Subject: General Questions    / General General Questions    

Question

Week 1 forum

Topic: ISA-CMM Processes

Describe the role of information assurance and how it relates to the ISA-CMM. – why is process maturity important to information security? Provide at least two peer reviewed sources to substantiate your posting; formatted in APA 6th edition style.

Instructions: Your initial post should be at least 250 words. Please respond to at least 2 other students. Responses should be a minimum of 100 words and include direct questions. Your initial posting in response to this discussion topic is ideally posted by Wednesday to afford your peers an opportunity to review and comment on your posting. Postings on other classmate postings should be accomplished by Friday to afford your peers an opportunity to respond and for you to engage in a discussion on the points that are made. Please seek to avoid last minute postings or posts that say 'good job' or 'I agree' — we are seeking to exchange ideas and perspectives with the intent of increasing our collective knowledge.

Week 2 forum

ISA Training

What is Information Security Awareness training and how does it relate to ISA training needs?

Provide at least two peer reviewed sources to substantiate your posting; formatted in APA 6th edition style.

Instructions: Your initial post should be at least 250 words. Please respond to at least 2 other students. Responses should be a minimum of 100 words and include direct questions. Your initial posting in response to this discussion topic is ideally posted by Wednesday to afford your peers an opportunity to review and comment on your posting. Postings on other classmate postings should be accomplished by Friday to afford your peers an opportunity to respond and for you to engage in a discussion on the points that are made. Please seek to avoid last minute postings or posts that say 'good job' or 'I agree' — we are seeking to exchange ideas and perspectives with the intent of increasing our collective knowledge.

Week 3 forum

Risk Assessment Factors

As part of a risk assessment, what factors are used to determine whether or not an information system is ‘critical’? Provide two (2) examples. How would an assessor need to coordinate the assessment and assignment of risk to elements of the organization? Provide at least two peer reviewed sources to substantiate your posting; formatted in APA 6th edition style.

Instructions: Your initial post should be at least 250 words. Please respond to at least 2 other students. Responses should be a minimum of 100 words and include direct questions. Your initial posting in response to this discussion topic is ideally posted by Wednesday to afford your peers an opportunity to review and comment on your posting. Postings on other classmate postings should be accomplished by Friday to afford your peers an opportunity to respond and for you to engage in a discussion on the points that are made. Please seek to avoid last minute postings or posts that say 'good job' or 'I agree' — we are seeking to exchange ideas and perspectives with the intent of increasing our collective knowledge.

Week 4 forum

Media Disposal

Your organization is undergoing a ISA-CMM Assessment and you are assigned as the program manager. One part of that assessment deals with how to dispose of media, the proper configuration of security settings, and similar sorts of security protocols. Explain what a ‘process description’ is, identify how you would assess whether or not a process is repeatable and formally implemented, and describe how such processes would be assessed as part of the ISA-CMM. Provide at least two peer reviewed sources to substantiate your posting; formatted in APA 6th edition style.

Instructions: Your initial post should be at least 250 words. Please respond to at least 2 other students. Responses should be a minimum of 100 words and include direct questions. Your initial posting in response to this discussion topic is ideally posted by Wednesday to afford your peers an opportunity to review and comment on your posting. Postings on other classmate postings should be accomplished by Friday to afford your peers an opportunity to respond and for you to engage in a discussion on the points that are made. Please seek to avoid last minute postings or posts that say 'good job' or 'I agree' — we are seeking to exchange ideas and perspectives with the intent of increasing our collective knowledge.

Week 5 forum

Vulnerabilities

What is a vulnerability and how is it exploited? Provide two (2) examples to support your reasoning. Also define the relationship between the two examples impact and likelihood, determining a risk rating for each of your examples. Provide at least two peer reviewed sources to substantiate your posting; formatted in APA 6th edition style.

Instructions: Your initial post should be at least 250 words. Please respond to at least 2 other students. Responses should be a minimum of 100 words and include direct questions. Your initial posting in response to this discussion topic is ideally posted by Wednesday to afford your peers an opportunity to review and comment on your posting. Postings on other classmate postings should be accomplished by Friday to afford your peers an opportunity to respond and for you to engage in a discussion on the points that are made. Please seek to avoid last minute postings or posts that say 'good job' or 'I agree' — we are seeking to exchange ideas and perspectives with the intent of increasing our collective knowledge.

Week 6 forum

Assessment Documentation
Assume you are assessing a series of security concerns. What are five important documentation types that are necessary for your assessment, explain why they are important, and discuss whether all 'security concerns' should be characterized as vulnerabilities. Provide at least two peer reviewed sources to substantiate your posting; formatted in APA 6th edition style.

