Information Security Fundamentals
Information Security Policy Template
Complete the policy in alignment with one of the three organizations you explored in Part 1 of the assignment. Ensure you design the policy in accordance with the risk tolerance of the organization. The following should be included in your design.
1. Identify 20 potential risks, defining both threat (condition) and impact (consequence). Review Chapter 1 in Information Security Risk Assessment Toolkit: Practical Assessments Through Data Collection and Data Analysis when completing this portion of the assignment.
2. Define a policy to monitor (risk-seeking), control (risk-neutral), or remove (risk-averse) the risk.
Risk Assessment Table
|
Number |
Risk Name |
Threat (Condition) |
Impact (Consequence) |
|
Example |
No Anti-Virus Updates |
Malicious virus, worms, Trojans, hackers gaining unauthorized access |
Exploiting and extracting sensitive data from end-user systems |
|
1 |
|
|
|
|
2 |
|
|
|
|
3 |
|
|
|
|
4 |
|
|
|
|
5 |
|
|
|
|
6 |
|
|
|
|
7 |
|
|
|
|
8 |
|
|
|
|
9 |
|
|
|
|
10 |
|
|
|
|
11 |
|
|
|
|
12 |
|
|
|
|
13 |
|
|
|
|
14 |
|
|
|
|
15 |
|
|
|
|
16 |
|
|
|
|
17 |
|
|
|
|
18 |
|
|
|
|
19 |
|
|
|
|
20 |
|
|
|
Information Security Policy
|
Number |
Risk Name |
Policy |
Monitor/Control/Remove |
|
Example: |
No Anti-Virus Updates |
All systems will receive daily anti-virus updates via enterprise-wide application. |
Control: Security analyst will monitor (report) on update status for all systems and remediate any systems missing updates. |
|
1 |
|
|
|
|
2 |
|
|
|
|
3 |
|
|
|
|
4 |
|
|
|
|
5 |
|
|
|
|
6 |
|
|
|
|
7 |
|
|
|
|
8 |
|
|
|
|
9 |
|
|
|
|
10 |
|
|
|
|
11 |
|
|
|
|
12 |
|
|
|
|
13 |
|
|
|
|
14 |
|
|
|
|
15 |
|
|
|
|
16 |
|
|
|
|
17 |
|
|
|
|
18 |
|
|
|
|
19 |
|
|
|
|
20 |
|
|
|
© 2021. Grand Canyon University. All Rights Reserved.
2