Draft: Creating and Communicating a Security Strategy
As an IT professional, you will often be required to communicate policies, standards, and practices in the workplace. For this assignment, you will practice this important task by taking on the role of an IT professional charged with creating a memo to communicate your company’s new security strategy. This week, you will submit a draft of the security strategy memo. The final version will be due in Week 6.
1. Review the essential elements of a security strategy.
• A successful IT administration strategy requires the continuous enforcement of policies, standards, and practices (procedures) within the organization. Review these elements to see how they compare:
Policy: The general statements that direct the organization’s internal and external communication and goals.
Standards: Describe the requirements of a given activity related to the policy. They are more detailed and specific than policies. In effect, standards are rules that evaluate the quality of the activity. For example, standards define the structure of the password and the numbers, letters, and special characters that must be used in order to create a password.
Practices: The written instructions that describe a series of steps to be followed during the performance of a given activity. Practices must support and enhance the work environment. Also referred to as procedures.
2. Describe the business environment.
o You are the IT professional in charge of security for a company that has recently opened within a shopping mall. Describe the current IT environment in this business. You can draw details from a company you work for now or for which you have worked in the past. You will need to get creative and identify the details about this business that will influence the policies you will create. For example, does the company allow cell phone email apps? Does the company allow webmail? If so, how will this affect the mobile computing policy? Describe all the details about this business environment that will be necessary to support your strategy.
3. Research sample policies.
o, Familiarize yourself with various templates and sample policies used in the IT field. Do not just copy another company’s security policy, but rather learn from the best practices of other companies and apply them to yours. Use these resources to help structure your policies:
Information Security Policy Templates | SANS Institute.
Sample Data Security Policies [PDF].
Additional Examples and Tips (located after the Instructions).
With the description of the business environment (the fictional company that has opened in a shopping mall) in mind and your policy review and research complete, create a new security strategy in the format of a company memo (no less than 3–5 pages) in which you do the following:
1. Describe the business environment and identify the risk and reasoning.
• Provide a brief description of all the important areas of the business environment that you have discovered in your research. Be sure to identify the reasons that prompted the need to create a security policy.
2. Assemble a security policy or policies for this business. Using the Memo Outline [PDF] as a guide, collect industry-specific and quality best practices. In your own words, formulate your fictional company’s security policy or policies. You may use online resources, the Strayer Library, or other industry-related resources such as the National Security Agency (NSA) and Security News, Trend Analysis and Opinion | Network World. In a few brief sentences, provide specific information on how your policy will support the business’ goal.
3. Develop the standards that will describe the requirements of a given activity related to the policy. Standards are the in-depth details of the security policy or policies for a business.
4. Develop the practices that will be used to ensure the business enforces what is stated in the security policy or policies and standards.
This course requires the use of Strayer Writing Standards. For assistance and information, please refer to the Strayer Writing Standards link in the left-hand menu of your course. Check with your professor for any additional instructions.
The specific course learning outcome associated with this assignment is:
• Develop a security strategy for a company.
Example 1: XYZ Inc. Company-Wide Employee Password Strategy
• All users must have a password.
• Passwords must be changed every six months.
• A password must have a minimum of six characters.
• A password must have a maximum of 12 characters.
• A password must contain letters, numbers, and special characters other than $.
• Create a password. The UserID should be an EmployeeID already generated by HR.
• Send a request to create the account to the Information Technology (IT) department.
• The user receives a temporary password.
• Users must change their temporary password the first time they log in.
Example 2: Security Policy and Standards
Password Policy: Passwords are an important part of computer security at your organization. They often serve as the first line of defense in preventing unauthorized access to the organization’s computers and data.
In order to define the password policy, it is important to identify the standards.
1. Multi-factor authentication.
2. Password strength standard.
3. Password security standards; how to keep the password secure.
Tips and Points to Consider When Identifying Risks or Security Vulnerabilities:
• Flaws in operating systems due to constant attack by malware.
• Denial of services attacks.
• Employees’ data theft.
• The user sets a weak password or password that is easy to guess, such as a birthday or child’s name.
• The user leaves sensitive data on an unlocked, unattended computer.
• The organization allows sensitive data on a laptop that leaves the building.
• Data can be accessed remotely without using proper security. For more information on Security Strategy check on this: https://en.wikipedia.org/wiki/Security_Strategy
Plagiarism Free Papers
Thehomeworkwritings.com’s team of writers write all papers from scratch. We deliver 100% original, unique papers. That’s what makes us the best custom homework writing service
We provide unlimited free revisions to all customers and on all papers. Try The Homework Writings today for the best custom homework writing service and experience in the industry.
Thehomeworkwritings.com gives clients title pages free of charge. Your only job is to fill out our order form. We will handle the rest.
As the leading essay writing service, we never submit any paper without a reference/bibliography page. We do this free of charge too.
Originality & Security
At Thehomeworkwritings.com, we take great pride in delivering only high-quality 100% original papers to all our clients. We also never share any of our clients’ information with third parties. Your data is safe with us.
24/7 Customer Support
No other custom homework writing service has a friendly, always available customer support team to respond to clients like us.
Try it now!
How it works?
Follow these simple steps to get your paper done
Place your order
Fill in the order form and provide all details of your assignment.
Proceed with the payment
Choose the payment system that suits you most.
Receive the final file
Once your paper is ready, we will email it to you.
We have the best customer support team for your essay writing needs.
You won’t find any other custom homework writing service with pricing as flexible and affordable as ours.
Admission help & Client-Writer Contact
We provide a direct line of communication with our writers for the best writing experience.
As the leading custom homework writing service, we take deadlines very seriously. You will have your paper submitted on time without any delays.
We truly value your feedback, good or bad, and always use your feedback to help us provide you with an even better custom homework writing service