Question
Operations Security Course Project
Course Project
ISOL 631, Summer 2019
For this project, explain how to apply the information
technology security policies to a large organization, based on that
organization’s type.
There are three types basic types of organizations:
· Government Facility
· Hospital/Large Clinic
· Business
Choose an organization type and consider that the basis of
your scenario. Imagine you are creating information technology
security policies in this scenario. You will create a short paper
describing the relevant needs and issues, the recommended
structure, and how security policies should be implemented. See the
outline below for specific content requirements.
There is a word limit—1000-1500 words is the target. It will
be difficult to fully address each topic in the outline in a short
way, but keeping writing concise and organized is an important
workforce skill. To keep within the target word-count range, limit
yourself to 100-150 words per section of the outline. An exception
is outline #6, which would require 300 or more words.
Outline of Paper, with Specific Content Requirements:
1. Identify the relevant business drivers for your
chosen scenario. A business driver is something that
affects whether an organization can be successful. The textbook
lists things like cost and customer satisfaction. Consider
especially business drivers relevant to IT security, like
mitigating risk exposure, mitigating liability of the organization,
etc.
2. For each of the laws in chapter 3, first identify whether
the law must be applied to your scenario, and second why or why not
this law is relevant. Consider especially industrial standards,
like PCI DSS, No. 16 (SSAE16), and ITIL.
3. Discuss the Seven Domains of IT Responsibility and their
application. Identify which domains are MOST applicable and explain
why. If that domain is not very applicable, explain why not.
4. Identify what policy implementation issues may affect your
scenario, such as motivation, leadership, values, whether the
organization is likely hierarchical or flat, etc.
5. Every business is a little different, so for this item on
the outline, review chapter 6 and select which framework aspects
you would focus on for that scenario’s security policy. Identify
and justify based on the scenario the appropriate type of IT
security policy frameworks that should be implemented. Also include
information assurance considerations—confidentiality, integrity,
and availability.
6. Identify how to design, organize, implement, and maintain
appropriate IT security policies. Since there are so many policies
possible, choose just 4-5 policies to focus on for this section.
Also include how you would organize the document of policies. For
reference, see pages 182-190 for guidelines of what would be
included in a policy and how it would be organized. Do not write
the polices themselves—you do not have detailed information about
the scenario to enable you to do that. Just briefly explain the
process. Possible policies:
a.
b. Acceptable Use
c. Access Control
d. Asset Protection/Management
e. Continuity & Disaster Recovery
f. Data Classification Standard & Encryption
g. Internet Ingress/Egress Traffic
h. Mandated Security Awareness Training
i. Production Data Backup
j. Remote Access
k. Vulnerability Management & Vulnerability Window
l. Threat Assessment & Management
m. WAN Service Availability
7.
8. Identify the IT security policy framework approach you
would use and why. Also include the User domain policy you would
use and the most appropriate IT infrastructure security policy.
9. For a Risk Management policy and Incident Response Team
(IRT) policies, identify the type of policy you would select for
each and justify why.
10. Discuss the appropriate method to implement and maintain
the IT security policy framework, including compliance technologies
needed.
There are usually multiple ways apply the course content to
your scenario. You will be graded on how well you explain and
justify your choices based on the needs of your scenario.
Other samples, services and questions:
When you use PaperHelp, you save one valuable — TIME
You can spend it for more important things than paper writing.
