Term Project Guidelines
You work for a high-tech company with approximately 400 employees. Your firm recently won a large Department of Defense (DoD) contract, which will add 30% to the revenue of your organization. It is a high-priority, high-visibility project. You will be allowed to make your own budget, project timeline, and tollgate decisions.
This project requires developing the proper DoD security policies required to meet DoD standards for delivery of technology services to the U.S. Air Force Cyber Security Center (AFCSC), a DoD agency. To do this, you must develop DoD-approved policies and standards for your IT infrastructure (see the “Tasks” section below). The policies you create must pass DoD-based requirements. Currently, your organization does not have any DoD contracts and thus has no DoD compliant security policies or controls in place.
Your firm’s computing environment includes the following:
DoD instructions or directives
Department of Defense Information Assurance Certification and Accreditation Process (DIACAP) Instruction—DoDI 8510.01
Department of Defense Information Security Program
Department of Defense Internet Services and Internet-Based Capabilities http://www.dtic.mil/whs/directives/corres/pdf/855001p.pdf
Department of Defense Proposes New Information Security Requirements for Contractors: http://www.hldataprotection.com/2010/03/articles/cybersecurity-data-breaches/department-ofdefense-proposes-new-information-security-requirements-for-contractors/