*****
2.4 Threat Analysis (Phase 1)
*****

Getting Started

In this assignment, you will develop an initial cybersecurity analysis that will become a part of the final project due in the last workshop of this course.

Upon successful completion of this assignment, you will be able to:

• Describe and classify the types of threats to an organization’s infrastructure and data.
• Select appropriate security frameworks to design a comprehensive security posture.
• Implement strategies to mitigate threats and contain any attacks that may infect the computing environment.

Instructions

1. Review the rubric to make sure you understand the criteria for earning your grade.
2. Phase 1 of Final Project: Develop a comprehensive analysis that identifies threats and vulnerabilities to the information systems infrastructure and organizational data.
3. You may use a fictitious company, one that you researched on the Internet, or your own workplace (although you should use an alias for the company name).
4. Conduct Internet research for formats that are used for a threat analysis.
   1. Include a short executive summary for this assignment, although you will need to revise this summary for the final paper.
   2. The threat analysis should be approximately 4 to 5 pages in length, in APA format, and double-spaced for the narrative.
   3. You may use tables or other graphic representations.
   4. The paper should include references to any material used in preparing the paper. References are to be cited within your paper as well as on the Reference page using APA format.
   5. You should use online resources to develop your plans; just make sure to cite these sources. All written work should be your own.
   6. Consider using Grammarly before you submit your paper. Grammarly checks grammar, provides suggestions for corrections, and reviews references.

Getting Started

In this assignment, you will develop a mitigation strategy that will later be utilized in the final project, due in the last week of the course.

Upon successful completion of this assignment, you will be able to:

• Select appropriate security frameworks to design a comprehensive security posture.
• Implement strategies to mitigate threats and contain any attacks that may infect the computing environment.

Instructions

1. Review the rubric to make sure you understand the criteria for earning your grade.
2. Phase 2 of Final Project: Provide a comprehensive mitigation strategy based on the threat analysis done in Assignment 2.4.
3. As mentioned in Assignment 2.4, you may use a fictitious company, one that you researched on the Internet, or your own workplace (with an alias used for the company name).
4. Conduct Internet research for formats that are used for developing and categorizing a security mitigation strategy.
   1. Include a short executive summary for this assignment, which you will revise later for use in the final paper.
   2. The mitigation strategy should be approximately 4 to 5 pages in length, in APA format, and double-spaced for the narrative.
   3. You may use tables or other graphic representations; however, these additions to the paper should not be included in the page count.
   4. The paper should include references to any material used in preparing the paper. You should use online resources to develop your plans; just make sure to cite these sources. All written work should be your own.
   5. Consider using Grammarly before you submit your paper. Grammarly checks grammar, provides suggestions for corrections, and reviews references.

*****
5.3 Business Continuity Plan (Phase 3)
*****

Getting Started

This assignment covers the topics of disaster recovery and business continuity concepts and practices, as well as developing an understanding of risk and change management, and concepts related to the development of secure software.

Upon successful completion of this assignment, you will be able to:

• Select appropriate security frameworks to design a comprehensive security posture.
• Implement strategies to mitigate threats and contain any attacks that may infect the computing environment.

Instructions

1. Review the rubric to make sure you understand the criteria for earning your grade.
2. Phase 3 of Final Project: Write a two- to four-page paper that addresses and reflects upon the following:
   1. Describe the concepts and practices of designing and implementing a business continuity and disaster recovery plan.
   2. How might you test a disaster recovery plan?
   3. What should a risk management plan include?
   4. How does a change management plan impact the overall risk strategy?
   5. What are the important concepts that should be included in a security plan for the development of secure software?
3. Support your writing with at least two outside sources. The paper should be in APA format.
4. Consider using Grammarly before you submit your paper. Grammarly checks grammar, provides suggestions for corrections, and reviews references.

*****

Getting Started

Phase 4 of the Final Project will provide the student with the opportunity to put into practice the concepts covered in this course. This includes identifying threats to information systems assets (including data), developing mitigation strategies, and assuring compliance to policies set forth.

Upon successful completion of this assignment, you will be able to:

• Describe and classify the types of threats to an organization’s infrastructure and data.
• Select appropriate security frameworks to design a comprehensive security posture.
• Implement strategies to mitigate threats and contain any attacks that may infect the computing environment.
• Design a comprehensive training and awareness plan to educate the user community on security policies and procedures.

Background Information

In the previous assignments in this course, you submitted a security threat analysis, a plan to mitigate those threats, and a business continuity plan summary. For this final paper/proposal, you will integrate work from the previous assignments into this assignment.

Instructions

1. Review the rubric to make sure you understand the criteria for earning your grade.
2. Phase 4 of the Final Project is a proposal to provide a comprehensive security plan for your organization.
3. As the final step of this proposal, you will prepare a comprehensive Security Awareness and business continuity plan (taking what you did in Assignment 5.3 and expanding upon the summary) that will be used throughout the organization. The plan should address awareness from the perspective of employee expectations. The business continuity plan should address the requirements needed to recover from potential disasters, whether through natural causes (weather, fire, etc.) or a security breach. The paper should be outlined as follows:
   1. Executive Summary/Introduction
   2. Threat Analysis (Assignment 2.4)
   3. Mitigation Strategies (Assignment 4.4)
   4. Business Continuity Plan (Assignment 5.3 was an overview)
   5. Security Awareness Program Plan/Overview
   6. Conclusion
4. Provide transitions between these six sections. The total length of the paper should be 15–20 pages. You may use graphics or other features within your paper; however, these do not count toward the 15–20 page total.
5. Make sure the paper is double-spaced and in  APA format. The paper should have a minimum of five references, which should be cited correctly within the paper as well as on the Reference page using APA format.
6. Consider using Grammarly before you submit your paper. Grammarly checks grammar, provides suggestions for corrections, and reviews references.