IO of a medium sized organization with 500 employees that rely heavily on IT to conduct business
You are the CIO of a medium sized organization with 500 employees that rely heavily on IT to conduct business. You manage a staff of 10 additional people in your centralized IT group. Based on your readings and using other sources if needed, write an 8 page (minimum) paper detailing your enterprise, IT requirements, and especially your systems assurance and security plans. Use the following guidelines:
The first page or so should detail the type of company, description of business conducted, locations, and IT requirements of the average users (including staff and possibly customers). Include reporting structures of both the IT Group and senior management of the organization. Describe the functions and responsibilities of the CIO and the IT Staff. Who is responsible for IT privacy and security? Who is responsible for IT governance? What processes are in place to ensure that IT is aligned with the business needs of the organization?
The second page or so should describe the enterprise IT requirements, systems, and infrastructure of the organization. You are free to make this as technically involved as you wish but keep in mind this is not a technical class so highly detailed technical descriptions arenat critical.
The majority of the paper should describe policies, procedures, technologies, and practices you have implemented to protect the E-enterprise. Use the 8 metrics listed on page 103 (survivability, privacy, confidentiality, integrity, availability, accountability, reliability, and non-repudiation) as an outline to describe your security and assurance plan.
As you are writing this paper, remember that you do not have unlimited budget to buy the best and most of everything. You will have to make critical decisions on how much security is a?enougha. For full credit, you should describe challenges faced and the future direction of your IT and how to secure it.
This is a very open ended assignment that could go in a lot of different directions. Feel free to be creative but your key focus should be on using the materials learned to create an effectively managed secure enterprise infrastructure.
There should not be much need to cite sources as you are applying generally recognized concepts to a hypothetical situation, however if you do borrow original thoughts from others please do cite them