Information Security System for Microsoft Corporation

Outline: 1. Cover page • Title • Student’s name 2. Executive Summary • Summary of the InfoSec plan and recommendations 3. Organization Background/Description • Describe the organization and clearly define the IT infrastructure as well as the challenges it faces in terms of laws and regulations it has to adhere to and standards that need to be met. • Provide the Organizational Chart (Place IS and InfoSec Management in the organizational hierarchy) 4. Source Selection and Rationale • What sources (templates) were chosen and what is the reasoning for your choice(s) 5. Enterprise Information Security Plan (EISP) • Overview • Discuss the organizational philosophy on information security and the structure of InfoSec department and individuals who fulfill InfoSec roles. • Articulate security responsibilities for all entities of the organization Including contractors and business partners • Information Security Strategy • Discuss the Purpose of the InfoSec program and the Organizational Security Strategy Statement • Define the model standard used (if one is used) • Risk Management • Discuss how the organization deals with and identifies risks • Conduct risk analysis/assessment to identify information assets, the vulnerabilities of those assets, and identify baseline controls • Contingency Planning • Discuss how the organization prepare for, detect, react to, and recover from threatening events • Provide the BIA, IR, and DR plans • SETA Program • Include the definition and purpose of the SETA program • Describe the level of education, training and awareness • Describe how security education, training and awareness will be disseminated throughout the organization • Issue-Specific Security Policies (ISSPs) • System-Specific Security Policies (SysSPs) 6. References • Use APA format, both in-text and reference list