Instructions
As a new graduate of cybersecurity program, you have decided to apply in a competitive selection process to a joint federal-state government sponsored cybersecurity training program for new graduates (apprentices). As part of your application package, you must submit an essay (narrative) containing a written analysis of an information security program. You can use the worksheet to help organize your information.
The application package provides you with the following information:
For your application to this program you are asked to prepare a high-level summary of an information security program. Your summary should demonstrate that you are able to read, understand, apply, and write about common information security concepts at the apprentice level. Your summary must include an analysis that addresses strategic fit (how well the information security program supports the organization’s goals and objectives), breadth and coverage of the information security program (people, processes, technologies), any known or previously uncovered program deficiencies or implementation issues, and any stated costs and benefits of the program.
Choose one of the organizations listed in Table 1, review the pertinent documents, and then prepare a three- to five-page narrative summarizing your analysis of the organization’s information security program. Uniform Resource Locators (URLs) are provided for the pertinent documents and web pages. Applicant narratives must be submitted in electronic form as Microsoft Word documents. Use standard size (8.5” x 11”) pages. Include your name and the date at the top of each page. Use 1” margins and Times New Roman 12-point font. Double-space your text. Use black text (no colors) on a plain white background. Do not include pictures, tables, or diagrams in your narrative.
Cite your sources in APA format and use only authoritative/scholarly sources such as journal articles, books, government documents, and other industry publications (e.g., trade journals or magazines for health care or security professionals). The title page and list of references are not included in the required page count. You must also use and cite the documents listed in Table 1 for your chosen organization. Remember to check the spelling and grammar of your submission.
Worksheet: Information Security Program Survey
Copy this table into your own Word document and fill out.
| Security Area | Responsible Party / Office of Primary Responsibility (OPR) | Known Vulnerabilities / Risks | Countermeasures / Risk Mitigation Strategy |
| Acquisition (systems/services) | |||
| Asset management | |||
| Audit and accountability | |||
| Authentication and authorization | |||
| Business continuity | |||
| Compliance management | |||
| Configuration control | |||
| Data | |||
| Hardware | |||
| Identity management | |||
| Incident management | |||
| Maintenance procedures | |||
| Media protection and destruction | |||
| Network | |||
| Planning | |||
| Personnel | |||
| Physical environment | |||
| Policy | |||
| Operations | |||
| Outsourcing | |||
| Risk assessments | |||
| Software | |||
| Training |
