.
List of Milestone Activities:
1. Audit Scope Statement. (Due in Module 1)
2. Identify necessary compliance and regulatory mandates that apply to the selected industry and organization.
3. Assemble the Audit Committee.
4. Report a hack to the board of directors.
5. Identify and classify data and information resources.
6. Develop a data retention policy for the organization.
7. Create a plan for logging and audit.
8. Join a team with others in similar industries or organizations and create a presentation with your plan to bring the organization into compliance. The plan will include a timeline and budget.
Assignment Instructions
In Module 1, you will complete the first milestone in your case study—Case Study Milestone 1: The Audit Scope Statement. This statement will require that you choose an organization and begin conducting background research on this organization that will be relevant to how you proceed with your compliance assessment and your risk analysis report over the course.
Please create an organizational statement that includes the following components:
1. Student Name:
2. Organization/Industry (Include subindustries (example: Manufacturing/Food Service – Hostess Bakery):
3. The number of locations and specific location addresses (at least 3 locations):
4. Number of Employees (at least 500):
5. Annual Sales:
6. Details of the organization (such as publicly-traded and, if so, traded through which exchange, privately held, wholesale/retail, and so forth):
7. What types of intellectual property do they have—recipes, schematics, blueprints, processes, customer records, supplier records, and so forth. Be specific. Think about the organization. Provide information on the following areas: Employees/contractors; customers; business operations (including sales, production, and suppliers); any other information that type of business could maintain.
8. At least three (3) quality references for that type of business to show that there is enough public information to support your project.
9. Your submission should be several paragraphs in length and provide details to show you understand the organization and business environment enough to proceed.
Posted inUncategorized