Instructions: Your initial post should be at least 250 words. Please respond to at least 2 other students. Responses should be a minimum of 100 words and include direct questions. Your initial posting in response to this discussion topic is ideally posted by Wednesday to afford your peers an opportunity to review and comment on your posting. Postings on other classmate postings should be accomplished by Friday to afford your peers an opportunity to respond and for you to engage in a discussion on the points that are made. Please seek to avoid last minute postings or posts that say 'good job' or 'I agree' — we are seeking to exchange ideas and perspectives with the intent of increasing our collective knowledge.

Week 7 forum

Addressing PII / HII Exposure

A critical information system within your organization contains PII or HII. During the course of an ISA-CMM assessment, it is discovered that the access controls implemented on the information system are ‘by passable’. Identify whether such a vulnerability is an ‘exploitable’ vulnerability or a ‘non-exploitable’ vulnerability, providing definitions of each to support your reasoning. What is the impact of this vulnerability and how would you rate the risk? Provide at least two peer reviewed sources to substantiate your posting; formatted in APA 6th edition style.

Instructions: Your initial post should be at least 250 words. Please respond to at least 2 other students. Responses should be a minimum of 100 words and include direct questions. Your initial posting in response to this discussion topic is ideally posted by Wednesday to afford your peers an opportunity to review and comment on your posting. Postings on other classmate postings should be accomplished by Friday to afford your peers an opportunity to respond and for you to engage in a discussion on the points that are made. Please seek to avoid last minute postings or posts that say 'good job' or 'I agree' — we are seeking to exchange ideas and perspectives with the intent of increasing our collective knowledge.

Week 8 forum

Closeout Meeting

Identify the overall goal of the organization closeout meeting for the ISA-CMM Assessment? Explain which elements should the closeout meeting include and who should participate? How might a closeout meeting contribute to an organization's security planning? Provide at least two peer reviewed sources to substantiate your posting; formatted in APA 6th edition style.

Instructions: Your initial post should be at least 250 words. Please respond to at least 2 other students. Responses should be a minimum of 100 words and include direct questions. Your initial posting in response to this discussion topic is ideally posted by Wednesday to afford your peers an opportunity to review and comment on your posting. Postings on other classmate postings should be accomplished by Friday to afford your peers an opportunity to respond and for you to engage in a discussion on the points that are made. Please seek to avoid last minute postings or posts that say 'good job' or 'I agree' — we are seeking to exchange ideas and perspectives with the intent of increasing our collective knowledge.

Week 1 assignment

Instructions: Select an organization of your choosing to perform an abbreviated assessment on and then write a 3-4 page information assurance security plan outline that lays out key considerations for decreasing risk and mitigating assessed vulnerabilities. The outline should contain a brief summary of the assessed challenges, a discussion of key IA considerations, options for addressing assessed risk items, and a recommended mitigation approach for each assessed risk. This assignment is intended to gain an initial application of your IA knowledge and to help you focus on the considerations you might address in your research paper. Further, the selection of a particular organizational network, system or information storage solution will set the stage for the Week 8 risk assessment case study. See the Writing Expectations contained in the Policies section of the Syllabus for specific focus areas / guidance.

Submission Instructions: See the Writing Instructions in your Syllabus as well as inserted below. Please submit a Word document in the defined format to your Assignment folder by 11:55PM, Sunday, EST. Your writing assignment should also be run through TurnItIn to aid in preparing for your Final Research Paper and also as a tool to help with proper citation of research source material and appropriate attribution of that material. See the TurnItIn instructions contained in the course Lessons area www.turnitin.com

Week 2 assignment

Assignment: You must submit a Research Paper Topic in Week 2 of the course. Your topic must be related to Information Security Assurance Capability Maturity and Appraisals and the course objectives. Your topic proposal should include several sentences to explain what your topic is and how it relates to the course material. Use of a thesis statement or brief abstract is very helpful to convey your thoughts and plans for your proposed topic. That topic must be reviewed and approved by the course Professor prior to pursuing the next steps in the Research Paper process. See the Writing Expectations contained in the Policies section of the Syllabus for specific focus areas / guidance. There is also an exemplar provided with the Assignment instructions for your review.

