Description
IT Security Policy Framework
Establishing an effective Information Technology Security Policy Framework is critical in the development of a comprehensive security program. Additionally, there are many security frameworks that organizations commonly reference when developing their security programs. Review the security frameworks provided by NIST (SP 800-53), ISO / IEC 27000 series, and COBIT. Assume that you have been hired as a consultant by a medium-sized insurance organization and have been asked to draft an IT Security Policy Framework.
You may create and / or assume all necessary assumptions needed for the completion of this assignment.
Write a three to five (3-5) page paper in which you:
- Select a security framework, describe the framework selected, and design an IT Security Policy Framework for the organization.
- Describe the importance of and method of establishing compliance of IT security controls with U.S.
laws and regulations, and how organizations can align their policies and controls with the applicable regulations. - Analyze the business challenges within each of the seven (7) domains in developing an effective IT Security Policy Framework.
- Describe your IT Security Policy Framework implementation issues and challenges and provide recommendations for overcoming these implementation issues and challenges.
- Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar
Websites do not qualify as quality resources.
The specific learning outcomes associated with this assignment are:
- Identify the role of an information systems security (ISS) policy framework in overcoming business challenges.
- Design a security policy framework.
- Use technology and information resources to research issues in security strategy and policy formation.
- Write clearly and concisely about Information Systems Security Policy topics using proper writing mechanics and technical style conventions.
Your assignment must follow these formatting requirements:
- Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.
- Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.

Explanation & Answer

Let me know where you need further help
Running Head: IT SECURITY POLICY FRAMEWORK
IT SECURITY POLICY FRAMEWORK
STUDENT NAME:
TUTOR NAME:
COURSE TITLE:
DATE:
IT SECURITY POLICY FRAMEWORK
2
Introduction
Security policy frameworks are a fundamental element of any organization`s success. Well
written policies articulate an organization`s desire to achieve goals by mitigating risks and
vulnerabilities. The structure provides guidance on each employee`s responsibilities,
communicates goals and values to the business leaders and shareholders and defines the end users
security expectations. IT security policies center operations on transparency, confidentiality, and
integrity thus ensuring that sensitive information is preserved and the reliability of the data
maintained.
Designing an IT security policy framework: COBIT FRAMEWORK
The COBIT framework is an IT governance framework that fuels business success by
providing groundbreaking tools that bridge the gap between business risks, technical issues, IT
innovation and control requirements. The context inspires IT innovation, leadership and provides
a roadmap towards business optimization and business success, (Morimoto, 2013). COBIT
provides the organization with a toolset that promotes IT control by fostering evident policy
development, IT governance and regulatory compliance.
The COBIT framework is based on seven elements of information criteria. These seven
aspects are based upon the careful exploitation of IT resources, the exploitation...
