Description
Assignment 1: Creating and Communicating a Security Strategy
As an IT professional, you’ll often be required to communicate policies, standards, and practices in the
workplace. For this assignment, you’ll practice this important task by taking on the role of an IT
professional charged with creating a memo to communicate your company’s new security strategy.
The specific course learning outcomes associated with this assignment are:
Preparation
1. Review the essential elements of a security strategy
A successful IT administration strategy requires the continuous enforcement of policies, standards, and
practices (procedures) within the organization. Review these elements to see how they compare:
Policy: The general statements that direct the organization’s internal and external communication and goals.
Standards: Describe the requirements of a given activity related to the policy. They are more detailed and specific than policies. In effect, standards are rules that evaluate the quality of the activity. For example, standards define the structure of the password and the numbers, letters, and special characters that must be used in order to create a password.
Practices: The written instructions that describe a series of steps to be followed during the performance of a given activity. Practices must support and enhance the work environment. Also referred to as procedures.
2. Describe the business environment
You are the IT professional in charge of security for a company that has recently opened within a shopping mall. Describe the current IT environment at this business. You can draw details from a company you work for now or for which you have worked in the past. You’ll need to get creative and identify the details about this business that will influence the policies you’ll create. For example, does the company allow cell phone email apps? Does the company allow web mail? If so, how will this affect the mobile computing policy? Describe all the details about this business environment that will be necessary to support your strategy.
3. Research sample policies
Familiarize yourself with various templates and sample policies used in the IT field. Do not just copy another company’s security policy, but rather learn from the best practices of other companies and apply them to yours. Use these resources to help structure your policies:
● Information Security Policy Templates
● Sample Data Security Policies
● Additional Examples and Tips
Instructions
With the description of the business environment (the fictional company that has opened in a shopping mall) in mind and your policy review and research complete, create a new security strategy in the format of a company memo (no less than three to five pages) in which you do the following:
1. Describe the business environment and identify the risk and reasoning
Provide a brief description of all the important areas of the business environment that you’ve discovered in your research. Be sure to identify the reasons that prompted the need to create a security policy.
2. Assemble a security policy
Assemble a security policy or policies for this business. Using the memo outline as a guide, collect industry-specific and quality best practices. In your own words, formulate your fictional company’s security policy or policies. You may use online resources, the Strayer Library, or other industry-related resources such as the National Security Agency (NSA) and Network World. In a few brief sentences, provide specific information on how your policy will support the business' goal.
3. Develop standards
Develop the standards that will describe the requirements of a given activity related to the policy. Standards are the in-depth details of the security policy or policies for a business.
4. Develop practices
Develop the practices that will be used to ensure the business enforces what is stated in the security policy or policies and standards.
Format your assignment according to the following formatting requirements:
● You may use the provided memo outline as a guide for this assignment, or you may use your own. Get creative and be original! (You should not just copy a memo from another source.) Adapt the strategy you create to your “company” specifically. In the workplace, it will be important to use company standard documents for this type of communication.
● Do not cut and paste someone else’s strategy. Plagiarism detection software will be used to evaluate your submissions.
Additional Examples and Tips
Example 1: XYZ Inc. Company-Wide Employee Password Strategy
Policies
Standards
Practices-Employee
Example 2: Security Policy and Standards
Password Policy: Passwords are an important part of computer security at your organization. They often serve as the first line of defense in preventing unauthorized access to the organization’s computers and data.
In order to define the password policy, it is important to identify the standards.
1. Multi-factor authentication
2. Password strength standard
3. Password security standards; how to keep the password secure
Tips and Points to Consider When Identifying Risks or Security Vulnerabilities
Memo Outline
Network Security Associates of Atlantis, Inc.
123 Watery Lane
Atlantis, USVI 91199
From: IT Security Dept.
Re: Security Policy
Date:
Section 1: General Policies and Motivation
Section 2: Passwords
Section 3: Biometrics
Section 4: Tokens
Section 5: Physical Security
Section 6: Email Policies
Section 7: Breach Reporting Responsibilities
Section 8: Mobile Policy and BYOD (Bring Your Own Device)
Explanation & Answer
Attached.
Running head: MEMO
1
Employee Password Strategy Memo
Institution Affiliation
Date
MEMO
2
VizTech Electronics, Inc.
143 Broadway
New York
From: Information Technology Department.
Re: Employee Password Strategy
Date: April 25, 2019
Section 1: Business Environment and Risks
VizTech Electronics, Inc. deals with the sale of electronics and appliances like
computers, radios, televisions, microwaves, and fridges. The company’s stall and office are
within a shopping mall. The company uses an Enterprise Resource Planning (ERP) system to
manage its operations. Customers’ purchases are recorded using a point of sale system. VizTech
Electronics currently maintains eight point-of-sale stations to serve customers quickly. The
Company employs 55 people. Thirty of the 55 people use a workstation to do their jobs. VizTech
has installed a computer network to enable the employees to access shared resources like the
ERP system. The computer network also enables all the company’s employees to access the
internet through the company’s router. Most workstations are connected to the company’s
network through cables. The company also maintains a wireless network.
The environment that VizTech operates in presents severe threats to the firm’s IT
infrastructure. Many enterprises are operating in the shopping mall. Many people get in and out
of the mall. Individuals or enterprises in or around the mall might attempt to compromise
VizTech’s computer systems to achieve a particular end. Individuals inside the mall are within
MEMO
3
the range of the firm’s wireless network. Attackers’ access to the wireless network would enable
them to access resources that should only be accessed by authorized VizTech employees. Access
to employees’ workstations inside the company’s premises would also enable attackers to access
the company’s systems. The security risks presented by the firm’s operating environment and
installed system necessitate serious security precautions. The IT department has enhanced the
company’s physical, network, and computer security to repel attacks. Employees also have a
critical role to play in s...