Create a Security Policy
Unit 1 Assignment: Create a Security Policy
Outcomes addressed in this activity:
Unit Outcomes:
Articulate the basic purpose of a security policy.
Define common data protection terminology.
Describe the components of a security policy.
Analyze a security policy to identify omissions and errors.
Develop a security policy for a business.
Course Outcome:
IT540-1: Implement a computer network security policy.
Purpose
This assignment will help solidify and reinforce the concepts you studied in the unit involving the development of a computer network security policy.
Assignment Instructions
Part 1: Devise a Security Policy
Think about a business you are familiar with that uses networks and computers to support business functions. Create a list of 10 important, specific items. The list might contain items such as the following:
Components — Servers, computers, mobile devices, IoT devices, other equipment, etc.
Information — Sales data, client data, financial data, etc.
Network configuration
Identify the threats these important items are subject to. Devise a security policy to mitigate that threat. Document your analysis process. Note that this information will be useful moving forward, so develop it fully at this time.
Part 2: Security Policy Assessment
Read the following mini-security policy. Assess this security policy in four major areas. What is missing, incomplete, inaccurate, or ill-advised?
R&D Financial Services, LLC Security Policy
Each document should have a footer or header identifying the level of sensitivity. Suggested sensitivity levels are unrestricted and client sensitive.
Email clients should enable SSL encryption for ActiveSync, POP3 and SMTP. SSL should also be used for web-based email. That way, regardless of where people work, their email traffic will not expose any data to network eavesdropping techniques. If client confidential data must be emailed amongst any third-party firms and/or consultants, the file should be encrypted, perhaps using a cross-platform product such as PGP or S/MIME, so that data cannot be read from email servers along the way.
File servers with shared folders should have access controls enabled to only members of the authorized group. Shared folders should also be encrypted so that physical theft of the server, its hard drives, or the backups will not compromise data confidentiality.
Periodic backups will be made of server hard drives and stored offsite in a secure location such as a safety deposit box. Access to the backups will be shared.
Only a select few consultants under contract with R&D Financial Services, LLC will be given the file server Administrator account password. Laptop computers will not automatically login the administrator and each account will be password protected. Local folders containing client sensitive data should be encrypted so that theft of the laptop or its hard drive will not compromise data confidentiality.
Portable storage devices, such as USB and thumb drives, may be used to store client sensitive documents if they are stored in encrypted folders or drive images.
Laptop computers will have screen savers enabled with password protection. Users will switch on their screen saver to lock the computer when they walk away from it.
Passwords should be chosen wisely, i.e., common dictionary words would not be used.
Assignment Requirements
Answers contain sufficient information to adequately answer the questions
No spelling errors
No grammar errors
Note: Two points will be deducted from grade for each occurrence of not meeting these requirements.
Collepals.com Plagiarism Free Papers
Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.
Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS
Why Hire Collepals.com writers to do your paper?
Quality- We are experienced and have access to ample research materials.
We write plagiarism Free Content
Confidential- We never share or sell your personal information to third parties.
Support-Chat with us today! We are always waiting to answer all your questions.