Information Systems Security

24/7 Homework Help

Stuck on a homework question? Our verified tutors can answer all questions, from basic math to advanced rocket science!


Your security consulting firm has been retained by an insurance company to help it develop and implement a risk reduction program for companies purchasing cybersecurity liability insurance. The next task on this multi-year contract is to develop a set of program plans for organization-level information security programs for small businesses (i.e., up to 100 employees, no more than five offices / work locations). These documents must be tailored to specific industries and, due to the high percentage of Internet-based businesses seeking cybersecurity insurance, must address state, federal, and international laws, regulations, and standards.

  1. To begin this assignment, your team (group) must select one industry or business type from the list below, which links out to the U.S. Small Business Administration website, (If you wish to use an industry or business type not in this list you must first obtain permission from your instructor.)


  2. Next, read Information Security Program Background Information and Concepts (below).
  1. Investigate how businesses in your selected industry use information technology to do business. Research your industry, using the UMUC library and the Internet. As a starting point, use the business guides found at
  1. As a team, complete the information security program requirements gathering and analysis exercise using the provided worksheet (below).
  1. Finally, each team (group) is to produce an executive-level briefing outlining the organization-level information security program plan, tailored to your chosen industry or type of business, using information from your completed worksheet. Use the outline provided below as a guide for writing your program plan briefing. Organization-level information security program plans describe/specify the required organization and management structures (people and processes), as well as the technologies used to implement required information security protections and countermeasures.

Outline: Information Security Program Plan

  1. Introduction
  2. Security Policy and Planning
  3. Personnel Management
  4. Physical Security Management
  5. Data Security Management
  6. Software Security Management
  7. Hardware Security Management
  8. Network Security Management
  9. Business Continuity/Disaster Recovery
  10. Incident Reporting and Management


Worksheet: Information Security Program Plan


Copy this table into your own Word document and fill it out.


Security area

Responsible party/office of primary responsibility (OPR)

Policy statement

Countermeasures/risk mitigation strategy

Known vulnerabilities/risks

Acquisition (systems/services)





Asset management





Audit and accountability





Authentication and authorization





Business continuity





Compliance management





Configuration control















Identity management





Incident management





Maintenance procedures





Media protection and destruction

























Physical environment*










Risk assessments





Security policy and planning*
















Security areas marked with an asterisk (*) must be addressed as a major section in your group’s information security program plan. The remaining sections should be addressed as subsections or within a subsection underneath one or more of the major sections.

Hire a competent writer to help you with

Information Systems Security

troublesome homework