Overview: This case study analysis is the second of two formative tasks that will support your understanding of the key course concepts of human behaviors that could potentially cause a security threat. These case study analyses will inform your approach for the milestone tasks and the final project.
Prompt: Review the security policy template on the California Department of Technology website. For each of the six sections, summarize the content for the organization you have selected for the final project.
Specifically, the following critical elements must be addressed:
Introduction: Provide a brief description of what this policy will state and why it is needed. State the security stance of your organization.
Roles and Responsibilities: Detail the specific responsibilities of each identifiable user population, including management, employees, and residual parties.
Policy Directives: Describe the specifics of the security policy.
Enforcement, Auditing, and Reporting: State what is considered a violation and the penalties for noncompliance. The violation of a policy usually implies an adverse action that needs to be enforced.
References: List all references mentioned in the policy, including organization standards, procedures, and government codes.
Control and Maintenance: State the author and owner of the policy. Describe the conditions and process in which the policy will be reviewed. A policy review should be performed on at least an annual basis to ensure that the policy is current.