Operational security compliance is a necessity in any working cybersecurity environment, as it sets the standard for policy, rule, and guideline regulation. Therein, it is necessary for security professionals to grasp the fundamental aspects of operational compliance if they are expected to be able to manage day-to-day operations that require a different level of compliance throughout a given organization.
Students will create a web portal data flow diagram of their hypothetical organization’s operational environment using Visio or similar diagramming software. Within the web portal data flow diagram, students will show how the web portal is compliant. The web portal data flow diagram must:
- Display the organization’s technical requirements (related and unrelated applications, services and links).
- Display the compliance of associated servers, routers, access-control components, data storage, internal and external data communication, data backup, e-mail servers, and so forth.
- Identify related systems and assets, regulatory requirements, and overall risk approach.
- Demonstrate each IT task to the next as aligned to regulations/compliance. For example, start with the user logging in, and then go through each step and how it is validated.