Submission Instructions: See the Writing Instructions in your Syllabus as well as inserted below. Please submit a Word document in the defined format to your Assignment folder by 11:55PM, Sunday, EST. Your writing assignment should also be run through TurnItIn to aid in preparing for your Final Research Paper and also as a tool to help with proper citation of research source material and appropriate attribution of that material. See the TurnItIn instructions contained in the course Lessons area www.turnitin.com

Week 3 assignment

Instructions: You must submit a Research Paper Outline by the end of Week 3 of the course. Your outline will use the topic approved by the professor in Week 2. Your outline should include the standard sections outlined in APA 6th edition style guide (Cover Page, body of outline). Your outline should have standard section headings (Introduction, Discussion, Analysis, Conclusion) and your outline should lay out a thesis / theme statement as part of your Introduction. The outline should also lay out the key points you will use to support your thesis / theme statement as part of your Discussion / Analysis, providing a key point underpinned by 3-4 brief bullets / sentences that describe the point you will be making. Your Conclusion section should list the key summary points that you will make. The intent of the Outline assignment is to organize your key thoughts so that you can write a coherent, supportive, and linked paper that carries the thesis / theme statement through a critical analysis of your topic. Your Research Paper References will be submitted in a separate assignment. See the Writing Expectations contained in the Policies section of the Syllabus for additional guidance. There is also an exemplar provided with the Assignment instructions for your review.

Submission Instructions: See the Writing Instructions in your Syllabus as well as inserted below. Please submit a Word document in the defined format to your Assignment folder by 11:55PM, Sunday, EST. Your writing assignment should also be run through TurnItIn to aid in preparing for your Final Research Paper and also as a tool to help with proper citation of research source material and appropriate attribution of that material. See the TurnItIn instructions contained in the course Lessons area (www.turnitin.com).

Week 4 assignment

Instructions: You must submit a Research Paper Annotated References by the end of Week 4 of the course. You must use a minimum of five (5) sources, beyond the course textbooks. These sources should be from industry articles, journals, academic and professional textbooks, and case studies – seek to use primary or peer reviewed sources in your research. The list of references should be presented in a standard paper structure (cover page, annotated references, reference page) and each reference that you will use in your Research Paper should be briefly summarized in terms of its content, main thoughts, and relevance to Information Assurance Capability Maturity and Appraisals, as well as the thesis / theme of your approved topic. You may not use Wikipedia or Webopedia or any ‘pedias’ as a reference. Your references must be formatted according to APA Guidelines. There is also an exemplar provided with the Assignment instructions for your review. Also, conform to the Writing Expectations contained in the Policies section of the Syllabus. There is also an exemplar provided with the Assignment instructions for your review.

Submission Instructions: See the Writing Instructions in your Syllabus as well as inserted below. Please submit a Word document in the defined format to your Assignment folder by 11:55PM, Sunday, EST. Your writing assignment should also be run through TurnItIn to aid in preparing for your Final Research Paper and also as a tool to help with proper citation of research source material and appropriate attribution of that material. See the TurnItIn instructions contained in the course Lessons area www.turnitin.com

Week 5 assignment

Instructions: The Draft Research Paper is due at the end of Week 5 of the course (6 – 8 pages not including the Cover Page or the References listing – APA 6th Edition formatting). The draft will count as 15% of the final grade and the final will count as 25% of the final grade. The paper will follow a conventional paper format (Cover page, Body of Paper with introduction, discussion / analysis / argument / body, conclusion, and references pages). See the Writing Expectations contained in the Policies section of the Syllabus for specific focus areas / guidance as well as conforming with APA 6th edition style guidelines. The objective of creating a draft research paper includes the desire to review your progress and to provide feedback on key aspects that may require additional research and / or development. As this is a progressive research paper activity, within this draft paper your cost-effective security strategy, underpinned by security metrics, should be assessing and identifying issues associated with your selected research topic discussion. Further, initial insights should be emerging at this point that will turn into recommended mitigation actions in your final research paper.

Submission Instructions: See the Writing Instructions in your Syllabus as well as inserted below. Please submit a Word document in the defined format to your Assignment folder by 11:55PM, Sunday, EST. Your writing assignment should also be run through TurnItIn to aid in preparing for your Final Research Paper and also as a tool to help with proper citation of research source material and appropriate attribution of that material. See the TurnItIn instructions contained in the course Lessons area www.turnitin.com

Week 6 assignment

Instructions:

The selection of the applied case study topical area and a brief outline of that case study will be completed by the end of Week 6. The objective of this assignment is to first select the type and topic of your applied case study, using the Information Security Assurance Capability Maturity Model (ISA-CMM), Draft Version 3.2 as a basis, and then presenting a 2-3 page outline for that case study, listing the key points that you would anticipate presenting in your case study submission.

