1 / 64100%
Name
Strayer University
Assignment 9: Security Policy Development
CIS 359 – Disaster Recovery Management
Assignment 9: Security Policy Development
Due Week 7 and worth 75 points
Imagine you are the Chief Information Security Officer (CISO) for a financial institution. Your
organization has identified the need to develop and update security policies to address current and
emerging cybersecurity threats. Your task is to create a comprehensive set of security policies that will
safeguard the organization's sensitive data and information systems.
Write a paper in which you:
1. Policy Framework and Structure: Describe the framework and structure that will be used to
develop and organize the security policies. Explain how the policies will be categorized and
grouped based on their focus areas.
2. Policy Development Team: Detail the roles and responsibilities of the policy development team,
including the CISO, policy owners, and reviewers. Explain how these roles will collaborate to
ensure effective policy development.
3. Policy Review and Approval Process: Outline the process for reviewing and approving security
policies within the organization. Describe the criteria that will be used to evaluate policy
effectiveness and compliance.
4. Policy Content: Create a list of security policies that need to be developed, such as Acceptable
Use Policy, Data Classification Policy, and Incident Response Policy. For each policy, provide a
brief description of its purpose and key elements.
5. Policy Communication and Training: Explain how the security policies will be communicated to
employees and stakeholders. Describe the training programs and awareness campaigns that will
support policy understanding and adherence.
6. Policy Enforcement and Monitoring: Discuss the mechanisms and tools that will be used to
enforce security policies. Explain how policy violations will be detected and the consequences for
non-compliance.
7. Policy Maintenance and Updates: Describe the procedures for maintaining and updating security
policies to address evolving threats and technologies. Explain how feedback and incident reports
will be used to inform policy revisions.
8. Executive Summary: Draft an executive summary of the security policy development process.
Explain the importance of security policies to the organization, their role in protecting sensitive
data, and provide a high-level overview of the key components.
9. References: Use at least three (3) quality resources to support your security policy development.
Ensure that your sources are relevant to security policy best practices.
Your assignment must follow these formatting requirements:
Be typed, double-spaced, using Times New Roman font (size 12), with one-inch margins on all sides;
citations and references must follow APA or school-specific format. Check with your professor for any
additional instructions.
Include a cover page containing the title of the assignment, your name, the professor's name, the course
title, and the date. The cover page and the reference page are not included in the required assignment page
length.
Use appropriate headings and subheadings to organize the content.
Include any necessary diagrams or flowcharts to illustrate key processes within the policy development
framework. Ensure that these diagrams are imported into the Word document before submission.
The specific course learning outcomes associated with this assignment are:
Develop a comprehensive set of security policies for an organization.
Analyze the roles and responsibilities of key personnel in security policy development.
Evaluate the importance of policy enforcement, monitoring, and updates in maintaining security.
Use technology and information resources to research issues in security policy development.
Write clearly and concisely about security policy development topics using proper writing mechanics and
technical style conventions.
Grading for this assignment will be based on answer quality, logic / organization of the paper, and
language and writing skills, using the following rubric.
Points: 75 Assignment 9: Security Policy Development
Criteria Unacceptable
Below 60% F
Meets
Minimum
Expectations
60-69% D
Fair
70-79% C
Proficient
80-89% B
Exemplary
90-100% A
1. Detail the DR
team roles,
responsibilities, and
sub teams that
would be
implemented and
construct an
organizational chart
for the team through
the use of graphical
tools in Visio, or an
open source
alternative such as
Dia.
Did not submit
or incompletely
detailed the DR
team roles,
responsibilities,
and sub teams
that would be
implemented
and did not
submit or
incompletely
constructed an
organizational
chart for the
Insufficiently
detailed the
DR team
roles,
responsibiliti
es, and sub
teams that
would be
implemented
and
insufficiently
constructed
an
organizationa
Partially
detailed the
DR team
roles,
responsibilitie
s, and sub
teams that
would be
implemented
and partially
constructed an
organizational
chart for the
team through
Satisfactorily
detailed the
Students also viewed