Survey

 

As a new graduate of a cybersecurity program, you have decided to apply in a competitive selection process to a joint federal-state government sponsored cybersecurity training program for new graduates (apprentices). As part of your application package, you must submit an essay (narrative) containing a written analysis of an information security program. You can use the worksheet to help organize your information.

 

The application package provides you with the following information:

 

For your application to this program you are asked to prepare a high-level summary of an information security program. Your summary should demonstrate that you are able to read, understand, apply, and write about common information security concepts at the apprentice level. Your summary must include an analysis that addresses strategic fit (how well the information security program supports the organization’s goals and objectives), breadth and coverage of the information security program (people, processes, technologies), any known or previously uncovered program deficiencies or implementation issues, and any stated costs and benefits of the program.

 

Choose one of the organizations listed in Table 1, review the pertinent documents, and then prepare a three- to five-page narrative summarizing your analysis of the organization’s information security program. Uniform Resource Locators (URLs) are provided for the pertinent documents and web pages. Applicant narratives must be submitted in electronic form as Microsoft Word documents. Use standard size (8.5” x 11”) pages. Include your name and the date at the top of each page. Use 1” margins and Times New Roman 12-point font. Double-space your text. Use black text (no colors) on a plain white background. Do not include pictures, tables, or diagrams in your narrative.

 

Cite your sources in APA format and use only authoritative/scholarly sources such as journal articles, books, government documents, and other industry publications (e.g., trade journals or magazines for health care or security professionals). The title page and list of references are not included in the required page count. You must also use and cite the documents listed in Table 1 for your chosen organization. Remember to check the spelling and grammar of your submission.

 

 

 

Worksheet: Information Security Program Survey

 

Copy this table into your own Word document and fill out.

 

Security Area	Responsible Party / Office of Primary Responsibility (OPR)	Known Vulnerabilities / Risks	Countermeasures / Risk Mitigation Strategy
Acquisition (systems/services)
Asset management
Audit and accountability
Authentication and authorization
Business continuity
Compliance management
Configuration control
Data
Hardware
Identity management
Incident management
Maintenance procedures
Media protection and destruction
Network
Planning
Personnel
Physical environment
Policy
Operations
Outsourcing
Risk assessments
Software
Training

 

 

 

 

Table 1
Listing of Information Security Programs for Applicant Essays

 

You may need to scroll to the right to see all five columns in this table.

 

Organization	Website	Strategic Plan	Information Security Program	Program Evaluation Report
Department of Health and Human Services	http://www.dhhs.gov	http://www.hhs.gov/secretary/about/priorities/priorities.html	http://www.hhs.gov/ocio/policy/index.html#Security	http://www.gao.gov/new.items/d06267.pdf
Department of Veterans Affairs	http://www.va.gov	http://www.va.gov/op3/Docs/StrategicPlanning/VA_2010_2014_Strategic_Plan.pdf	http://www1.va.gov/vapubs/viewPublication.asp?Pub_ID=56	http://www.gao.gov/new.items/d10727t.pdf
Internal Revenue Service	http://www.irs.gov	http://www.irs.gov/pub/irs-pdf/p3744.pdf	http://www.irs.gov/irm/part10/index.html	http://www.gao.gov/new.items/d10355.pdf
National Aeronautics and Space Administration	http://www.nasa.gov	http://www.nasa.gov/pdf/516579main_NASA2011StrategicPlan.pdf	http://www.nasa.gov/offices/ocio/itsecurity/	http://www.gao.gov/new.items/d104.pdf
State of Maryland	http://www.maryland.gov	http://www.statestat.maryland.gov/gdu.asp	http://doit.maryland.gov/support/Documents/security_guidelines/DoITSecurityPolicy.pdf	http://www.ola.state.md.us/Reports/Fiscal%20Compliance/DoIT09.pdf
University of Nebraska Medical Center	http://www.unmc.edu	http://www.unmc.edu/wwwdocs/strategic-plan_06-10_v3-brochure1.pdf	http://www.unmc.edu/its/docs/UNMCInformationSecurityPlan-Sept2010.pdf	Audit report not available. Usehttp://www.gao.gov/new.items/d10361.pdf