This is the practical connection assignment for this course. For this assignment, you will write a security policy for the organization of your choice. This organization should not be named, but you do need to describe the type of organization that it is and consider the organizational implications that will influence the development of your security policy. This project will consist of a high-level security policy describing the overall approach to enabling information security for your organization. This should include the following sections:
- Title Page
- Table of Contents
- Organizational Description (~1 page) – Describe the organization and the organizational considerations that will influence information security
- Security Approach (~0.5 page) – Describe the high-level approach to providing information security for the organization
- Definition of Associated Policies (~1 page) – Define and describe the associated information security policies (e.g. Acceptable Use Policy, Remote Access Policy, Employee Training Policy)
- Definition of Security Processes (~1 page) – Define and describe the security processes that will be used to implement and enforce this security policy (e.g. Incident Response Process, Risk Assessment Process)
- Definition of Security Standards (~0.5 page) – Define and describe the standards that are relevant and will govern the implementation of information security within the organization (e.g. NIST, HIPPA)
- Definition of Security Systems (~1 page) – Define the security systems (e.g. Firewall, VPN) that will be deployed within your network infrastructure and describe how they will be used to security the network.
- Reference Page