13: Critical Thinking: Propose a Security Policy for an Organization (105 Points)
Preparation: Choose a real or hypothetical organization, corporation (profit or non-profit), or institution that uses IT in its product, services, activities, and/or operations. If you work in an organization or field that could benefit from an information network security policy, you might wish to apply the project to it.
Assignment: Prepare a well-written security policy proposal for your organization that utilizes the concepts learned in the course as a basis for your analysis and policy.
Make sure that your proposal includes the basic elements of a good security policy including:
- Introduction describing your organization and describing its mission, products/services, technical resources, and technical strategy
- Analysis of the organization’s relationships to its clients/customers, staff, management, and owners or other stakeholders
- A vulnerability assessment
- Your recommendation, including:
- Proposed remedial measures (as appropriate to the situation; these might include firewall/gateway provisions, authentication and authorization, encryption systems, intrusion detection, virus detection, incident reporting, education/training, etc.
- Proposed code of ethics or code of practice to be applied within the organization
- Legal/compliance requirements and description of how they will be met
- Proposed security policy statement/summary
Your paper should be two to three pages in length.