Assignment 1: Creating and Communicating a Security Strategy

User Generated

oevqtrbxblr

Computer Science

CIS 333

Description

As an IT professional, you’ll often be required to communicate policies, standards, and practices in the workplace. For this assignment, you’ll practice this important task by taking on the role of an IT professional charged with creating a memo to communicate your company’s new security strategy.

The specific course learning outcomes associated with this assignment are: • Analyze the importance of network architecture to security operations. • Apply information security standards to real-world implementation. • Communicate how problem-solving concepts are applied in a business environment. • Use information resources to research issues in information systems security. • Write clearly about network security topics using proper writing mechanics and business formats.

Unformatted Attachment Preview

CIS333 – Networking Security Fundamentals Assignment 1: Creating and Communicating a Security Strategy First Draft Due Week 4 Final Due Week 6, worth 80 points As an IT professional, you’ll often be required to communicate policies, standards, and practices in the workplace. For this assignment, you’ll practice this important task by taking on the role of an IT professional charged with creating a memo to communicate your company’s new security strategy. The specific course learning outcomes associated with this assignment are: • Analyze the importance of network architecture to security operations. • Apply information security standards to real-world implementation. • Communicate how problem-solving concepts are applied in a business environment. • • Use information resources to research issues in information systems security. Write clearly about network security topics using proper writing mechanics and business formats. Preparation 1. Review the essential elements of a security strategy A successful IT administration strategy requires the continuous enforcement of policies, standards, and practices (procedures) within the organization. Review these elements to see how they compare: Policy The general statements that direct the organization’s internal and external communication and goals. Standards Describe the requirements of a given activity related to the policy. They are more detailed and specific than policies. In effect, standards are rules that evaluate the quality of the activity. For example, standards define the structure of the password and the numbers, letters, and special characters that must be used in order to create a password. Practices The written instructions that describe a series of steps to be followed during the performance of a given activity. Practices must support and enhance the work environment. Also referred to as procedures. 2. Describe the business environment You are the IT professional in charge of security for a company that has recently opened within a shopping mall. Describe the current IT environment at this business. You can draw details from a company you work for now or for which you have worked in the past. You’ll need to get creative and identify the details about this business that will influence the policies you’ll create. For example, does the company allow cell phone email apps? Does the company allow web mail? If so, how will this affect the mobile computing policy? Describe all the details about this business environment that will be necessary to support your strategy. © 2017 Strayer University. All Rights Reserved. This document contains Strayer University Confidential and Proprietary information and may not be copied, further distributed, or otherwise disclosed in whole or in part, without the expressed written permission of Strayer University. Page 1 of 6 CIS333 – Networking Security Fundamentals 3. Research sample policies Familiarize yourself with various templates and sample policies used in the IT field. Do not just copy another company’s security policy, but rather learn from the best practices of other companies and apply them to yours. Use these resources to help structure your policies: ● Information Security Policy Templates ● Sample Data Security Policies ● Additional Examples and Tips Instructions With the description of the business environment (the fictional company that has opened in a shopping mall) in mind and your policy review and research complete, create a new security strategy in the format of a company memo (no less than three to five pages) in which you do the following: 1. Describe the business environment and identify the risk and reasoning Provide a brief description of all the important areas of the business environment that you’ve discovered in your research. Be sure to identify the reasons that prompted the need to create a security policy. 2. Assemble a security policy Assemble a security policy or policies for this business. Using the memo outline as a guide, collect industry-specific and quality best practices. In your own words, formulate your fictional company’s security policy or policies. You may use online resources, the Strayer Library, or other industry-related resources such as the National Security Agency (NSA) and Network World. In a few brief sentences, provide specific information on how your policy will support the business' goal. 3. Develop standards Develop the standards that will describe the requirements of a given activity related to the policy. Standards are the in-depth details of the security policy or policies for a business. 4. Develop practices Develop the practices that will be used to ensure the business enforces what is stated in the security policy or policies and standards. Format your assignment according to the following formatting requirements: • ● ● This course is designed to prepare you for a career in IT. While most Strayer University courses require APA (essay) format, this course focuses on writing in a business format. Review this resource to learn more about the important features of business writing: The One Unbreakable Rule in Business Writing. You may use the provided memo outline as a guide for this assignment, or you may use your own. Get creative and be original! (You should not just copy a memo from another source.) Adapt the strategy you create to your “company” specifically. In the workplace, it will be important to use company standard documents for this type of communication. Do not cut and paste someone else’s strategy. Plagiarism detection software will be used to evaluate your submissions. © 2017 Strayer University. All Rights Reserved. This document contains Strayer University Confidential and Proprietary information and may not be copied, further distributed, or otherwise disclosed in whole or in part, without the expressed written permission of Strayer University. Page 2 of 6 CIS333 – Networking Security Fundamentals Rubric Grading for this assignment will be based on answer quality, logic/organization of the memo, and language and writing skills, using the following rubric. Points: 80 Assignment 1: Creating and Communicating a