What This Document Is
This document represents a student project for SEC310: Principles and Theory of Security Management at DeVry University. It’s a two-part assignment focused on applying NIST Cybersecurity Framework policies to real-world organizations. Part 1 analyzes the Security Awareness and Training Policy, while Part 2 examines the Contingency Planning Policy. The student, Tarae Marcus, completed this assignment on April 22, 2023.
Why This Document Matters
This assignment is intended for students enrolled in SEC310. It’s used to demonstrate understanding of how NIST policies translate into practical security implementations. It’s a key component of assessing a student’s ability to research, analyze, and compare cybersecurity frameworks with industry practices.
Common Limitations or Challenges
This document is a student submission and represents one interpretation of the assignment requirements. It does not represent a comprehensive guide to NIST policies or a definitive analysis of the chosen organizations’ security postures. It’s a starting point for understanding, not a complete solution.
What This Document Provides
The full document includes:
* Answers to specific questions regarding the implementation of the Security Awareness and Training Policy, using Amazon Web Services as a real-world example.
* Answers to specific questions regarding the implementation of the Contingency Planning Policy, using the University of Arizona as a real-world example.
* A References section listing sources used in the research.
This preview does *not* include the full answers to the questions, the detailed comparison between NIST templates and organizational policies, or the complete References section. It only provides a high-level overview of the assignment’s structure and content.