1000 words excluding Cover Page and References
5 References (Including at least 3 website references)
Industry selection: E-Commerce
Part is already done. Just putting it here for guidance on what was done on it
The Focus on this assignment will be Part 2
1. 1.Identify any industry specific compliances that must be met (i.e., HIPAA, COPPA, DOD). Determine what overarching guidance they must comply with. Determine what overarching laws they must comply with.
2. 2.Examine the requisite set of standards, frameworks, policies, and best practices most helpful in the development and implementation of the organizations objectives.
3. 3.Identify the organization’s critical data infrastructure assets (i.e., network, telecom, utilities, applications, computers and client data categories).
4. 4.Identify human resources for technical, management and legal operations.
5. 5.Identify requisite law enforcement entities required for reporting breaches to (i.e., local, state, and federal areas of compliance).
This the Part we need to work on
Next, gauge and evaluate your organizations current state of security and protection protocols and mechanisms. Identify gaps, challenges, and opportunities for improvement by conducting a thorough audit making sure to:
1. 1.Identify the industry specific cyber law in relation to inquiries and incidents.
2. 2.Assess the critical information infrastructure. Determine the configuration of doors, windows, logical controls, data storage and encryption, firewalls, servers, routers, switches, hubs, and so forth to be compliant.
3. 3.Identify key vulnerabilities points and strengths. Show compliance using a test case (pass/fail requirement). Demonstrate an actual compliance test of server, workstation, etc. that indicates what passes or what doesn’t.
4. 4.Indicate the legal elements and liability (costs) that the organization may encounter for non-compliance.
Rubric for Part 2
Need to mention exact industry specific cyber law in relation to inquiries and incidents
I will need concrete examples of the critical information infrastructure in an ecommerce company set up and their minimum configuration examples that enhances the company’s security and protection
Identify key vulnerabilities points and strengths and provide a test case/example of a vulnerability test and a demonstration on how it fails exploitation or passes and protects the organization
Provide Concrete legal elements and liabilities that an organization could suffer/face incase its non-compliant and the vulnerabilities are exploited.