Thesis

Developing a Security Program for Private Business

This is the Semester-In-Residence project completed to fulfill the requirements of the Professional Science Master of Cybersecurity. I performed all related work for this project at a local retail chain known as Company X. Company X is headquartered here in San Diego County and operates retail store locations across multiple states. For this project, I developed an information security program that included performing an initial risk assessment, writing policies and controls including but not limited to an Acceptable Use Policy and Password Policy, and developing an information security awareness training plan. This involved determining threats and vulnerabilities Company X was susceptible to along with assessing the risks associated with these threats and vulnerabilities. I researched multiple information security frameworks before deciding on a publication produced by the National Institute of Standards and Technology. I then applied what I learned in both coursework and from the publication to develop policies and controls surrounding what I determined to be high risks points for Company X. I rounded out the project by creating an information security and awareness training presentation that Company X can use to train all system and network end users. Finally, I provided recommendations for future features and updates to the information security program along with offering my assistance with the implementation of the information security program and end user training process.

This is the Semester-In-Residence project completed to fulfill the requirements of the Professional Science Master of Cybersecurity. I performed all related work for this project at a local retail chain known as Company X. Company X is headquartered here in San Diego County and operates retail store locations across multiple states. For this project, I developed an information security program that included performing an initial risk assessment, writing policies and controls including but not limited to an Acceptable Use Policy and Password Policy, and developing an information security awareness training plan. This involved determining threats and vulnerabilities Company X was susceptible to along with assessing the risks associated with these threats and vulnerabilities. I researched multiple information security frameworks before deciding on a publication produced by the National Institute of Standards and Technology. I then applied what I learned in both coursework and from the publication to develop policies and controls surrounding what I determined to be high risks points for Company X. I rounded out the project by creating an information security and awareness training presentation that Company X can use to train all system and network end users. Finally, I provided recommendations for future features and updates to the information security program along with offering my assistance with the implementation of the information security program and end user training process.

Relationships

Items