Information Security Policy Cis 333 Strayer Univ

Preparation
1. Review the essential elements of a security strategy
A successful IT administration strategy requires the continuous enforcement of policies, standards, and
practices (procedures) within the organization. Review these elements to see how they compare:
Policy The general statements that direct the organization’s internal and external
communication and goals.
Standards Describe the requirements of a given activity related to the policy. They are more
detailed and specific than policies. In effect, standards are rules that evaluate the
quality of the activity. For example, standards define the structure of the password
and the numbers, letters, and special characters that must be used in order to
create a password.
Practices The written instructions that describe a series of steps to be followed during the
performance of a given activity. Practices must support and enhance the work
environment. Also referred to as procedures.
2. Describe the business environment
You are the IT professional in charge of security for a company that has recently opened within a
shopping mall. Describe the current IT environment at this business. You can draw details from a
company you work for now or for which you have worked in the past. You’ll need to get creative and
identify the details about this business that will influence the policies you’ll create. For example, does the
company allow cell phone email apps? Does the company allow web mail? If so, how will this affect the
mobile computing policy? Describe all the details about this business environment that will be necessary
to support your strategy.
CIS333 – Assignments and Rubrics
© 2017 Strayer University. All Rights Reserved. This document contains Strayer University Confidential and Proprietary information
and may not be copied, further distributed, or otherwise disclosed in whole or in part, without the expressed written permission of
Strayer University.
CIS333 Faculty Version 1178 (03-22-19) Page 2 of 7
3. Research sample policies
Familiarize yourself with various templates and sample policies used in the IT field. Do not just copy
another company’s security policy, but rather learn from the best practices of other companies and apply
them to yours. Use these resources to help structure your policies:
● Information Security Policy Templates
● Sample Data Security Policies
● Additional Examples and Tips
Instructions
With the description of the business environment (the fictional company that has opened in a shopping
mall) in mind and your policy review and research complete, create a new security strategy in the format
of a company memo (no less than three to five pages) in which you do the following:
1. Describe the business environment and identify the risk and reasoning
Provide a brief description of all the important areas of the business environment that you’ve
discovered in your research. Be sure to identify the reasons that prompted the need to create a
security policy.
2. Assemble a security policy
Assemble a security policy or policies for this business. Using the memo outline as a guide,
collect industry-specific and quality best practices. In your own words, formulate your fictional
company’s security policy or policies. You may use online resources, the Strayer Library, or other
industry-related resources such as the National Security Agency (NSA) and Network World. In a
few brief sentences, provide specific information on how your policy will support the business’
goal.
3. Develop standards
Develop the standards that will describe the requirements of a given activity related to the policy.
Standards are the in-depth details of the security policy or policies for a business.
4. Develop practices
Develop the practices that will be used to ensure the business enforces what is stated in the
security policy or policies and standards.
Format your assignment according to the following formatting requirements:
• This course requires use of Strayer Writing Standards (SWS). The format is different than other
Strayer University courses. Please take a moment to review the SWS documentation for details.
Review this resource to learn more about the important features of business writing: The One
Unbreakable Rule in Business Writing.
● You may use the provided memo outline as a guide for this assignment, or you may use your
own. Get creative and be original! (You should not just copy a memo from another source.) Adapt
the strategy you create to your “company” specifically. In the workplace, it will be important to use
company standard documents for this type of communication.
● Do not cut and paste someone else’s strategy. Plagiarism detection software will be used to
evaluate your submissions.