Preparation: Choose a real or hypothetical organization, corporation (profit or non-profit), or institution that uses IT in its products, services, activities, and/or operations. If you work in an organization or field that could benefit from an information network security policy, you might wish to apply the project to it.
Assignment: Prepare a well-written security policy proposal for your organization that utilizes the concepts learned in the course as a basis for your analysis and policy.
Make sure that your proposal includes the basic elements of a good security policy including:
1. Introduction describing your organization and its mission, products/services, technical resources, and technical strategy
2. Analysis of the organization's relationships to its clients/customers, staff, management, and owners or other stakeholders
3. A vulnerability assessment
4. Your recommendation, including:
5. a. Proposed remedial measures (as appropriate to the situation; these might include firewall/gateway provisions, authentication and authorization, encryption systems, intrusion detection, virus detection, incident reporting, education/training, etc.
6. b. Proposed code of ethics or code of practice to be applied within the organization
7. c. Legal/compliance requirements and description of how they will be met
8. d. Proposed security policy statement/summary
Important: Your proposal must justify every element in ethical and legal terms. In other words, you need to state why each policy/code element (including technical elements) is good for business and why it is good/sound ethical policy (i.e., how it is good for the organization and why it is good for customers, users, or employees, or the public). Also identify any ethical/legal tensions, conflicts, and/or contradictions and justify any trade-offs being made in the recommendation.
Discuss and cite at least three credible or scholarly sources other than the course textbooks (which can be cited as well) to support your analysis and policy choices. The CSU-Global Library is a good place to find credible and scholarly sources. Your paper should be 8-10 pages long with document and citation formatting per CSU-Global Guide to Writing and APA Requirements.
Recommendation: It is recommended that students review Chapter 8 in the course textbook, which is required reading for Module 6, early in the term and apply the knowledge therein to planning and drafting the Portfolio Project. In Chapters, 8, 10, and 12, Kizza (2014) discussed the role of a security policy in the compliance of an organization. He observed that in response to public outcry in the 1990s, governments went on a binge passing laws to regulate the new Internet. But privacy advocates pushed back and by the early 2000s, the result of much politicking was a mixed system of sectoral laws (dealing with specific situations) and largely voluntary norms. These norms were adopted by organizations and enshrined in security and privacy policies regarding data and networking. Kizza (2014) made the point that, "A good, balanced and unified approach to information security compliance consists of a good security policy that effectively balances and enforces core information security and compliance elements" (p. 199).
Incremental Deliverable due by 11:59 PM on Sunday of Week 2
Submit a brief description of the "real or hypothetical organization, corporation (profit or non-profit), or institution that uses IT in its product, activities, or operations" that will serve as the scenario for your Portfolio Project. If you work or have worked for an organization could benefit from an information network security policy, consider using your place of employment as the scenario for your project.
Your description should be at least a paragraph and no more than a page in length.