Students will select one of the following approaches to complete this assignment:

Conduct an ISA assessment of an organization's IT systems (no identifying information of the organization) and scoped to a section / server farm / basic IT structure and not an enterprise sort of assessment.

Conduct an ISA CMM assessment on one specific area of an IA assessment on an organization.

Conduct an ISA CMM assessment using a specific publication or standard and relate that publication or standard to the ISA CMM.

Conduct an ISA CMM assessment identifying the differences of specific standards with security implications or contrasts between those publications, using the ISA CMM as the basis of comparison.

Conduct an ISA CMM assessment with a focus on a specific part of an information system, breaking it down into different types of networks and requirements meeting legal standards, such different classifications of networks, relating them to the specific sections Of the ISA CMM.

This assignment will be due at the end of Week 6. The outline should be between 2-3 pages long (not counting the Cover and Reference pages) and will follow a conventional paper format (Cover page, Body of Paper with outline items that address the introduction, discussion / analysis / argument / body, conclusion, and references pages). See the Writing Expectations contained in the Policies section of the Syllabus for specific focus areas / guidance.

Submission Instructions: See the Writing Instructions in your Syllabus as well as inserted below. Please submit a Word document in the defined format to your Assignment folder by 11:55PM, Sunday, EST. Your writing assignment should also be run through TurnItIn to aid in preparing for your Final Research Paper and also as a tool to help with proper citation of research source material and appropriate attribution of that material. See the TurnItIn instructions contained in the course Lessons area www.turnitin.com

Week 7 assignment

Instructions: The Final Research Paper is due at the end of Week 7 of the course (10 – 12 pages not including the Cover Page or the References listing – APA 6th Edition formatting). The final will count as 20% of the final grade. The paper will follow a conventional paper format (Cover page, Body of Paper with introduction, discussion / analysis / argument / body, conclusion, and references pages). See the Writing Expectations contained in the Policies section of the Syllabus for specific focus areas / guidance as well as conforming with APA 6th edition style guidelines. The objective of creating the final research paper includes the finalization of your research paper development process, describing and defending a cost-effective security strategy, and basing those upon meaningful security program metrics in order to identify information security responses and outcomes that are effective. As this is the culmination of the progressive research paper activity, you should provide your cost-effective security strategy, underpinned by security metrics, assessing and identifying issues associated with your selected research topic discussion. Further, gained insights from your research and reflection should result in recommended mitigation actions for your selected information security system.

Submission Instructions: See the Writing Instructions in your Syllabus as well as inserted below. Please submit a Word document in the defined format to your Assignment folder by 11:55PM, Sunday, EST. Your writing assignment should also be run through TurnItIn to aid in preparing for your Final Research Paper and also as a tool to help with proper citation of research source material and appropriate attribution of that material. See the TurnItIn instructions contained in the course Lessons area www.turnitin.com

Week 8 assignment

Instructions:

The applied case study assignment will use the Information Security Assurance Capability Maturity Model (ISA-CMM), Draft Version 3.2 as a basis for selecting a case study topic and approach.

Students will select one of the following approaches to complete this assignment:

Conduct an ISA assessment of an organization's IT systems (no identifying information of the organization) and scoped to a section / server farm / basic IT structure and not an enterprise sort of assessment.

Conduct an ISA CMM assessment on one specific area of an IA assessment on an organization.

Conduct an ISA CMM assessment using a specific publication or standard and relate that publication or standard to the ISA CMM.

Conduct an ISA CMM assessment identifying the differences of specific standards with security implications or contrasts between those publications, using the ISA CMM as the basis of comparison.

Conduct an ISA CMM assessment with a focus on a specific part of an information system, breaking it down into different types of networks and requirements meeting legal standards, such different classifications of networks, relating them to the specific sections Of the ISA CMM.

This case study will be due at the end of Week 8. The paper should be between 7-8 pages long (not counting the Cover and Reference pages) and will follow a conventional paper format (Cover page, Body of Paper with introduction, discussion / analysis / argument / body, conclusion, and references pages). See the Writing Expectations contained in the Policies section of the Syllabus for specific focus areas / guidance. There is a TurnItIn requirement with the case study; please see the log in instructions for TurnItIn in the Resources section. Please establish an account for this course using those procedures so that you are prepared to access TurnItIn when your paper is ready for submission. A similarity score of 15% or below is the objective for your paper.

Submission Instructions: See the Writing Instructions in your Syllabus as well as inserted below. Please submit a Word document in the defined format to your Assignment folder by 11:55PM, Sunday, EST.