SECURITY POLICY & STANDARDS

An Information Security Management System (ISMS) represents a systematic approach for designin" rel="nofollow">ing, implementin" rel="nofollow">ing, main" rel="nofollow">intain" rel="nofollow">inin" rel="nofollow">ing, and auditin" rel="nofollow">ing an organization’s in" rel="nofollow">information system security objectives. As with any process, if an ISMS is not contin" rel="nofollow">inually monitored, its effectiveness will tend to deteriorate. For this task you will be usin" rel="nofollow">ing the attached “Healthy Body Wellness Center Risk Assessment” case study. In this task, you will be writin" rel="nofollow">ing a white paper outlin" rel="nofollow">inin" rel="nofollow">ing the scope of an ISMS plan for the Healthy Body Wellness Center and an evaluation of the previously conducted risk assessment. The first step in" rel="nofollow">in in" rel="nofollow">initiatin" rel="nofollow">ing an ISMS is to form a committee of upper level management that would set the tone for the ISMS. Assume you are part of that team. Initiatin" rel="nofollow">ing an ISMS in" rel="nofollow">involves developin" rel="nofollow">ing a plan that in" rel="nofollow">includes the scope of the ISMS and identifyin" rel="nofollow">ing and assessin" rel="nofollow">ing risk. The risk assessment for the Health Body Wellness Center has already been conducted. Your task is to defin" rel="nofollow">ine the ISMS scope for the Healthy Body Wellness Center and make recommendations for implementin" rel="nofollow">ing the resultin" rel="nofollow">ing ISMS plan. Requirements: A. Outlin" rel="nofollow">ine the scope for the ISMS plan bein" rel="nofollow">ing developed in" rel="nofollow">in the case study by in" rel="nofollow">includin" rel="nofollow">ing the followin" rel="nofollow">ing: 1. in" rel="nofollow">information about the busin" rel="nofollow">iness objectives for the organization 2. a description of the guidin" rel="nofollow">ing security prin" rel="nofollow">inciples of the organization 3. a justification of the processes that should be in" rel="nofollow">included in" rel="nofollow">in the scope, in" rel="nofollow">includin" rel="nofollow">ing the followin" rel="nofollow">ing poin" rel="nofollow">ints: • what the process is • a defin" rel="nofollow">inition of the process • how you would apply the process to the scenario • why the process is needed or should be in" rel="nofollow">included in" rel="nofollow">in the scope of the ISMS 4. a justification of the in" rel="nofollow">information systems that should be in" rel="nofollow">included in" rel="nofollow">in the scope, in" rel="nofollow">includin" rel="nofollow">ing the followin" rel="nofollow">ing poin" rel="nofollow">ints: • what the in" rel="nofollow">information system that should be in" rel="nofollow">included is • what the purpose of the IS is • what the duties of the IS accordin" rel="nofollow">ing to the scenario are • why this in" rel="nofollow">information system should be in" rel="nofollow">included in" rel="nofollow">in the ISMS plan 5. a description of the IT in" rel="nofollow">infrastructure that in" rel="nofollow">includes a description of in" rel="nofollow">information flow B. Recommend additional steps that the organization would need to take to implement the ISMS plan. 1. Discuss what each recommended step entails. 2. Justify each recommended step. C. When you use sources, in" rel="nofollow">include all in" rel="nofollow">in-text citations and references in" rel="nofollow">in APA format. Note: When bulleted poin" rel="nofollow">ints are present in" rel="nofollow">in the task prompt, the level of detail or support called for in" rel="nofollow">in the rubric refers to those bulleted poin" rel="nofollow">ints. Note: For defin" rel="nofollow">initions of terms commonly used in" rel="nofollow">in the rubric, see the Rubric Terms web lin" rel="nofollow">ink in" rel="nofollow">included in" rel="nofollow">in the Evaluation Procedures section. Note: When usin" rel="nofollow">ing sources to support ideas and elements in" rel="nofollow">in a paper or project, the submission MUST in" rel="nofollow">include APA formatted in" rel="nofollow">in-text citations with a correspondin" rel="nofollow">ing reference list for any direct quotes or paraphrasin" rel="nofollow">ing. It is not necessary to list sources that were consulted if they have not been quoted or paraphrased in" rel="nofollow">in the text of the paper or project. Note: No more than a combin" rel="nofollow">ined total of 30% of a submission can be directly quoted or closely paraphrased from sources, even if cited correctly. For tips on usin" rel="nofollow">ing APA style, please refer to the APA Handout web lin" rel="nofollow">ink in" rel="nofollow">included in" rel="nofollow">in the General Instructions section.