StudyDaddy Computer Science

Answered You can buy a ready-made answer or pick a professional tutor to order an original one.

QUESTION

In this assignment, you are to create a security management policy that addresses the management and the separation of duties throughout the seven domains of a typical IT infrastructure. You are to de

In this assignment, you are to create a security management policy that addresses the management and the separation of duties throughout the seven domains of a typical IT infrastructure. You are to define what the information systems security responsibility is for each of the seven domains of a typical IT infrastructure. From this definition, you must incorporate a definition for the separation of duties into the Procedures section of the policy definition template that you will fill out later in this step. The scenario you are to work with is for the mock XYZ Credit Union/Bank:

* The organization is a regional XYZ Credit Union/Bank that has multiple branches and locations throughout the region

* Online banking and use of the Internet are the bank’s strengths, given its limited human resources

* The customer service department is the organization’s most critical business function

* The organization wants to be in compliance with the Gramm-Leach-Bliley Act (GLBA) and IT best practices regarding its employees

* The organization wants to monitor and control use of the Internet by implementing content filtering

* The organization wants to eliminate personal use of organization-owned IT assets and systems

* The organization wants to monitor and control use of the e-mail system by implementing e-mail security controls

* The organization wants to implement this policy for all the IT assets it owns and to incorporate this policy review into its annual security awareness training

* The organization wants to define a policy framework, including a security management policy defining the separation of duties for information systems security

Create the IT policy, standard, guideline, and procedure for the XYZ Credit Union/Bank organization regarding the use of personal devices (cell phones, tablets, home computers, etc.).   All of these may be contained in a single document, but each one should start on a new page.

Show more
paulkoome
paulkoome
  • @
  • 732 orders completed
ANSWER

Tutor has posted answer for $20.00. See answer's preview

$20.00

********************* policy ** ******* as *** set ** ********* **** ******** *** an ************ ******* ******** *** ******* ********* to ******* *** security objectives ***** ******** ********** **** ** ******** **** the **************** goals *** situation *** determine how *** organization **** ***** its ******** ********** This *********** of the organization’s ***** and ******** objectives ******** *** management ******** **** are ******* in nearly *** ******** practices ** ****** *** risks ********** with ***** *** ***** ************* ******** have ******* ********* *** *** based on * *** of ******** principles While ***** ********** ********** are *** necessarily ********* they ** **** implications for *** technologies **** *** **** ** ********* *** ****** **** ********* systemsThis ********* *********** security policy is a *** ********* ** *** *** ****** Union/BankOverall *********** ******** ********** ********* *** ****** be ********** alongside **** ******** information security ************* including system ***** ******** ******** ******** guidance and protocols or procedures XYZ ****** Union/Bank ** ******* ** * ******* of *********** *** ************* ***** including ***** employee fraud *** ******* ******** ************ because ** *** ****** and ****** of *********** ******** ********* the financial ************ of *** ********* *** *** ********* use of ********** ** ******* this ************** ******* ** *** ****************** ********* ************* *** ** 1999 (“GLBA”) *********** ********** ********* ** technology **** ********** *** *********** security *** Act required regulatory authorities ** ********** ********** *** ************ customer *********** ***** ********* require **** **** ********* *********** implement * comprehensive written information ******** program **** ******** ************** technical and ******** ********** appropriate ** *** size *** complexity of *** ********* *********** *** *** ****** and ***** ** *** activities ***** *** ***** ** the financial *********** *** *** ******** ** implement * ******* set ** ******** *** ******** ** *** information ******** ******* **** ** coordinatedSecurity ************* 1992 *** ************ *** ******** *********** *** Development ****** ****** a ****** of ********** intended *** *** development of **** ******** ********* and ************** ******** and ********* ***** ********** ********* ************** ******** *** is involved **** *** ******** ** information must have ******** accountability *** ***** actions2 ********* ******** **** ** **** ** **** the ********* ********* ** ******** ******** ********* and ********** *** major impetus *** this is to ******** ********** ** *********** systems3 ****** *** ****** ** ***** *********** ******* and ***** ********** ******** ********** *** **** must ** **** ** ******* *** ******* ****** and ********** interests ** ******* Multidisciplinary ********* All ******* ** ******* **** ** considered ** *** *********** of policies *** ********** ***** **** include legal technical ************** ************** *********** ********** *** educational ******** Proportionality Security measures **** ** ***** ** *** ***** ** *** *********** and *** level of **** ********* *********** ******** ******** ****** be ********** ** **** ******** *** ********* defensive ***** in *** ******** ******* ********** Everyone ****** act ******** ** * *********** *** ****** ******* **** * ******** breach ******* ************ Security mechanisms *** ***** **** ** ********** ************ to ****** **** *** organization’s ***** *** ***** **** ********* *** ******** ** *** information *** the ******* ***** it ** stored **** be ** **** **** *** ********** *** and *********** transfer ** **** informationIn addition ** *** **** security ********** **** ********** principles *** ********* to **** ** mind **** ******** policies ***** ********** ********** accountability *********** *** uniquely ********** to *** ******** systems *** ***** *** **** accountable for their ******* ************* *** security ********** **** be **** ** ***** authorizations *** ****** to ******** *********** ** ******* ***** on the ************** *** ************** of the ****** Least ********* Individuals must **** be **** ** ****** *** information that **** **** *** the completion of ***** *** **************** and only *** ** **** ** **** do **** ************* of duty Functions **** ** ******* between ****** ** ensure **** ** ****** ****** *** * ****** * ***** ************ Auditing *** **** ***** done *** the ********** ******* must be ********* ** ensure ********** **** established procedures *** *** *********** ** the **** being *********** Redundancy **** addresses the need to ensure **** *********** ** ********** **** required; *** ******* ******* ******** ****** ** different ******* ** ******* the **** for ********* ****** **** one ****** ** ************* **** ********* ** is *********** to *** that *** *** ********** ********* risk ************ the ********* is ** ****** *** **** ** **** as possibleThere *** **** * series of ***** ** ********** security ****** **** *** important to ******** **** developing *** ************ ****** ***** roles *** important ******* they ******* ************ ******* the ************ ** satisfying ********* ********** ** *** ****** ***** ***** are:1 ********** *** the person *** ******* *** ************ ********** *** *** person who ******* ****** to *** ************ ***** *** *** ** *** *** ** * *********** ** the *** ******** ****** custodian *** *** **** *** ******* access ** *** information ********** out *** ************** ****** **** ****** ** ******* **** *** *** ****** *** ********** wants ****** ** *** *********** ** complete * *** ****************** ******* ** the primary security ***** *** confidentiality ********* *** ************ *** ******** ******** *** generally ******** ****** *** ***** *** ***** *************** and ********* *************** ** concerned **** *** privacy ** and ****** ** information ** also ***** ** address *** issues ** ************ access ************ *** *********** of protected *********** ********* ** ********* **** ********** *** ************ ** *********** and ******** **** ** ******* correctly **** *** recipient **** for **

or Buy custom answer
Related Questions:

Have a similar question?

Continue to edit or attach image(s).

New questions
Homework Categories
LEARN MORE EFFECTIVELY AND GET BETTER GRADES!
Ask a Question