Security Strategy Criteria Unacceptable Below 60% F 1. Describe the business and identify the risk and reasoning Does not describe the business and does not submit or incompletely identifies the risk and reasoning. Weight: 20% 2. Assemble a security policy or policies for the business Meets Minimum Expectations 60-69% D Insufficiently describes the business. The risk is unclear and there is not a clear connection to a reason. Does not submit or incompletely assembles a security policy or policies for the business. The policy is missing major elements and does not communicate how it would support the business goal. Does not submit or incompletely develops standards. The standards are not fully developed and do not describe the requirements of the activity. Weight: 25% 3. Develop standards Weight: 25% Fair 70-79% C Proficient 80-89% B Exemplary 90-100% A Partially describes the business. Satisfactorily describes the business. Thoroughly describes the business. The risk is stated but the reasoning needs more supporting details. The risk is identified and the reasoning has some supporting details. The risk is clearly identified and the reasoning has wellsupported detail to connect the risk to the reasoning. The policy includes most elements and satisfactorily indicates how it would support the business’ goal, but was lacking supporting details. The policy includes all the necessary elements and clearly indicates how it will support the business’ goal. The standards satisfactorily describe many of the requirements of the activity but could use more details. The standards thoroughly describe all the requirements of the activity and include sound, indepth details. More details and a clear connection to the risk would improve this section. The policy includes some elements and partially indicates how it would support the business’ goal, but was lacking supporting details. The standards partially describe some of the requirements of the activity but lack the details necessary to make them complete. © 2017 Strayer University. All Rights Reserved. This document contains Strayer University Confidential and Proprietary information and may not be copied, further distributed, or otherwise disclosed in whole or in part, without the expressed written permission of Strayer University. Page 3 of 6 CIS333 – Networking Security Fundamentals Points: 80 Criteria 4. Develop practices Weight: 25% 5. Clarity, writing mechanics, and business formatting requirements Weight: 5% Assignment 1: Creating and Communicating a Security Strategy Unacceptable Below 60% F Does not submit or incompletely develops practices. The writing lacks clarity. Formatting is not appropriate for business. Meets Minimum Expectations 60-69% D The practices do not include enough description to ensure the business can enforce what is stated in the policies and standards. Fair 70-79% C Proficient 80-89% B Exemplary 90-100% A The practices partially describe how to ensure the business can enforce what is stated in the policies and standards. The practices satisfactorily address how to ensure the business can enforce what is stated in the policies and standards. The practices thoroughly address how to ensure the business can enforce what is stated in the policies and standards. The written instructions do not include steps or enough steps to make them complete. The written instructions include some steps, but they could be expanded to make them complete. The written instructions include all the necessary steps and have wellsupporting details. The writing lacks some clarity. The writing is beginning to show clarity. Formatting is not appropriate for business. Business formatting is partially applied. The written instructions include many of the necessary steps, but additional steps and details would improve the instructions. The writing is mostly clear and business formatting is apparent. Some minor adjustments would improve the overall format. The writing is professional and clear. The formatting is excellent and aligned with business requirements. © 2017 Strayer University. All Rights Reserved. This document contains Strayer University Confidential and Proprietary information and may not be copied, further distributed, or otherwise disclosed in whole or in part, without the expressed written permission of Strayer University. Page 4 of 6 CIS333 – Networking Security Fundamentals Additional Examples and Tips Example 1: XYZ Inc. Company-Wide Employee Password Strategy Policies • All users must have a password. • Passwords must be changed every six months. Standards • A password must have a minimum of six characters. • A password must have a maximum of 12 characters. • A password must contain letters, numbers, and special characters other than $. Practices-Employee • • • • Create a password. The UserID should be an EmployeeID already generated by HR. Send a request to create the account to the Information Technology (IT) department. User receives a temporary password. Users must change their temporary password the first time they log in. Example 2: Security Policy and Standards Password Policy: Passwords are an important part of computer security at your organization. They often serve as the first line of defense in preventing unauthorized access to the organization’s computers and data. In order to define the password policy, it is important to identify the standards. 1. Multi-factor authentication 2. Password strength standard 3. Password security standards; how to keep the password secure Tips and Points to Consider When Identifying Risks or Security Vulnerabilities • • • • • • • Flaws in operating systems due to constant attack by malware Denial of services attacks Employees data theft User set a weak password or password that is easy to guess, such as a birthday or child’s name. User leaves sensitive data on an unlocked, unattended computer Organization allows sensitive data on a laptop that leaves the building Data can be accessed remotely without using proper security © 2017 Strayer University. All Rights Reserved. This document contains Strayer University Confidential and Proprietary information and may not be copied, further distributed, or otherwise disclosed in whole or in part, without the expressed written permission of Strayer University. Page 5 of 6 CIS333 – Networking Security Fundamentals Memo Outline Network Security Associates of Atlantis, Inc. 123 Watery Lane Atlantis, USVI 91199 From: IT Security Dept. Re: Security Policy Date: Section 1: General Policies and Motivation Section 2: Passwords Section 3: Biometrics Section 4: Tokens Section 5: Physical Security Section 6: Email Policies Section 7: Breach Reporting Responsibilities Section 8: Mobile Policy and BYOD (Bring Your Own Device) © 2017 Strayer University. All Rights Reserved. This document contains Strayer University Confidential and Proprietary information and may not be copied, further distributed, or otherwise disclosed in whole or in part, without the expressed written permission of Strayer University. Page 6 of 6
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Attached.

