week-8
Week 8 Assignment
1. Define physical, administrative, and technical IT security controls.
2. As an IT security Professional of a new company, design physical, administrative, and technical control policies that will reduce the IT security risk of the organization.
Important Note:
You must draft at 5 controls for each IT security categories. Question 2 examples are given below. It must be in tabular format. There are numerous examples in various articles over the Internets
Examples:
|
Physical Control Policies |
||
|
Policy |
Detail |
Mitigation Control |
|
Wearing of identification |
Employees must always wear |
|
|
badge |
their identification badge |
|
|
|
while in the corporate |
|
|
|
environment for proper |
|
|
|
identification. |
|
|
Administrative Control Policies |
||
|
Policy |
Detail |
Mitigation Control |
|
New hire must be provided |
New hire must be given a |
|
|
with a copy of the corporate |
copy and of the corporate |
|
|
security policy |
security policy. They must |
|
|
|
sign a receipt form to |
|
|
|
acknowledge the receipt of the |
|
|
|
policy |
|
|
Technical Control Policies |
||
|
Policy |
Detail |
Mitigation Control |
|
Change Management policy |
An IT employee must get proper approval for any changes that must be made in the IT Server/Application environments |
|