Information Security Fundamentals

profileLoic@1313
MIS-657-RS-Information-Security-Policy-Template.docx

Information Security Policy Template

Complete the policy in alignment with one of the three organizations you explored in Part 1 of the assignment. Ensure you design the policy in accordance with the risk tolerance of the organization. The following should be included in your design.

1. Identify 20 potential risks, defining both threat (condition) and impact (consequence). Review Chapter 1 in Information Security Risk Assessment Toolkit: Practical Assessments Through Data Collection and Data Analysis when completing this portion of the assignment.

2. Define a policy to monitor (risk-seeking), control (risk-neutral), or remove (risk-averse) the risk.

Risk Assessment Table

Number

Risk Name

Threat (Condition)

Impact (Consequence)

Example

No Anti-Virus Updates

Malicious virus, worms, Trojans, hackers gaining unauthorized access

Exploiting and extracting sensitive data from end-user systems

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

Information Security Policy

Number

Risk Name

Policy

Monitor/Control/Remove

Example:

No Anti-Virus Updates

All systems will receive daily anti-virus updates via enterprise-wide application.

Control: Security analyst will monitor (report) on update status for all systems and remediate any systems missing updates.

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

© 2021. Grand Canyon University. All Rights Reserved.

2