Choose a real or hypothetical organization, corporation (profit or nonprofit), or institution that uses IT in its
product, services, activities, and/or operations. If you work in an organization or field that could benefit from
an information network security policy, you might wish to apply the project to it.
Prepare a well-written security policy proposal for your organization that utilizes the concepts learned in the
course as a basis for your analysis and policy.
Make sure that your proposal includes the basic elements of a good security policy including:
- Introduction describing your organization and describing its mission, products/services, technical
resources, and technical strategy. - Analysis of the organization’s relationships to its clients/customers, staff, management, and owners or
other stakeholders. - A vulnerability assessment.
- Your recommendation, including:
A. Proposed remedial measures (as appropriate to the situation; these might include firewall/gateway
provisions, authentication and authorization, encryption systems, intrusion detection, virus detection,
incident reporting, education/training, etc.).
B. Proposed code of ethics or code of practice to be applied within the organization.
C. Legal/compliance requirements and description of how they will be met.
D. Proposed security policy statement/summary.