PLEASE ANSWER ASAP.please give a detailed solution. only answer the sections 5-18 . Thank you

please only answer the questions in the template given below.Please don't generate a generic answer from Wikipedia.

Develop your organizations (or organization of choice)according to the template below. Comprehensive Information and Security and Privacy Program using the template provided. you should have each main section of the document covered in some capacity. E.G. - you need a policy section, however, the policies outlined are just examples.

The template of questions to be answered( template mentioned above )

1.Background

What does your organization do? Size? Business model? Locations? Employee count? Etc..

2. Purpose What is the purpose of this document?

3. Scope Who and what does this program cover? Are there any exceptions to this program? Think about all the policies, procedures, guidelines, and standards etc these should all be in scope (you need not outline them all here). General scope statement here will suffice.

4. Key Terms and Definitions Think about the language of risk management here. What are the key terms that laypersons will need to understand in order to make sense of this document? Think about any lingo used in the risk management space and attempt to define it here. I can think of about 8-10 here from items we covered well in class.

5. Governance Under what authority is this program manual? CEO / Board? Both? Has the CEO delegated the authority to anyone internally? What is responsible for carrying out this program? What groups need to be informed of this program in order for it to be fully effective (hint risk / privacy management applies to all areas of the business in some way or another). Feel free to do a RACI chart if you like. Department Personnel Title Function Consider creating an information security and privacy council to ensure that all stakeholders are involved / and understand the document. If so, how often will it meet? What will the councils mandate be? If the council suggests changes to policy, who will be allowed to ratify those changes (CEO / Board)? Enforcement Who and what business units are responsible for the enforcement of this program (and all the policies, procedures, guidelines, standards within it). Other Responsibility and Accountability Are there any other groups that are responsible and accountable? Board e.g.? Other executive committees? If so, what is their role?

6. Regulatory Landscape

Generalize about your regulatory landscape here? Provide some color. Regulators Who are your regulators outline them here. Regulations What are your primary regulations? Consider using the appendix for more specifics

7. Privacy Program

Describe how you protect the privacy of your customers, employees et al. What are your core fundamentals when considering data privacy? Hint describe a data privacy impact assessment as a way to ensure this program is up to date and in line with privacy best practices.

8. Data Governance

Create a general statement as to what your organization does to protect critical data. How? Who is responsible for maintaining it? (One paragraph)

9. Training and Awareness of the Program

What does your training and awareness program look like? Is it required? What are the particulars of how it operates? How often are employees trained and in what are they trained in? Who is responsible for the training? Does it include cybersecurity tabletop exercises?

10. Risk Management

What is your general approach to risk management? Risk Frameworks (Which do you benchmark off of and why?) Risk Assessment (how do you assess risk in your organization from a process standpoint?)

12. Physical Security

What are the basic fundamentals of your physical security program?

13. Policies

Data Classification and Governance Policy Write a short description Identify and Access Management Policy Write a short description Data Retention and Destruction Policy Write a short description Website Privacy Policy and Terms of Use Write a short description Mobile Device Policy Write a short description Acceptable Use Policy Write a short description

14. Procedures

Business Recovery Procedures Write a short description Disaster Recovery Procedures Write a short description Incident Response Procedures Write a short description Identity and Access Management Procedures Write a short description Third Party / Supply Chain Due Diligence Procedures Write a short description Software Development Lifecycle Procedures Write a short description (Include how your software team handles cybersecurity fundamentals)

15. Guidelines Data Loss Prevention Guidelines Write a short description Physical Security Guidelines Write a short description Inventory and Asset Management Guidelines Write a short description Vulnerability Management Write a short description

16. Testing

Annual Risk Assessments Write a short description Annual Penetration Testing Write a short description Annual DR/BCP Testing Write a short description Periodic Phishing Testing Write a short description

17. Configuration Standards

Mobile Device Configuration Standards (Mobile Device Management) Write a short description Desktop / Laptop Configuration Standards Write a short description Network Device Configuration Standards Write a short description Network Security Standards Write a short description Email Configuration Standards (incoming / outgoing / mail client) Write a short description

18. Cyber Defense Program Outline your Cyber defense strategy.

What are the core tenets? What are the baseline fundamentals of cyber defense? Technical Cyber Program: Describe your overall tactical / technical strategy. Defense in Depth: Which technical components of this strategy will you implement? Zero Trust: Which Technical components of this strategy will you implement? Team / Organization Structure: How is your Cyber team structured? What are the key roles and responsibilities? Agile approach? 3LOD approach? Blend of both? Security Operations: How do your teams work?