Part I
Based on the reading materials at background section and your own research, prepare a 3-5 page report to address the following questions on ISO standards on information security management:
Describe the Plan-Do-Check-Act process.
What does this process accomplish?
Part II
Based on the reading materials at background section and your own research, prepare a 3-5 page report to answer the following questions
Discuss the difference between law and ethics;
Research the Sarbanes-Oxley Act of 2002 and discuss how it has impacted information security in an organization.
Assignment Expectations
Your paper should be from 6 to 10 pages long. Combine Parts I and II into a single report, labeling each part accordingly.
Your paper should provide a summary of your findings from the assigned materials and any good quality resources you can find. Please cite all sources and provide a reference list at the end of your paper. The following items will be assessed in particular:
Ability to consolidate ideas from reading materials.
Demonstration of your understanding of the process of how to manage and operate an information security management system.
The ability to express your ideas clearly.
****BACKGROUND INFORMATION****
Designing and Implementing an Effective Information Security Program: Protecting The Data Assets of Individuals, Small And Large Businesses. Retrieved on March 18, 2013, from http://www.sans.org/reading_room/whitepapers/hsoffice/designing-implementing-effective-information-security-program-protecting-data-assets-of_1398
Implementing an Effective IT Security Program. Retrieved on March 18, 2013, from http://www.sans.org/reading_room/whitepapers/bestprac/implementing-effective-security-program_80
A Success Strategy for Information Security Planning and Implementation – A guide for executives. Retrieved on March 18, 2013, from http://www.citadel-information.com/wp-content/uploads/2010/12/success-strategy-for-infosec-planning-and-implementation-0801.pdf
Implementing Methodology for Information security management system. Retrieved on March 18, 2013, from http://www.giac.org/paper/gsec/2693/implementation-methodology-information-security-management-system-to-comply-bs-7799-requi/104600
ISO 27001 Information security management systems. Retrieved on March 18, 2013, from http://www.youtube.com/watch?v=V7T4WVWvAA8&list=PL5E6D4A5B33DCAE78
Information Security Management Best Practice Based on ISO/IEC 17799. Retrieved on March 18, 2013, from http://www.arma.org/bookstore/files/Saint_Germain.pdf
Information security management systems ISO/IEC 27001:2005. Retrieved on March 18, 2013, from http://www.slideshare.net/ControlCase/isms-presentation-oct-202012
Annual Maintenance For Computers. Retrieved on March 18, 2013, from http://itsecurity.vermont.gov/maintenance
Information Security Program Guide for State Agencies. Retrieved on March 18, 2013, from http://www.cio.ca.gov/ois/government/documents/pdf/info_sec_program_guide.pdf