Scenario  The organization is a regional XY

Scenario

 The organization is a regional XYZ Credit Union/Bank that has multiple branches and locations

throughout the region.

 Online banking and use of the Internet are the bank’s strengths, given limited its human

resources.

 The customer service department is the organization’s most critical business function.

 The organization wants to be in compliance with Gramm-Leach- Bliley Act (GLBA) and IT security

best practices regarding its employees.

 The organization wants to monitor and control use of the Internet by implementing content

filtering.

 The organization wants to eliminate personal use of organization-owned IT assets and systems.

 The organization wants to monitor and control use of the e-mail system by implementing e-mail

security controls.

 The organization wants to implement this policy for all the IT assets it owns and to incorporate

this policy review into an annual security awareness training program.

Assignment Requirements

1. Summarize potential risks and liabilities with this scenario.

2. Discuss the following IT policies and the level of protection each policy provides in the context of

your assigned scenario:

 Internet use policy

 External device use policy

 Employee identity (ID) policy

 Computer use policy

How would each policy help the situation described in your assigned scenario? How might each

policy hinder the situation described in your assigned scenario?

3. Summarize your policy recommendations for this organization. This should not include any

technical guidelines; only the policies you recommend they implement. Include their potential

benefits and costs.