Assignment:
Writing an Information System Security Policy
Take a moment to review the details of this assignment below and gather any necessary files. Once you're ready to submit your assignment, move on to Step 2.
Assessment Description
Organizations will task security administrators, human resources, the legal department, and other departments to develop appropriate security policies to enhance the control, monitoring, and protection of intellectual property. Some of this protection comes from liability from a legal perspective, privilege access from a human resource protection perspective, or simply data management from a security perspective.
This assignment will guide you through the development of a comprehensive security policy that sets guidelines for the protection of information systems from malicious activity. Research various templates online to identify how organizations generate clear and concise policies that are used to create the standards, guidelines, and procedures throughout the enterprise infrastructure. Using the same fictitious organization selected in Topic 1, develop a three to four-page Information Systems Security Policy that includes the following:
1. A cover page with company logo (you may copy/paste from corporate profile)
2. A table of contents (TOC)
3. A revision page (policies are updated on a routine basis and require tracking for compliance)
4. A purpose, scope, or objective statement (that aligns with the corporate profile)
5. Identification of eight security topics such as (but not limited to): Acceptable Use Policy for End-Users, Remote Access Policy, Email Policy, Unauthorized Access, Limitations of Liability, Prohibited Uses, Logging Standards, Physical Access Control Policy, Operating System Updates, Anti-Virus Protection, Application Security, and/or Data Classification Standards.
6. For each of the selected 8 security topics, write the security policy section of a general security policy that aligns with your corporate profile.
Each topic should be a minimum of 125 words in length.
Be sure to conduct research on the syntax and verbiage of the policies, as standards, guidelines, and procedures should be derived from the policy statement.