Name
Strayer University
Security Policy Development
CIS 359 – Disaster Recovery Management
Assignment 5: Security Policy Development
Due Week 10 and worth 75 points
You have been tasked with developing a comprehensive set of security policies for your
organization to ensure the protection of sensitive data and the compliance with industry
regulations.
Write a paper in which you:
1. **Explain the importance of security policies in an organization's information security program.
Discuss how security policies help protect sensitive data and support compliance efforts.
2. **Identify at least five (5) key security policies that your organization should implement. For
each policy, explain its purpose, scope, and the specific security controls or measures it should
include.
3. **Discuss the process of policy development, including the key steps and stakeholders involved.
Explain how policies should be communicated, reviewed, and updated over time.
4. **Explain the role of security awareness training in ensuring policy compliance. Discuss how
employees should be educated about the organization's security policies.
5. **Discuss the potential challenges and obstacles in enforcing security policies within an
organization. Explain how these challenges can be addressed.
6. **Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar
Websites do not qualify as quality resources.
Your assignment must follow these formatting requirements:
Be typed, double-spaced, using Times New Roman font (size 12), with one-inch margins on all sides;
citations and references must follow APA or school-specific format. Check with your professor for any
additional instructions.
Include a cover page containing the title of the assignment, the student’s name, the professor’s name,
the course title, and the date. The cover page and the reference page are not included in the required
assignment page length.
The specific course learning outcomes associated with this assignment are:
Explain the importance of security policies in an organization's information security program.
Identify and develop key security policies for an organization.
Describe the process of policy development and maintenance.
Explain the role of security awareness training in policy compliance.
Grading for this assignment will be based on answer quality, logic / organization of the paper, and
language and writing skills, using the following rubric.
Points: 75 Assignment 5: Security Policy Development
Criteria Unacceptable
Below 60% F
Meets
Minimum
Expectations
60-69% D
Fair
70-79% C
Proficient
80-89% B
Exemplary
90-100% A
1. Explain the basic
primary tasks, ongoing
evaluations, and major
policy and procedural
changes that would be
needed to perform as
the BC lead / manager.
Weight: 20%
Did not submit or
incompletely
explained the
basic primary
tasks, ongoing
evaluations, and
major policy and
procedural
changes that
would be needed
to perform as the
BC lead /
manager.
Insufficiently
explained the
basic primary
tasks, ongoing
evaluations,
and major
policy and
procedural
changes that
would be
needed to
perform as the
BC lead /
manager.
Partially
explained the
basic primary
tasks, ongoing
evaluations,
and major
policy and
procedural
changes that
would be
needed to
perform as the
BC lead /
manager.
Satisfactorily
explained the
basic primary
tasks, ongoing
evaluations,
and major
policy and
procedural
changes that
would be
needed to
perform as the
BC lead /
manager.
Thoroughly
explained the
basic primary
tasks, ongoing
evaluations,
and major
policy and
procedural
changes that
would be
needed to
perform as the
BC lead /
manager.
2. Provide insight on
how to plan the
presentation to garner
management and
