Security Policy Paper Outline

profilesunhas
cmit320_sample_outline_v2.docx

3

CMIT320

Security Policy Paper

Week 3

Table of Contents

Introduction: GDI background and given problem……………………………………… 1

Important Assets…………………………………………………………………………. 2

Security Architecture for GDI…………………………………………………………… 3

Twenty Possible Security Policies………………………………………………………. 4

Details and Rationale of the Twenty Security Policies………………………………….. 5

Twelve Security Policies that should be Applied to GDI……………………………….. 6

Conclusion……………………………………………………………………………..… 7

References……………………………………………………………………………….. 8

Outline

I. Introduction

a. Briefly discuss the background of GDI.

b. Also, discuss about the given problem of the IT security, infrastructure, cost, etc.

II. Discuss the important assets of the company that need protection

a. Asset identification: “Identity and quantify the company’s assets” (Meyers, 2009, p. 215)

i. Important assets include:

1. Computer network equipment (Meyers, 2009, p. 215)

2. Data (Meyers, 2009, p. 215)

3. Servers, printers

4. Routers, firewalls, switches, wireless devices, etc.

b. Access control methods: sensitivity, integrity, availability (Meyers, 2009, p. 157).

c. Risk and threat assessment: “Identify and access the possible security vulnerabilities and threats” (Meyers, 2009, p. 215).

d. Identify solutions and countermeasures: “Identify a cost-effective solution to protect assets” (Meyers, 2009, p. 215).

III. Security architecture for the company

a. “The IT department should always have current diagrams of your overall network architecture on hand” (Meyers, 2009, p. 381).

IV. A list of 20 or more policies that could be applied to this situation

a. User Account Policy (Meyers, 2009, p. 170)

b. Audit Security Policy (SANS)

c. Email Security Policy (SANS)

d. Internet Security Policy (SANS)

e. Server Security Policy (SANS)

f. Wireless Security Policy (SANS)

g. Network Security Policy (SANS)

h. Physical Security Policy (SANS)

i. Remote Access Security Policy

j. Ethics Policy (SANS)

k. Privacy Policy (Meyers, 2009, p. 369)

l. Incident Response Policy (Meyers, 2009, p. 371)

m. Access Control Policy (Meyers, 2009, p. 372)

n. Separation of Duties Policy (Meyers, 2009, p. 372)

o. Password Policy (Meyers, 2009, p. 374)

p. Data Retention Policy (Meyers, 2009, p. 375)

q. Hardware Disposal and Data Destruction Policy (Meyers, 2009, p. 375)

r. Documentation policy (Meyers, 2009, p. 378)

s. Termination Policy (Meyers, 2009, p. 377)

t. Acceptable Use Policy (Meyers, 2009, p. 367)

V. Specific details and rationale of each policy from above

a. Ethics Policy – “User Education and Awareness Training” (Meyers, 2009, p. 384)

b. Documentation policy- “Standards and Guidelines for Documentation, Data Classification, document retention and storage, document destruction, system architecture, logs inventory, change management and control documentation (Meyers, 2009, p. 378-383).

c. Network Security Policy- risk and threat assessment, vulnerabilities, threats, risk, impact, probabilities, natural disasters, equipment malfunction, intruders, malicious hackers, potential loss, and threat profiles (Meyers, 2009, p. 216-218). It also includes firewall, intrusion detection system, audits, etc.

d. Wireless Security Policy- Access point security, encryption protocols, MAC address filtering, VPN, etc. (Meyers, 2009, p. 144-147).

e. Physical Security Policy- physical barriers, video surveillance and monitoring, lighting, locks, access logs, ID badges, man-trap (Meyers, 2009, p. 200-204).

VI. Review the policies and select 12 important policies that can be applied to GDI

a. Network Security Policy

b. Internet Security Policy

c. Physical Security Policy

d. Ethics Policy

e. Remote Access Security Policy

f. Incident Response Policy

g. Hardware Disposal and Data Destruction Policy

h. Wireless Security Policy

i. Password Security Policy

j. Separation of Duties Policy

k. Privacy Policy

l. Server Security Policy

VII. Conclusion

a. Conclude discussion and proposal of the security policy document.

References

Include any references here with full citations.