Propose a Security Policy for an Organization, computer science homework help

User Generated

jyqfghqlcbbyznxre

Computer Science

Description

PORTFOLIO PROJECT (330 Points)

Propose a Security Policy for an Organization

Preparation: Choose a real or hypothetical organization, corporation (profit or nonprofit), or institution that uses IT in its product, services, activities, and/or operations. If you work in an organization or field that could benefit from an information network security policy, you might wish to apply the project to it.

Assignment: Prepare a well-written security policy proposal for your organization that utilizes the concepts learned in the course as a basis for your analysis and policy.

Make sure that your proposal includes the basic elements of a good security policy including:

  1. Introduction describing your organization and describing its mission, products/services, technical resources, and technical strategy
  2. Analysis of the organization’s relationships to its clients/customers, staff, management, and owners or other stakeholders
  3. A vulnerability assessment
  4. Your recommendation, including:
    1. Proposed remedial measures (as appropriate to the situation; these might include firewall/gateway provisions, authentication and authorization, encryption systems, intrusion detection, virus detection, incident reporting, education/training, etc.)
    2. Proposed code of ethics or code of practice to be applied within the organization
    3. Legal/compliance requirements and description of how they will be met
    4. Proposed security policy statement/summary

Important: Your proposal must justify every element of your proposal in ethical and legal terms. In other words, you need to state why each policy/code element (including technical elements) is good for business and why it is good/sound ethical policy (how it is good for the organization and why it is good for customers, users, or employees, or the public). Also identify any ethical/legal tensions, conflicts, and/or contradictions and justify any trade-offs being made in the recommendation.

Discuss and cite at least four credible or scholarly sources other than the course textbooks (which can be cited as well) to support your analysis and policy choices. Your paper should be 10-12 pages in length with document and citation formatting per the APA guidelines.

Recommendation: It is recommended that students review Chapter 8 in the course textbook, which is required reading for Module 6, early in the term and apply the knowledge therein to planning and drafting the Portfolio Project. In Chapter 8 (and also in the early part of Chapter 10), the textbook author discusses the role of a security policy in the compliance of an organization. He observes that in response to public outcry in the 1990s, governments went on a binge passing laws to regulate the new Internet. But privacy advocates pushed back and by the early 2000s, the result of much politicking was a mixed system of sectoral laws (dealing with specific situations) and largely voluntary norms. These norms were adopted by organizations and enshrined in security and privacy policies regarding data and networking. Kizza (2011) made the point that, “A good, balanced and unified approach to information security compliance consists of a good security policy that effectively balances and enforces core information security and compliance elements” (p. 184).

Incremental Deliverable due 11:59 P.M. on Sunday of Week 2

Submit a brief description of the “real or hypothetical organization, corporation (profit or non-profit), or institution that uses IT in its product, activities, or operations” that will serve as the scenario for your Portfolio Project. If you work or have worked for an organization could benefit from an information network security policy, consider using your place of employment as the scenario for your project.

Your description should be at least a paragraph and no more than a page in length.

User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Attached.

1

Running head: SECURITY POLICY

PORTFOLIO PROJECT: Propose a Security Policy for an Organization
Name:
Institution:

SECURITY POLICY
1.

2

Introduction describing your organization and describing its mission,

products/services, technical resources, and technical strategy
The hypothetical organization is a bank, TTT Bank, which usually targets the middle and
low-income earners. The bank has a mission to ensure banking for all and delivering equity to
everyone as pertains to banking. Conventionally, banks reserved their services to the high end,
the subject bank formulated services that are accessible for everyone including the low-income
earners. However, the bank also provides services that befit high-income earners, but it has
recognized the business potential that the lower classes of the society possess. Subsequently, the
bank has geared up to bringing its services to its customers. It has opened numerous branches
that lie strategically to areas that low and middle-income earners concentrate. Additionally, it has
diversified its service delivery in a way that has seen miniature banks opening in almost all
neighborhoods. The bank has not concentrated its service delivery to urban and suburb areas, but
it has penetrated the market where it has managed to come up with mobile banking services.
TTT Bank offers typical banking services in addition to other services that its innovation
department has developed. The conventional services that the bank offers including accepting
deposits and withdrawals, loans, overdrafts, depository services for valuable goods and shares,
and credit card services. In pursuit of taking its services closer to people, the bank has introduced
an agency program where it recruits business people to offer banking services. The participants
in agency banking are people who have operated their businesses for over three years, and they
receive a commission for every transaction. However, the bank has limited the agency
transactions to basic operations such as account opening, deposits and withdrawals and balance
check. This move is in line with ensuring that the bank observes a high level of security for its

SECURITY POLICY

3

services. Bank customers who visit the agency banking outlets must carry their identity cards as
well as their credit or debit cards that they get from the bank itself.
The bank also offers insurance covers where it acts as a broker. This service is as a result
of product diversification strategy that the bank adopted several years ago. The other product that
the bank offers is mobile money transfers where its customers access their accounts for
withdrawal, deposit and balance inquiry using their cell phones. It becomes easier for a customer
to transact without a physical appearance to the bank. Additionally, the bank has liaised with
business people where customers can make payments using the mobile transfers instead of
physical currency. The bank has a long-term strategy that seeks to ensure a non-physical
currency environment where trading entails the use of virtual money. Recently, the bank
partnered with the country's transportation system where it has come up with a pre-paid debit
card that commuters use in public transportation systems such as railways, buses, and trams.
Lastly, the bank has partnered with several mobile networks, and customers can load airtime on
their phones directly from their bank accounts.
Due to a wide array of products that the bank offers, it has invested heavily in technical
resources. Besides the normal banking halls, the bank has come up with strong network
connections that can remotely relay information from the bank servers to several points of
service. The network is remotely connected, and every POS has a microchip that allows it to
connect with the bank. Some of the remote service delivery points have portable machines that
customers use to swipe their debit or credit cards. The machines are mostly found in the banking
agents a...


Anonymous
Just what I was looking for! Super helpful.

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Related Tags