As an IT professional, you will often be required to communicate policies, standards, and practices in theworkplace. For this assignment, you will practice this important task by taking on the role of...

1 answer below »

As an IT professional, you will often be required to communicate policies, standards, and practices in theworkplace. For this assignment, you will practice this important task by taking on the role of an ITprofessional charged with creating a memo to communicate your company’s new security strategy. This week, you will submit a draft of the security strategy memo. The final version will be due in Week 6.



Preparation



  1. Review the essential elements of a security strategy.




    • A successful IT administration strategy requires the continuous enforcement of policies, standards, and practices (procedures) within the organization. Review these elements to see how they compare:







      • Policy:The general statements that direct the organization’s internal and externalcommunication and goals.


      • Standards:Describe the requirements of a given activity related to the policy. They are moredetailed and specific than policies. In effect, standards are rules that evaluate thequality of the activity. For example, standards define the structure of the passwordand the numbers, letters, and special characters that must be used in order tocreate a password.


      • Practices:The written instructions that describe a series of steps to be followed during theperformance of a given activity. Practices must support and enhance the workenvironment. Also referred to as procedures.



  1. Describe the business environment.




    • You are the IT professional in charge of security for a company that has recently opened within ashopping mall. Describe the current IT environment inthis business. You can draw details from acompany you work for now or for which you have worked in the past. You will need to get creative andidentify the details about this business that will influence the policies you will create. For example, does thecompany allow cell phone email apps? Does the company allow web mail? If so, how will this affect themobile computing policy? Describe all the details about this business environment that will be necessaryto support your strategy.


  1. Research sample policies.




    • Familiarize yourself with various templates and sample policies used in the IT field. Do not just copyanother company’s security policy, but rather learn from the best practices of other companies and applythem to yours. Use these resources to help structure your policies:







Instructions


With the description of the business environment (the fictional company that has opened in a shoppingmall) in mind and your policy review and research complete, create a new security strategy in the formatof a company memo (no less than 3–5 pages) in which you do the following:



  1. Describe the business environment and identify the risk and reasoning.




    • Provide a brief description of all the important areas of the business environment that you havediscovered in your research. Be sure to identify the reasons that prompted the need to create asecurity policy.


  1. Assemble a security policy or policies for this business. Using theMemo Outline [PDF]as a guide,collect industry-specific and quality best practices. In your own words, formulate your fictionalcompany’s security policy or policies. You may use online resources, the Strayer Library, or otherindustry-related resources such as theNational Security Agency(NSA) andSecurity News, Trend Analysis and Opinion | Network World. In afew brief sentences, provide specific information on how your policy will support the business'goal.

  2. Develop the standards that will describe the requirements of a given activity related to the policy.Standards are the in-depth details of the security policy or policies for a business.

  3. Develop the practices that will be used to ensure the business enforces what is stated in thesecurity policy or policies and standards.


This course requires the use of Strayer Writing Standards. For assistance and information, please refer to the Strayer Writing Standards link in the left-hand menu of your course. Check with your professor for any additional instructions.


The specific course learning outcomeassociated with this assignment is:



  • Develop a security strategy for a company.


draft-5x40fob5.docx
Answered Same DayAug 28, 2021

Answer To: As an IT professional, you will often be required to communicate policies, standards, and practices...

Neha answered on Aug 29 2021
143 Votes
Security Policy
Introduction
This organization has recently opened their company inners shopping mall we have penny toys in the counter Hua king in the shopping mall. They're having the routers and multiple laptops. They are storing information about their employees who are international and national, and it is important for keep their data safe. They are using mail to communicate with the customers.
Purpose
The purpose of this policy is to protect sensitive, separated and confidential data. The data needs to be kept secure from air loss so that they can avoid the reputation damage and also avoid the impact over customers. It is very critical for the company to protect the data and also have flexibility for accessing it. It is very critical to work with the sensitive data effectively. It is not anticipated that this technology is able to effectively deal with the malicious theft scenario or we can rely on it. The primary objective is to have user awareness and avoid the accidental scenarios.
Scope
· Any individual, employee or the contractor will be able to access the data or system.
· It is important to protect the definition of the data which means we should identify the types of data and provide examples to the users so that they are able to identify it. The data can be sensitive or restricted, confidential and financial.
· Employees to be provided complete awareness training for the security of data and they should agree to uphold the acceptable use of this policy.
· If the employee identifies any unknown individual, then it should be notified immediately.
· The visitors should be escorted by the erase employee all. The person who is responsible for escorting the visitor then they should restrict them from heading into related area. The employee is also required not to reference the content of the sensitive data publicly. The use of the external email system will not be allowed to distribute the...
SOLUTION.PDF
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here
Have files?