StudyDaddy Information Systems Assignment: Review this Security Policy Document (https://content.learntoday.info/Learn/HI400_Fall_13_Update/site/Media/HIM4003_Module03_workstation_security_policies.pdf). Based on the things you've

Assignment: Review this Security Policy Document (https://content.learntoday.info/Learn/HI400_Fall_13_Update/site/Media/HIM4003_Module03_workstation_security_policies.pdf). Based on the things you've

Assignment:

Review this Security Policy Document (https://content.learntoday.info/Learn/HI400_Fall_13_Update/site/Media/HIM4003_Module03_workstation_security_policies.pdf).

Based on the things you've learned this week (see Assignment, Lesson Content & Rubric) do the following:

  • For each of the three numbered items in the document, explain how that item fails to meet the standard for security policies.

  • Rewrite each of the three items in order to meet the standards for security policy documents described in the lectures this week.

Submit your completed assignment by following the directions linked below. Please check the Course Calendar for specific due dates.

Save your assignment as a Microsoft Word document.

Rubric:

Written Assignment:  Correcting a Security Policy Document:

Criteria

Points

Explain how each of the three areas fails to meet the STANDARDS for writing security policies. 

10

Rewrite each of the three sections  in order to meet the standards for security policy documents described in the lectures this week.

15

 

 

Total

25


Lesson Content:

Security Policies and Organizational Behavior

The actions we take in response to the needs of Internet security address either the threats, the risks, or the vulnerabilities in an organization. Much of the work IT professionals do is geared towards handling specific vulnerabilities, such as operating system flaws or problems with a firewall. However, a great deal of good can be accomplished by examining the threats to an organization and creating security policies that establish some structured approach to managing them.

A properly written IT security policy does the following:

  • Defines the objectives of the system in the context of the organization

  • Describes a strategy for enabling these objectives to be met.

In other words, a security policy should state what is being protected (both literally and figuratively) and how this thing should properly be used. When an organization creates security policies lacking that first element - the objectives - security policies become an unmanageable collection of rules that may or may not make sense.

Things to be cautious of regarding security policies:

  • Management must be committed to supporting the policies.

Those who control resources are motivated be their management, and without this support policies may be ignored. It is important to keep in mind that there are not a lot of people who are motivated to make things more secure. Since security in IT is inversely proportional to ease of use.

  • Policies must be kept up to date.

Out of date policies lead management (and everyone else!) into a false sense of security. If a policy has been in effect for so long that the terms of the policy no longer apply to the technology currently being used, employees may either ignore the policy or find a loop-hole to avoid having to adhere to it. For this reason IT security policies should be reviewed and updated regularly.

  • Policies should be enforceable.

In many organizations making policies enforceable is a challenge because the people writing those policies-typically the IT staff-are not in a position to create consequences for their co-workers. Two common methods for doing so, however, include:


  • Restriction of Services

An easy example of restriction of services is the way many IT organizations apply strict password rules for accounts used on their systems. If a user fails to obey those rules (for example, if they fail to change their systems. If a user fails to obey those rules (for example, if they fail to change their password within a certain period of time) the system disables the account.

  • Documentation for Management

The management documentation approach to creating consequences requires additional support from management, but for most organizations is based on a common practice. If a user disobeys a security policy related to, for example, personal use of a computer workstation, the IT staff may simply document the incident and deliver the message to the user’s supervisor.

With these issues in mind IT security policies will become an integral part of the overall security planning that protects the organization. This creates an environment of informed behavior, where the users who are authorized to interact with IT resources will not only use them properly, but will also choose to protect the organization as a whole by adhering to best practices that are in the interest of the greater good.

Have a similar question?

Continue to edit or attach image(s).

  • Fast and convenient

    Fast and convenient

    Simply post your question and get it answered by professional tutor within 30 minutes. It's as simple as that!

  • Any topic, any difficulty

    Any topic, any difficulty

    We've got thousands of tutors in different areas of study who are willing to help you with any kind of academic assignment, be it a math homework or an article.

  • 100% Satisfied Students

    100% Satisfied Students

    Join 3,4 million+ members who are already getting homework help from StudyDaddy!