Assignment task: You have been contracted by Globex Corp to discuss and propose Information Security Policies and a Program to protect their data and resources in view of their existing risk assessment.
1. Security Policy Overview
a proposal for Globex Corp that discusses:
1.1 The need for security policies at Globex Corp.
The discussion should include how these policies (as outlined in Question 2) will enhance Globex Corp security and help to raise their level of cyber security maturity.
1.2 Outline the following security policies:
- A security policy that would act to preserve the Confidentiality, Integrity, and Availability of their data,
- A security policy that would act to protect their data center resources, and
- A security policy that would act to educate Globex Corp in how they can protect the company's data and resources.
As part of the outline for each security policy your proposal should discuss:
- The intent and rationale and scope of the policy,
- The mandatory requirements for the rules or actions that you think are reasonable to place into this policy to meet its intent and rationale,
- Any exemptions that you think are reasonable to place into this policy to meet its intent and rationale.
2. Information Security Program
2.1 InfoSec Program
an Information Security Program and how it could benefit Globex Corp. In tabular format, define all the required functions to implement an InfoSec Program successfully.
2.2 InfoSec Organisational Diagram
Evaluate and draw an organisational diagram for Globex Corp to which you recommend their Information Security (InfoSec) should sit/report. Justify your motivation.