Propose a Security Policy for an Organization
Preparation: Choose a real or hypothetical organization, corporation (profit or non-profit), or institution that uses IT in its product, services, activities, and/or operations. If you work in an organization or field that could benefit from an information network security policy, you might have chosen that company to apply the project to it.
Assignment: Prepare a well-written security policy proposal for your organization that utilizes the concepts learned in the course as a basis for your analysis and policy.
Make sure that your proposal includes these basic elements of a good security policy:
An introduction that describes your organization, its mission, products/services, technical resources, and technical strategy.
Analysis of the organization’s relationships to its clients/customers, staff, management, and owners or other stakeholders.
A vulnerability assessment.
Your security policy recommendation should:
Propose remedial measures as appropriate to the situation. These might include firewall/gateway provisions, authentication and authorization, encryption systems, intrusion detection, virus detection, incident reporting, education/training, etc.
Propose a code of ethics or code of practice to be applied within the organization.
Propose legal/compliance requirements and describe how they will be met.
Propose a security policy statement/summary.