Devry Network Security Assessment Discussion I need a document that establishes a University’s Incident Detection and Response Plan. This is to be based on

Devry Network Security Assessment Discussion I need a document that establishes a University’s Incident Detection and Response Plan. This is to be based on a hypothetical University architecture, or any other organization you are familiar with.

This document must include the following elements:

1) Executive Summary

2) Data Security Plan

Identify and describe University Data Types [i.e., the kind of records and information the university keeps]
Identify Records Management Requirements(Recommend https://www.archives.gov/records-mgmt/policy/universalermrequirements and its downloadable Excel spreadsheet)
Identify relevant statutory and regulatory privacy requirements (e.g., the Privacy Act of 1974, GDPR, HIPPA, CCPA, PCI SSD, and/or any others that apply)

3) Security Risk Assessment

Identify 15 risks that the University, or your chosen organization, faces (e.g., small budget for security, employees not trained in security and awareness, employees work remotely, building where server resides is in an area where tornadoes hit often, etc.)
Use NIST’s 25 Security Controls families and find the control family where these risks may reside. Keep in mind there may be more than one family the risks belong to. https://nvd.nist.gov/800-53/Rev4

Example:

Risk: employees not trained in security and awareness

Security Control Family: AT – Awareness and Training

4) Revised Network Design

Identify LAN design for wired and wireless infrastructure
Identify IP naming convention for LAN and element subnetworks
Identify security control points across multiple subnetworks
Identify integration of onsite IT assets with public cloud infrastructure

5) Incident Detection Concept of Operations (CONOPS)

Define roles and responsibilities for security monitoring
Identify tools to be used in incident monitoring
Identify and describe automated and manual processes for incident monitoring
Define process for reporting incidents including timeliness and prioritization

6) Governance Recommendations

Define an appropriate Information Security Governance Structure for the chosen organization.
Identify recommended policy changes to protect your chosen organization data assets – each recommendation MUST include a discussion of why this recommendation is appropriate and reasonable

7) References

This document should be no fewer than 1500 Word (APA Format) including figures and tables (but excluding Title Page and references).

3 minimum references .

Do not copy and paste

Submit a Comment