You have just been hired by a major security consulting firm that has recently won several contracts to support chief information security officers (CISOs) in the Washington, DC, area. As part of your first consulting assignment, you have been asked to research and write a short case study (three pages) in which you discuss the legal environment (i.e., policies, regulations, and laws) and its impact upon how an organization (e.g., business, government agency, nonprofit) ensures the confidentiality, integrity, and availability of information and information systems. You have one week to complete your assignment.
The immediate audience for your case study is a group of senior managers (stakeholders) in a client organization who are not familiar with information security laws and practices. These managers need a brief overview of the legal environment to assist them in reviewing and commenting upon a new governance policy for their organization’s information security program. Your case study should be general enough, however, that it can be reused with other clients.
Your supervisor has also given you a “heads up” about a trap that previous consultants have missed when completing similar work for other clients: the termpolicy has two meanings that you must address: (a) government policies (e.g., those issued by federal, state, local, or tribal governments) and (b) organizational policies(e.g., those written to guide an organization’s compliance with laws, regulations, and policies).
Remember to cite your sources in APA format and use only authoritative/scholarly sources such as journal articles, books, government documents, and other industry publications (e.g., trade journals or magazines for health care or security professionals). The title page and list of references are not included in the required page count.