This assignment is designed to demonstrate your ability to write a professional document aimed at management or senior leadership in your organization.

Scenario:

You are employed as an information assurance lead in a small U.S.-based company that is expanding their customer base to include international clients in Europe and North Africa. As a small company your employer has also attracted the attention of larger companies interested in licensing your intellectual property, the out-right purchasing of the entire company, or otherwise obtaining access to your intellectual property and/or lists of clients.

Management has tasked you to analyze the risks the company faces as it sends sales and marketing personnel overseas to engage with future potential clients. The company does not perform actual work overseas but rather delivers the end product customers have contracted to them, so the intellectual property is not at risk after the sale (i.e., clients cannot reverse engineer the delivered product or otherwise obtain company secrets at or after delivery). The sales and marketing personnel, however, require access to the intellectual property, or parts of it, during demonstrations and capability briefings to clients and that information, as well as the full intellectual property held back at the company headquarters in the U.S., must be protected.

Write a 2-3 page paper, which could be a draft of a new policy or a risk assessment & mitigation proposal, for your fictional companys senior management on the information technology and intellectual property threats facing the organizations devices and network both at corporate headquarters and when the sales and marketing officers travel in the US and internationally.

Applying material from modules 1-5:

• How does defense in depth, assets, threats, vulnerabilities, controls, cryptography, and the laws & regulations both in the US and overseas impact how the IT devices and networks should be configured, operated, monitored, and deployed?
• Is there any specific guidance or training people at HQS and those who travel domestically and internationally be provided?
• What mitigations may help reduce the risk to the organization?
• Are there specific legal or regulation hazards the organization should avoid or be aware of and accept as additional potential risks?

This assignment is less about having the "perfect" answer for the organization's needs than it is graded based on the ability to demonstrate clear arguments based on information security concepts we have covered in the first 5 weeks. Points will be deducted for spelling and grammar errors as well as incoherent arguments or arguments presented without foundations. Threats and risks should be clearly stated as should the associated mitigations when applicable.