Dennis Odhiambo

1 Running Head: SCOPE OF WORK (SOW) Scope of Work (SoW) Amador Alejandro Marin University of Maryland Global Campus This study source was downloaded by- from CourseHero.com on-:25:26 GMT -05:00 https://www.coursehero.com/file/-/Project-1-Scope-of-Workdocx/ 2 SCOPE OF WORK (SOW) This Scope of Work (SoW) key elements defines security measures by breaking them down into segments and providing examples. Physical, personnel, network, and cybersecurity are critical areas used to address threats, risks, and vulnerabilities to provide a holistic approach of areas that need to be covered and considered to achieve maximum effectiveness and success. Physical security is an overarching term that includes the protective measure of personnel, hardware, software, networks, and data from physical actions and events that could cause severe loss or damage to a company's assets. This includes protection from fire, flood, natural disasters, intrusion, theft, vandalism, and terrorism. Some measures include security personnel assigned to guard building entry points, camera, badge, and biometric systems to verify access eligibility. The purpose of personnel security is to authorize initial and continued access to information and the assignment to duties to those persons whose determination of loyalty, reliability, and trustworthiness are such that by entrusting them with information assess or the assignment to sensitive duties is consistent with the interests of a company. Processes used to determine personnel trustworthiness include: background investigations and continuous evaluation to verify ongoing eligibility for sensitive assignments. Similarly, to personnel security, network security are safeguards implemented at the software and hardware level, to prevent access of unauthorized personnel to sensitive information. Examples include: multiple-factor authentication, strong password criteria, and requirements, role-based assess control (RBAC), and the implementation of anti-virus software, firewalls, and This study source was downloaded by- from CourseHero.com on-:25:26 GMT -05:00 https://www.coursehero.com/file/-/Project-1-Scope-of-Workdocx/ 3 SCOPE OF WORK (SOW) intrusion prevention and detection systems. Cybersecurity is the conglomeration of measures to protect computer systems and networks to prevent or mitigate cyber-attacks. Cyber-attacks being the actions aimed at accessing, changing, or destroying sensitive information, exhorting ransom from information owners or the interruption or delays of business processes. The main goal of this SoW is to implement enough of the security measure previously defined to address the following cybersecurity concerns:  Threats are any malicious acts that seek to damage, steal data, or disrupt computer and network services. Some threats include computer viruses, data breaches, and Denial of Service (DoS) attacks.  Risk is the potential loss or harm to the computer and network infrastructure, use of technology, or reputation of an organization.  Vulnerabilities are weaknesses exploitable by a cyber-attack to gain unauthorized access to computer systems and networks to perform unauthorized actions. Vulnerabilities can allow attackers to run code, access a system's memory, install malware, and steal, destroy or modify sensitive data. Lastly, to determine any measure or performance (MOP) or effectiveness (MOE), a process of scheduled and unscheduled assessments must be implemented to determine if any of the This study source was downloaded by- from CourseHero.com on-:25:26 GMT -05:00 https://www.coursehero.com/file/-/Project-1-Scope-of-Workdocx/ 4 SCOPE OF WORK (SOW) measures currently in place are worth the return on investment (ROI), and equally important, address the company’s need. This study source was downloaded by- from CourseHero.com on-:25:26 GMT -05:00 https://www.coursehero.com/file/-/Project-1-Scope-of-Workdocx/ Powered by TCPDF (www.tcpdf.org)