Lab 3 developing a security policy framework implementation plan

Part 1: Research Security Policy Frameworks (0/2 completed)

Note: In this part of the lab, you will review internet resources on security policy frameworks in order to form a basis for their purpose and usage. Understanding the reason behind a security policy framework is key to understanding the component policies and procedures. Please take the time to review the research thoroughly and think through the concepts behind the framework itself.

1. In your browser, navigate to https://www.sans.org/reading-room/whitepapers/policyissues/information-security-policy-development-guide-large-small-companies-1331.

2. Read Sections 1-5 of the SANS Policy Development Guide.

3. Summarize the Policy Development Guide’s recommendations for organizing a policy hierarchy and selecting policy topics.

Note: It is important to understand how and why a policy differs from a standard, a procedure, and a guideline. From the top down, the policy should not change or need modification unless a major shift in corporate values or business process occurs. On the contrary, guidelines should be reviewed, and possibly changed, often.

Similarly, even though a policy should be written clearly and concisely, it is a high-level document answering the “why” questions. Standards are also high level, but they answer the “what” questions. Finally, the procedures and guidelines provide the “how.”

Examples of security policy and guideline templates are available from the SANS Institute at https://www.sans.org/information-security-policy/.

In the next steps, you will learn about COBIT 2019, a popular industry-standard policy framework.

4.  In your browser, navigate to https://www.cio.com/article/3243684/what-is-cobit-a-framework-for-alignment-and-governance.html.

5. Describe the core principles and objectives of COBIT 2019.

Part 2: Define a Security Policy Framework (0/2 completed)

Note: Understanding both unique and universal risks to your organization’s IT infrastructure is essential to developing an appropriate IT security policy framework for your organization. In this part of the lab, you will review a list of risk, threats, and vulnerabilities and define appropriate policies to mitigate them. Next, you will organize your policies into a policy framework.

1. Review the following list of risks, threats, and vulnerabilities at the fictional Healthwise Health Care Company.

  • Unauthorized access from public Internet
  • Hacker penetrates IT infrastructure
  • Communication circuit outages
  • Workstation operating system (OS) has a known software vulnerability
  • Unauthorized access to organization-owned data
  • Denial of service attack on organization’s e-mail
  • Remote communications from home office
  • Workstation browser has software vulnerability
  • Weak ingress/egress traffic-filtering degrades performance
  • Wireless Local Area Network (WLAN) access points are needed for Local Area Network (LAN) connectivity within a warehouse
  • User destroys data in application, deletes all files, and gains access to internal network
  • Fire destroys primary data center
  • Intraoffice employee romance gone bad
  • Loss of production data
  • Need to prevent rogue users from unauthorized WLAN access
  • LAN server OS has a known software vulnerability
  • User downloads an unknown e-mail attachment
  • Service provider has a major network outage
  • User inserts a USB hard drive with personal photos, music, and videos on organization-owned computers
  • Virtual Private Network (VPN) tunneling between the remote computer and ingress/egress router

2. For each risk, threat, or vulnerability in the list above, select an appropriate security policy that might help mitigate it. You can select one of the SANS policies or choose one from the following list.

Security Policies

  • Acceptable Use Policy
  • Access Control Policy
  • Business Continuity—Business Impact Analysis (BIA) Policy
  • Business Continuity and Disaster Recovery Policy
  • Data Classification Standard and Encryption Policy
  • Internet Ingress/Egress Traffic Policy
  • Mandated Security Awareness Training Policy
  • Production Data Backup Policy
  • Remote Access Policy
  • Vulnerability Management and Vulnerability Window Policy
  • Wide Area Network (WAN) Service Availability Policy

3. Organize the security policies you selected so that they can be used as part of an overall framework for a layered security strategy.

Challenge Exercise (0/2 completed)Note: The following challenge exercise is provided to allow independent, unguided work – similar to what you will encounter in a real situation.

A user at Digital Innovation Products has been using company network resources to download torrent files onto a USB drive and transfer those files to their home computer. IT tracked down the torrent traffic during a recent network audit. Unfortunately, the company does not have a current policy that restricts this type of activity.

Identify at least two appropriate policies that should be in place to define this type of behavior and the consequences thereof.

Write a brief overview for C-level executives explaining which policies should be added to the company’s overall security policy framework, why they should be added, and how those policies could protect the company.

Calculate the price of your order

Choose an academic level, add pages, and the paper type you want.
To reduce the cost of our essay writing services, select the lengthier deadline.
We can't believe we just said that to you.

550 words
We'll send you the first draft for approval by September 11, 2018 at 10:52 AM
Total price:
$26
The price is based on these factors:
Academic level
Number of pages
Urgency
Basic features
  • Free title page and bibliography
  • Unlimited revisions
  • Plagiarism-free guarantee
  • Money-back guarantee
  • 24/7 support
On-demand options
  • Writer’s samples
  • Part-by-part delivery
  • Overnight delivery
  • Copies of used sources
  • Expert Proofreading
Paper format
  • 275 words per page
  • 12 pt Arial/Times New Roman
  • Double line spacing
  • Any citation style (APA, MLA, Chicago/Turabian, Harvard)

Our guarantees

Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.

Money-back guarantee

You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.

Read more

Zero-plagiarism guarantee

Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.

Read more

Free-revision policy

Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.

Read more

Privacy policy

Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.

Read more

Fair-cooperation guarantee

By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.

Read more

Why is Purdue Papers the Most Helpful Essay Writing Service for You?

  1. Custom-written and plagiarism-free papers: Our authors create their work from scratch. Before presenting them to clients, we routinely verify them for signs of plagiarism. Our quality assurance group also double-checks and fixes any grammatical errors, assuring that all of our authors adhere to the same standards of writing.
  2. The significance of timely delivery cannot be overstated, and we consistently strive to meet or exceed our clients' deadlines. Regardless of the short time frame, you can count on our writers to get the job done. We always have a team of writers ready to go, even if the deadline is only six hours away.
  3. Customer Satisfaction: Our customer service representatives are the best in the business and have a wealth of knowledge in dealing with clients. All our customer service representatives are trained to listen and reply promptly until you are satisfied with their service. To ensure you're happy, our expert writers will strictly follow the criteria to generate a special report. Our customer service may be contacted by chat, email, or phone. In addition, we provide round-the-clock assistance to all of our clients.
  4. Confidentiality: Our systems are safe, and your information is always protected. We're constantly looking for new facts when it comes to finishing your work. We use a safe and secure payment channel. Since our ordering process is completely anonymous, you don't have to provide any credit card information to place a purchase with us.
  5. Highly Trained Authors: Our writers have received extensive training and are committed to delivering only the best papers. They are fluent in APA, MLA, HARVARD, IEEE, CHICAGO, and AMA referencing styles. To meet your expectations, our skilled writers always pay close attention to your instructions.
  6. Lowered prices: We have set prices that are already discounted. Our prices are the best and affordable for all our esteemed customers.

Let Professionals Take Care of your Academic Paper