Office of Personnel Management OPM CMP 610Project 1: Security Models
Most companies and agencies implement security models to protect the confidentiality, integrity, and availability (CIA) of information and data. As security vulnerabilities and threats continue to evolve, security systems need to adapt to effectively protect data and systems. In this project, you will evaluate existing security models and their attributes and ultimately recommend a custom security plan to your assigned organization. You will also evaluate the pros and cons of implementing particular model attributes based on the type of organization and employees in relation to CIA. Upon completion of this project, you will have written a report on the importance of security models in organizations like yours and identified the vulnerabilities of your organization. This is the first of four sequential projects. There are 14 steps in this project. Begin by reviewing the project scenario, then proceed to Step 1.
When you submit your project, your work will be evaluated using the competencies listed below. You can use the list below to self-check your work before submission.
- 5.1: Define and appropriately use basic cybersecurity concepts and terminology.
- 6.2: Create an information security program and strategy, and maintain their alignment.
- 7.3: Evaluate enterprise cybersecurity policy.
- 9.2: Rank the vulnerabilities of a system from a disaster-management perspective.
Step 1: Review Assigned Organization
All four projects for this course will be completed from the vantage point of a specific industry and an organization assigned to you by the instructor. Familiarize yourself with the organization your instructor has assigned to you by reviewing the organization description. The descriptions include an overview and key information about the organization, as well as information about a breach or attempted breach. For the purposes of this course, you will assume this organization is your employer. You may wish to briefly research your assigned organization to gather additional information about the organization and its security posture.