This is a paper requiring the student to complete the IT-373 network security assignment. The paper also provides additional instructions to use in the writing of the assignment paper. Below is the assessment description for the paper:
Complete the IT-373 network security assignment
Final Exam Project
Designing Security Policy for a Named Company of Your Choice
Definition of a Policy
By definition, security policy refers to clear, comprehensive, and well-defined plans, rules, and also practices that regulate access to an organization’s system and the information included in it. Good policy protects not only information and systems, but also individual employees and the organization as a whole.
A policy generally has these characteristics:
Communicates a consensus of judgment
Defines appropriate behavior for users
Identifies what tools and procedures
Provides directives for Human Resources action in response to inappropriate behavior
May be helpful if it is necessary to prosecute violators
Purpose. The purpose of this project is to ensure that appropriate measures are put in place to protect “Your Company’s” information and the Information Technology Services (ITS) systems, and equipment of the infrastructure.
a. Students are required to select a company of their choice. It could be an existing company or your own creation. This is an individual project; not a group project!
For the company/organization you selected or made up, create a comprehensive Security Policy you deem appropriate to address all aspects of their infrastructure. Please bear in mind that the purpose of this document is to ensure that appropriate measures are put in place to protect corporate information and the Information Technology Services (ITS) systems, services, and also equipment of “Your Company” and associated infrastructure. This means that the policy aspects you select should address all the functional areas of the organization.
Firstly, conduct a brief research of the company you intend to use for this project to learn more about their security functional areas. This will help you to determine the policy aspects you should use. Policy Templates designed for this purpose are available for use by the public from the SANS website at no cost (pages 4 – 5). Secondly, a minimum of TWELVE aspects must be from all the FOUR major functional security areas (General Security, Network Security, Server Security, Application Security). Many of the Aspects listed in each main Security Functional area also have sub-categories, so you may have to dig further down to download those specific policy documents. Don’t use any policy that is not applicable to “Your Company”. For example, there is no need to use the Lab Security Policy if your company doesn’t have a lab.