1 / 50100%
Name
Strayer University
Security Policy Review and Revision
CIS 359 – Disaster Recovery Management
Assignment 19: Security Policy Review and Revision
Due Week 7 and worth 75 points
As the Information Security Manager for a large organization, you have been tasked with conducting a
comprehensive review and revision of the organization's existing security policies. The goal is to ensure
that the policies are up to date and aligned with current cybersecurity best practices and regulatory
requirements.
Write a paper in which you:
1. Policy Review: Conduct a detailed review of the organization's existing security policies,
including but not limited to Acceptable Use Policy, Data Classification Policy, Password Policy,
and Incident Response Policy. Evaluate the policies' clarity, relevance, and alignment with
industry standards and best practices.
2. Regulatory Compliance: Assess whether the existing security policies align with relevant industry
standards and regulatory requirements, such as ISO 27001, NIST Cybersecurity Framework,
GDPR, or sector-specific guidelines. Identify any gaps or areas of non-compliance.
3. Policy Governance: Analyze the governance structure surrounding security policies. Consider the
roles and responsibilities of policy owners, reviewers, and approvers. Evaluate the process for
policy updates and revisions.
4. Policy Enforcement and Communication: Evaluate how the security policies are enforced within
the organization. Describe the mechanisms for monitoring and enforcing policy compliance.
Assess how policies are communicated to employees and whether training and awareness
programs are in place.
5. Incident Response Preparedness: Examine the Incident Response Policy to determine whether it
provides clear guidance on how to respond to cybersecurity incidents. Assess whether it
includes procedures for reporting incidents and coordinating response efforts.
6. References: Use at least three (3) quality resources to support your security policy review and
revision. Ensure that your sources are reputable and relevant to security policy best practices.
Your assignment must follow these formatting requirements:
Be typed, double-spaced, using Times New Roman font (size 12), with one-inch margins on all sides;
citations and references must follow APA or school-specific format. Check with your professor for any
additional instructions.
Include a cover page containing the title of the assignment, your name, the professor's name, the course
title, and the date. The cover page and the reference page are not included in the required assignment
page length.
Use appropriate headings and subheadings to organize the content.
Use visual aids, such as tables or charts, to illustrate key elements of the policy review and revision
recommendations, if applicable.
The specific course learning outcomes associated with this assignment are:
Evaluate the effectiveness of security policies in addressing current cybersecurity challenges.
Analyze the alignment of security policies with industry standards and regulatory requirements.
Assess the governance and enforcement of security policies within an organization.
Develop recommendations for improving security policies to enhance cybersecurity.
Use technology and information resources to research issues in security policy review and revision.
Write clearly and concisely about security policy review and revision topics using proper writing
mechanics and technical style conventions.
Grading for this assignment will be based on answer quality, logic / organization of the paper, and
language and writing skills, using the following rubric.
Points: 75 Assignment 19: Security Policy Review and Revision
Criteria Unacceptable
Below 60% F
Meets
Minimum
Expectation
s
60-69% D
Fair
70-79% C
Proficient
80-89% B
Exemplary
90-100% A
1. Detail the DR team
roles, responsibilities,
and sub teams that
would be implemented
and construct an
organizational chart for
the team through the
use of graphical tools
in Visio, or an open
source alternative such
as Dia.
Weight: 35%
Did not submit or
incompletely
detailed the DR
team roles,
responsibilities,
and sub teams
that would be
implemented and
did not submit or
incompletely
constructed an
organizational
chart for the team
through the use
of graphical tools
in Visio, or an
open source
alternative such
as Dia.
Insufficiently
detailed the DR
team roles,
responsibilities,
and sub teams
that would be
implemented
and
insufficiently
constructed an
organizational
chart for the
team through
the use of
graphical tools
in Visio, or an
open source
alternative
such as Dia.
Partially
detailed the DR
team roles,
responsibilities,
and sub teams
that would be
implemented
and partially
Students also viewed