Benchmark – Bridging the Gap Between Frameworks and Compliance
The purpose of this assignment is to develop a security program aligned with regulatory compliance and security control frameworks.
Select a company for the focus of your assignment. Using the following, map the standard controls to the regulatory compliance that would be appropriate for the organization:
The “Security Controls Mapping Template.”
Regulatory compliance information, such as HIPAA, PCI, SOX, GLBA, etc.
Security control frameworks, such as NIST, CIS, COBIT, COSO, ITIL, etc.
On the template, map the regulatory rules (one per line) and security controls (as many per line as necessary). List an enforcement or measurement policy, procedure(s), or process to audit the rule/controls applied.
Write a 500-word summary that defines the regulatory compliance and security controls and includes the following information:
Overview of the company, goods, or services provided; the industry; and the customer demographics.
Identification of compliance regulations to which the company must adhere (e.g., medical-based companies should apply HIPAA regulations) and an explanation of why adherence is essential.
Justification for the selection of the control framework chosen to effectively implement the identified regulations.
Paste a copy of the completed content of the “Security Controls Mapping Template” table into the Word document.
Submit the Word document and the completed “Security Controls Mapping Template.”
Prepare this assignment according to the guidelines found in the APA Style Guide, located in the Student Success Center. An abstract is not required.
This assignment uses a rubric. Please review the rubric prior to beginning the assignment to become familiar with the expectations for successful completion.
You are required to submit this assignment to LopesWrite. A link to the LopesWrite technical support articles is located in Course Materials if you need assistance.
This benchmark assignment assesses the following programmatic competencies:
MS Information Technology Management
2.5: Determine appropriate information technology solutions and deployment plans to solve specific business problems.
MS Information Assurance and Cybersecurity
2.2: Determine appropriate information technology solutions and deployment plans to solve specific business problems.