You are employed with Government Security Consultants, a subsidiary of Largo Corporation. As a
member of IT security consultant team, one of your responsibilities is to ensure the security of assets as
well as provide a secure environment for customers, partners and employees. You and the team play a
key role in defining, implementing and maintaining the IT security strategy in organizations.
A government agency called the Bureau of Research and Intelligence (BRI) is tasked with gathering and
analyzing information to support U.S. diplomats.
In a series of New York Times articles, BRI was exposed as being the victim of several security breaches.
As a follow up, the United States Government Accountability Office (GAO) conducted a comprehensive
review of the agency’s information security controls and identified numerous issues.
The head of the agency has contracted your company to conduct an IT security risk assessment on its
operations. This risk assessment was determined to be necessary to address security gaps in the
agency’s critical operational areas and to determine actions to close those gaps. It is also meant to
ensure that the agency invests time and money in the right areas and does not waste resources. After
conducting the assessment, you are to develop
a final report that summarizes the findings and provides
a set of recommendations. You are to convince the agency to implement your recommendations.
This learning activity focuses on IT security which is an overarching concern that involves practically all
facets of an organization’s activities. You will learn about the key steps of preparing for and conducting
a security risk assessment and how to present the findings to leaders and convince them into taking
appropriate action.
Understanding security capabilities is basic to the core knowledge, skills, and abilities that IT personnel
are expected to possess. Information security is a significant concern among every organization and it
may spell success or failure of its mission. Effective IT professionals are expected to be uptodate
on
trends in IT security, current threats and vulnerabilities, stateoftheart
security safeguards, and
security policies and procedures. IT professionals must be able to communicate effectively (oral and
written) to executive level management in a nonjargon,
executive level manner that convincingly
justifies the need to invest in IT security improvements. This learning demonstration is designed to
strengthen these essential knowledge, skills, and abilities needed by IT professionals.
31