Application: Aligning Security with Business Objectives

The security policy of an organization is not an

one-for-all solution; it varies with the organization. As you begin your exploration of information assurance and risk management, consider how organizations in different countries, and even different states, are distinct, with their own structures, culture, and dynamics, as well as unique security-related regulations. Some of this may be due to the nature of the organization, its size, and its business use cases—that is, situations in which a technique may be used profitably. Other concerns can be attributed to the laws, regulations, and industry standards for its location. Even organizations doing business on the Internet may face regulations when doing business in another country or state.

To prepare for this Assignment, assume the role of a consultant working for a bank in your home country that is expanding its online banking to mobile devices. At the same time, it will be opening its first branch office in another country. Choose the location of the new office and use the Internet as well as the Learning Resources in this Week to research regulations and industry standards relevant to the new location. Also research the privacy laws (including Internet privacy regulations) that apply for both the locations. Examples could be the Gramm-Leach-Bliley Act (financial services regulation in Weeked States) or the California Breach Notification Law applicable for Weeked States scenarios. You will need to refer to Brotby, “Layered Security” and “An Introduction to ISO 27001, ISO 27002….ISO 27008” in addition to other reading resources.

Explaining how to align the security policy of the organization with its business objectives, keeping in mind the regulations, privacy laws, and industry standards you have identified. Clearly state any assumptions, and provide citations for reputable sources used in your research.

Cover the following points: