Security Policy

Make sure it’s ran through Plagiarism

With reference and citation

 2-3 page (a minimum of 800 words) security policy for McBride Financial Services (located in the Virtual Organizations Portal.) Develop a policy based on perceived needs associated within the Loan Department and issues in implementing online loan applications.

2. Follow the format for an APA paper

 Please keep in mind that the focus of this paper is a "policy based on perceived needs associated within the loan department and issues in implementing online loan applications." This policy may involve both technical and procedural elements; and it is a "policy", not a recommendation, a requirements analysis, nor a security plan (see the "Is it a Policy, a Standard or a Guideline?"

 You may want to check out these links:

1. The SANS Security Policy Project:

http://www.sans.org/security-resources/policies/

2. SANS - A Short Primer for Developing Security Policies (a PDF file): http://www.sans.org/security-resources/policies/Policy_Primer.pdf

3. Introduction to Security Policies, Part Four: A Sample policy: http://www.symantec.com/connect/articles/introduction-security-policies-part-four-sample-policy

4. Defining a Security Policy: http://www.windowsecurity.com/articles/Defining_a_Security_Policy.html

5. Building and Implementing a Successful Information Security Policy (a PDF file):http://www.windowsecurity.com/pages/security-policy.pdf

6. The following link will take you to the "Tools and Templates" page of CSO online:

http://www.csoonline.com/article/486324/security-tools-templates-policies

7. An example of how a policy might be structured

I Purpose

II Definitions

III Scope

IV Policy

V Procedures

VI Sanctions

 Please see page 33 in Chapter 1 of our e-text (page numbers are located at the top of the page with even page numbers on the left and odd numbers on the right.) The section title is "Security Policy." This section provides a high-level definition of a Security Policy. The e-text goes into more details throughout the book, but you could call this the "intro."

McBride Financial Services provides low-cost mortgages to customers within a five-state area. A "Loan Department" is not specifically called out on the McBride Internet or Intranet web pages, but McBride must have a loan department because that is what they do, provide loans!

Have you ever taken out a loan, or filled out an application for credit? What type of information was requested by the loan or credit card company? Would you consider that information personal? Wouldn't you want the company to take all necessary precautions with your personal data? What about filling out a credit application online? Wouldn't you want that information secured? How would you secure it? What about the storage of the information once it has been received by the company? Who can look at the information? How would you control access to the data. Should the data be backed up in case of a catastrophe? Where? How often? Are there any compliance regulations or federal laws that deal with safeguarding client financial information?

A Security Policy addresses the who, what, when, where, why, and how of the above questions.

Okay?