To: Employees of Mall’s Company
From: IT Security Officer
CC: Company’s Manager
Date: 07/02/2018
RE: Developing Security Policies, Standards, and Practices of the Company
Business Environment, Risk, and Reasoning
A business environment is defined as the internal and external factors that affect the way in
which an organization operates. These factors include management, customers, employees,
business regulations, supply, and demand. However, the term ‘business environment' indicates
the external institutions, factors and forces are cannot be controlled by business, and they
influence how a business enterprise functions. Such factors include the competitors, customers,
government, suppliers and the social, legal, political and technological factors. Both the internal
and external influences affect business in either a negative or a positive way. Therefore, to
control the factors affecting business, a security policy has to be created to control risks that may
face an organization such as theft of the company’s products and services.
In every organization, there is need of having a security policy has they help in playing various
roles. One of the reasons behind the creation of a security policy in an organization is to address
threats. Threats are found everywhere in business especially in IT Security. The objective of IT
security policy is to address any threats related to the system of the organization and implement
strategies on how to control such threats as well as how to recover from any threat that is
exposed any part of the organization. The other reason for creating a security policy is engaging
employees. Engagement employee in developing a policy is very important as it incorporates the
minds of various people hence coming up with a suitable policy though there are times when the
creation and implementation of policy do not need the engagement of employees due to some
reasons which are known by the management.

Assembling a Security Policy
Mall's Company shall keep a locking system to protect its community members, information,
property, and facilities. All locks electronic access cards, keys, and access codes are parts of the
Mall's Company and will be issued to every employee depending on their needs to access various
areas. Each company’s facility will be locked at all times in a day with exception of when the
employees are passing through the facility. No person is supposed to place a lock on the
company’s facility on the exterior or interior, or give their k...


Anonymous
Excellent! Definitely coming back for more study materials.

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Similar Content

Related Tags