Describe the security strategy used.

The purpose of this assignment is to identify an appropriate information security (InfoSec) governance program for a company, using a quantitative risk assessment to justify the investment in the program and an executive summary to concisely present findings.

Using the case study company selected for the Topic 1 assignment, write a paper (1,250-1,500 words) that recommends and justifies a particular InfoSec governance to C-suite (executive-level) management.

Directions

Be sure to include the following:

Description of an InfoSec governance program appropriate for the selected company.

1. Recommend a governance program.
2. Describe the security strategy used.
3. Explain the risk management methodology.
4. Identify security policies.
5. Identify how ethics plays a role in the InfoSec governance program.

Explanation of a quantitative risk assessment justifying investments in information security. Include a cost-benefit analysis using the annual loss expectancy.

Description of findings in the form of an executive summary (150-200 words).

Requirements

Include at least three academic references for this assignment.

Prepare this assignment according to the guidelines found in the APA Style Guide, located in the Student Success Center. An abstract is not required.

This assignment uses a rubric. Please review the rubric prior to beginning the assignment to become familiar with the expectations for successful completion.

You are required to submit this assignment to LopesWrite. A link to the LopesWrite technical support articles is located in Class Resources if you need assistance.

Benchmark Information

This benchmark assignment assesses the following programmatic competencies:

MS Information Assurance and Cybersecurity

2.3: Justify investments in information security.