13: Critical Thinking: Propose a Security Policy for an Organization (105 Points)

Preparation: Choose a real or hypothetical organization, corporation (profit or non-profit), or institution that uses IT in its product, services, activities, and/or operations. If you work in an organization or field that could benefit from an information network security policy, you might wish to apply the project to it.

Assignment: Prepare a well-written security policy proposal for your organization that utilizes the concepts learned in the course as a basis for your analysis and policy.

Make sure that your proposal includes the basic elements of a good security policy including:

  1. Introduction describing your organization and describing its mission, products/services, technical resources, and technical strategy
  2. Analysis of the organization’s relationships to its clients/customers, staff, management, and owners or other stakeholders
  3. A vulnerability assessment
  4. Your recommendation, including:
    1. Proposed remedial measures (as appropriate to the situation; these might include firewall/gateway provisions, authentication and authorization, encryption systems, intrusion detection, virus detection, incident reporting, education/training, etc.
    2. Proposed code of ethics or code of practice to be applied within the organization
    3. Legal/compliance requirements and description of how they will be met
    4. Proposed security policy statement/summary

Your paper should be two to three pages in length.