Law and Policy Case Study

    0

    Congratulations! You have just been hired by a major security consulting firm that has recently won several contracts to support chief information security officers (CISOs) in the Washington, DC, area. As part of your first consulting assignment, you have been asked to research and write a short case study (three pages) in which you discuss the legal environment (i.e., policies, regulations, and laws) and its impact upon how an organization (e.g., business, government agency, nonprofit) ensures the confidentiality, integrity, and availability of information and information systems. You have one week to complete your assignment.

    The immediate audience for your case study is a group of senior managers (stakeholders) in a client organization who are not familiar with information security laws and practices. These managers need a brief overview of the legal environment to assist them in reviewing and commenting upon a new governance policy for their organization’s information security program. Your case study should be general enough, however, that it can be reused with other clients.

    Your supervisor has also given you a “heads up” about a trap that previous consultants have missed when completing similar work for other clients: the termpolicy has two meanings that you must address: (a) government policies (e.g., those issued by federal, state, local, or tribal governments) and (b) organizational policies(e.g., those written to guide an organization’s compliance with laws, regulations, and policies).

    Remember to cite your sources in APA format and use only authoritative/scholarly sources such as journal articles, books, government documents, and other industry publications (e.g., trade journals or magazines for health care or security professionals). The title page and list of references are not included in the required page count.

    Hide Rubrics
    Rubric Name: Law and Policy Case Study
    Criteria Level 4 Level 3 Level 2 Level 1
    Overview of Legal Environment 10 points
    Clearly provides brief overview of legal environment using language appropriate for non IT managers (constitutional law, administrative law, civil law, criminal law, due care, due diligence, fiduciary duty, etc.)

    8 points
    Basically provides brief overview of legal environment using language appropriate for non IT managers (constitutional law, administrative law, civil law, criminal law, due care, due diligence, fiduciary duty, etc.)

    6 points
    Weak overview of legal environment using language appropriate for non IT managers (constitutional law, administrative law, civil law, criminal law, due care, due diligence, fiduciary duty, etc.)

    4 points
    Little or no brief overview of legal environment using language appropriate for non IT managers (constitutional law, administrative law, civil law, criminal law, due care, due diligence, fiduciary duty, etc.)

    Applicable InfoSec Laws and Practices 10 points
    Clearly discusses at least 5 specific applicable InfoSec related laws and practices.

    8 points
    Basically discusses at least 4 specific applicable InfoSec related laws and practices.

    6 points
    Weakly discusses at least 3 specific applicable InfoSec related laws and practices.

    4 points
    Little or no discussion of 2 or less specific applicable InfoSec related laws and practices.

    Impact of Policies, Regulations and Laws 10 points
    Clearly discusses the impact of policies, regulations, and laws upon how an organization (e.g., business, government agency, nonprofit) ensures the confidentiality, integrity, and availability (CIA) of information and information systems.

    8 points
    Basically discusses the impact of policies, regulations, and laws upon how an organization (e.g., business, government agency, nonprofit) ensures the confidentiality, integrity, and availability (CIA) of information and information systems.

    6 points
    Weakly discusses the impact of policies, regulations, and laws upon how an organization (e.g., business, government agency, nonprofit) ensures the confidentiality, integrity, and availability (CIA) of information and information systems.

    4 points
    Little or no discussion of impact of policies, regulations, and laws upon how an organization (e.g., business, government agency, nonprofit) ensures the confidentiality, integrity, and availability (CIA) of information and information systems.

    CIA Discussion 10 points
    Clearly discusses CIA from the perspective of legal & regulatory requirements.

    8 points
    Basically discusses CIA from the perspective of legal & regulatory requirements.

    6 points
    Weak discussion of CIA from the perspective of legal & regulatory requirements.

    4 points
    Little or no discussion of CIA from the perspective of legal & regulatory requirements.

    Governance Policy Discussion 10 points
    Clearly defines and discusses governance policy (an organization level policy).

    8 points
    Basically defines and discusses governance policy (an organization level policy).

    6 points
    Weakly defines or discusses governance policy (an organization level policy).

    4 points
    Little or no definition or discussion of governance policy (an organization level policy).

    Recommendations for Governance Policy 10 points
    Clearly applies CIA to recommendations for development of a governance policy for an organization’s InfoSec program. (How should the organization-wide review of the IT security policy be conducted?)

    8 points
    Basically applies CIA to recommendations for development of a governance policy for an organization’s InfoSec program. (How should the organization-wide review of the IT security policy be conducted?)

    6 points
    Weakly applies CIA to recommendations for development of a governance policy for an organization’s InfoSec program. (How should the organization-wide review of the IT security policy be conducted?)

    4 points
    Little or no application of CIA to recommendations for development of a governance policy for an organization’s InfoSec program. (How should the organization-wide review of the IT security policy be conducted?)

    Distinguishes government and organization policies 10 points
    Incorporates information about and distinguishes between government and organization policies.

    8 points
    Basically incorporates information about and distinguishes between government and organization policies.

    6 points
    Weakly incorporates information about or distinguishes between government and organization policies.

    4 points
    Incorporates little or no information about or distinguishes between government and organization policies.

    Finds and Applies New Knowledge 10 points
    Used at least 5 authoritative or scholarly sources. No APA errors in citing material in presentation.

    8 points
    Used 3-5 authoritative or scholarly sources. Less than 5 APA citing errors.

    6 points
    Used 1-2 authoritative or scholarly sources. Less than 10 APA citing errors.

    4 points
    Used 1-2 authoritative or scholarly sources or no sources cited. Had more than 10 APA citing errors.

    Organization, Execution & Appearance 20 points
    Prepared MS Word document, used consistent formatting, section subheadings, submitted one file, used instructor provided template, correct coversheet and separate reference page and meets minimum page count. No grammar, use of first/second person, spelling or punctuation errors.

    15 points
    MS Word document didn’t follow at least one of the following: used consistent formatting, section subheadings, submitted one file, used instructor provided template, correct coversheet and separate reference page and meets minimum page count. Less than 5 grammar errors, use of first/second person, spelling or punctuation errors.

    10 points
    MS Word document didn’t follow at least two of the following: used consistent formatting, section subheadings, submitted one file, used instructor provided template, correct coversheet and separate reference page and meets minimum page count. Less than 10 grammar errors, use of first/second person, spelling or punctuation errors.

    5 points
    Non MS Word document didn’t follow at least three or more of the following: used consistent formatting, section subheadings, submitted one file, used instructor provided template, correct coversheet and separate reference page and meets minimum page count. More than 10 grammar errors, use of first/second person, spelling or punctuation errors.

    Overall Score Level 4
    35 or more Level 3
    26 or more Level 2
    17 or more Level 1
    0 or more
    above is the grading rubric for how it will be grade please do the best to get the highest grade possible

                                                                                                                                      Order Now