In this assignment, students will apply what they have learned in the course about FISMA compliance, CSF framework, and the ISO/IEC 27001:2013 certification process to expand their understanding through the lens of an internal auditor for a small and medium-sized business. The student may select to address the scenario from a federal or private sector perspective, but must be sure to denote which sector is chosen and apply the appropriate logic to the steps needed to secure compliance.
The federal and private sector organization is considering ISO/IEC 27001:2013 certification and currently holds a Level 3 strategic alignment organizational alignment maturity (established policies, procedures, and SOPs). The organization requires additional work to obtain an optimized state and you have been asked to lead the effort to get them there.
In a 750- to 1,000-word paper, describe the steps you would use to help the organization begin to prepare for this certification. Make sure to address the following:
- What is the organizational readiness for certification? Review the Strategic Alignment Maturity Model Levels for this portion.
- How many members of your internal audit team will you need to perform the risk assessment? How long will the risk assessment take?
- What internal technology teams and other key stakeholders will you need to engage?
- Provide a brief description of the ISO/IEC 27001:2013 or FISMA certification process (dependent on sector type chosen).
Make sure to reference academic or NIST official publications (most current year available via the Internet) or other relevant sources published within the last 5 years.
Prepare this assignment according to the guidelines found in the APA Style Guide, located in the Student Success Center.
This assignment uses a rubric. Please review the rubric prior to beginning the assignment to become familiar with the expectations for successful completion.