Student Name:
Date:
Part 1: Security Awareness and Training Policy
Locate and study the Security Awareness and Training policy in the NIST Cybersecurity Framework Policy Template Guide you downloaded in Week 1. Research online for a real-world implementation example of the policy and compare it with the NIST policy template side by side.
Answer the following questions clearly and systemically in this Word document. Make sure to include a References section toward the end of the document.
1. The Security Awareness and Training Policy is implemented for which NIST functions and sub-categories? [5 points]
Answer:
2. Which organization is the implementation example you identified for? Which industry sector (e.g., education, government, etc.) is the organization in? [5 points]
Answer:
3. What is the purpose of the example policy? Which party (parties) does the policy apply to? Who is/are responsible for implementing this policy? [5 points]
Answer:
4. As compared to the NIST policy template, how is the example policy customized to fit the needs of the organization? Describe one occurrence of the customization in detail. [5 points]
Answer:
5. If specified in the example policy, what criteria are defined to verify the organization’s compliance to the policy? If not specified in the example policy, what are your recommendations? [5 points]
Answer:
6. If specified in the example policy, how frequent is the policy reviewed for potential modifications? If not specified in the example policy, what are your recommendations? [5 points]
Answer:
Part 2: Contingency Planning Policy
Locate and read the Contingency Planning Policy in the NIST Cybersecurity Framework Policy Template Guide. Research online for a real-world implementation example of the policy and compare it with the NIST policy template side by side.
Answer the following questions clearly and systemically in this Word document. Make sure to include a References section toward the end of the document.
1. The Contingency Planning Policy is implemented for which NIST function and sub-categories(s)? [5 points]
Answer:
2. Which organization is the implementation example you identified for? Which industry sector (e.g., education, government, etc.) is the organization in? [5 points]
Answer:
3. What is the purpose of the example policy? Which party (parties) does the policy apply to? Who is/are responsible for implementing this policy? [5 points]
Answer:
4. As compared to the NIST policy template, how is the example policy customized to fit the needs of the organization? Describe two occurrences of the customization in detail. [10 points]
Answer:
5. If specified in the example policy, what criteria are defined to verify the organization’s compliance to the policy? If not specified in the example policy, what are your recommendations? [5 points]
Answer:
References
1.
2.
3.