Information Security Gap Analysis: EZTechMovie

For the past 2 years, you have been working as a system administrator. Even though you have gained valuable experience in system administration and incorporating security into your daily tasks, you felt it was necessary to branch out and look for a job in the cybersecurity field. Fortunately for you, you attended Association for Computing Machinery (ACM), InfraGard, the International Information System Security Certification Consortium (ISC)2, Information Systems Security Association (ISSA), ISACA, and Open Web Application Security Project (OWASP) meetings. You learned about an opportunity at the EZTech Orientation (Links to an external site.), a private video-streaming company, from the networking that you did at these meetings. After visiting Career Services at UAGC, you are now prepared for your interview. After a strenuous interview with the CEO, CIO, and CISO, you were offered and accepted a position as a cybersecurity engineer. Mr. Martin, your esteemed CISO, is counting on you to construct the appropriate countermeasures to ensure the principles of information security when protecting the seven domains of EZTechMovie.

For this assignment, you will produce an information security gap analysis based upon the steps listed in Closing the Gaps in Security: A How-To Guide (Links to an external site.), which pulls information from this week’s recommended reading, Gap Analysis 101 (Links to an external site.), a webpage article written by Amy Helen Johnson. An Information Security Gap Analysis Template has been provided with the criteria needed to complete the assignment. Mr. Martin has provided documentation that you will need, but he did not provide any details about the laws, regulations, standards, or best practices that apply to EZTechMovie. As lead cybersecurity engineer and Mr. Martin’s go-to person, you will need to research any applicable laws, regulations, standards, or best practices (“framework”) that apply to EZTechMovie for a critical business function (CBF) that applies to EZTechMovie. An explanation as to why the framework applies to EZTechMovie is also required. An example has been provided to you.

Example of gaps identified using the provided template. Gaps are identified in red font.

Frameworks Section

PCI-DSS v 3.2 is the latest industry standard designed to protect consumers’ cardholder data and is required to be used by any company that accepts credit cards. EZTechMovie accepts credit cards, so the company must comply with the regulation. In your assignment, complete the Information Security Gap Analysis Template as it would apply to EZTechMovie. When formatting the sections of your paper within the template, you may find it helpful to refer to the Level Headings section of the Writing Center’s Introduction to APA (Links to an external site.) to be sure you are following APA 7th standards.

In your paper,

Explain the scope of the information security gap analysis by preparing a scope statement that includes an introduction to the analysis, deliverables, assumptions, and constraints. (Scope Section)

Choose an appropriate framework, if applicable. (Gap Analysis Section)

Identify at least 10 controls distributed among selected frameworks. (Gap Analysis Section)

Identify an existing EZTechMovie policy, if applicable. (Gap Analysis Section)

Evaluate any gap, if applicable. (Gap Analysis Section)

Summarize why a gap does not exist, if applicable. (Gap Analysis Section)

State the framework. (Frameworks Introduction Section)

Critique the framework. (Frameworks Introduction Section)

Justify why EZTechMovie needs to comply with the stated framework. (Frameworks Introduction Section)

The Information Security Gap Analysis paper

Must be presented using the Information Security Gap Analysis Template.

Must be three to five double-spaced pages in length (not including title and references pages) and formatted according to APA Style (Links to an external site.) as outlined in the Writing Center’s APA Formatting for Microsoft Word (Links to an external site.) resource.

Must include a separate title page with the following:

Title of paper in bold font

Space should be between title and the rest of the information on the title page.

Student’s name

Name of institution (UAGC)

Course name and number

Instructor’s name

Due date

Must utilize academic voice. See the Academic Voice (Links to an external site.) resource for additional guidance.

Must include an introduction and conclusion paragraph. Your introduction paragraph needs to end with a clear thesis statement that indicates the purpose of your paper.

For assistance on writing Introductions & Conclusions (Links to an external site.) as well as Writing a Thesis Statement (Links to an external site.), refer to the Writing Center resources.

Must use at least two scholarly, peer-reviewed, or credible sources in addition to the course text.

The Scholarly, Peer-Reviewed, and Other Credible Sources (Links to an external site.) table offers additional guidance on appropriate source types. If you have questions about whether a specific source is appropriate for this assignment, please contact your instructor. Your instructor has the final say about the appropriateness of a specific source for this assignment.

To assist you in completing the research required for this assignment, view this Quick and Easy Library Research (Links to an external site.) tutorial, which introduces the UAGC Library and the research process, and provides some library search tips.

Must document any information used from sources in APA Style as outlined in the Writing Center’s APA: Citing Within Your Paper (Links to an external site.) guide.

Must include a separate references page that is formatted according to APA Style as outlined in the Writing Center. See the APA: Formatting Your References List (Links to an external site.) resource in the Writing Center for specifications.

Carefully review the Grading Rubric (Links to an external site.) for the criteria that will be used to evaluate your assignment.