Assignment 1: Creating and Communicating a Security Strategy.

Assignment 1: Creating and Communicating a Security Strategy First Draft Due Week 4 Final Due Week 6, worth 80 points As an IT professional, you’ll often be required to communicate policies, standards, and practices in the workplace. For this assignment, you’ll practice this important task by taking on the role of an IT professional charged with creating a memo to communicate your company’s new security strategy. The specific course learning outcomes associated with this assignment are: • Analyze the importance of network architecture to security operations. • Apply information security standards to real-world implementation. • Communicate how problem-solving concepts are applied in a business environment. • Use information resources to research issues in information systems security. • Write clearly about network security topics using proper writing mechanics and business formats. Preparation 1. Review the essential elements of a security strategy A successful IT administration strategy requires the continuous enforcement of policies, standards, and practices (procedures) within the organization. Review these elements to see how they compare: Policy The general statements that direct the organization’s internal and external communication and goals. Standards Describe the requirements of a given activity related to the policy. They are more detailed and specific than policies. In effect, standards are rules that evaluate the quality of the activity. For example, standards define the structure of the password and the numbers, letters, and special characters that must be used in order to create a password. Practices The written instructions that describe a series of steps to be followed during the performance of a given activity. Practices must support and enhance the work environment. Also referred to as procedures. 2. Describe the business environment You are the IT professional in charge of security for a company that has recently opened within a shopping mall. Describe the current IT environment at this business. You can draw details from a company you work for now or for which you have worked in the past. You’ll need to get creative and identify the details about this business that will influence the policies you’ll create. For example, does the company allow cell phone email apps? Does the company allow web mail? If so, how will this affect the mobile computing policy? Describe all the details about this business environment that will be necessary to support your strategy. CIS333 – Networking Security Fundamentals © 2017 Strayer University. All Rights Reserved. This document contains Strayer University Confidential and Proprietary information and may not be copied, further distributed, or otherwise disclosed in whole or in part, without the expressed written permission of Strayer University. Page 2 of 6 3. Research sample policies Familiarize yourself with various templates and sample policies used in the IT field. Do not just copy another company’s security policy, but rather learn from the best practices of other companies and apply them to yours. Use these resources to help structure your policies: ? Information Security Policy Templates ? Sample Data Security Policies ? Additional Examples and Tips Instructions With the description of the business environment (the fictional company that has opened in a shopping mall) in mind and your policy review and research complete, create a new security strategy in the format of a company memo (no less than three to five pages) in which you do the following: 1. Describe the business environment and identify the risk and reasoning Provide a brief description of all the important areas of the business environment that you’ve discovered in your research. Be sure to identify the reasons that prompted the need to create a security policy. 2. Assemble a security policy Assemble a security policy or policies for this business. Using the memo outline as a guide, collect industry-specific and quality best practices. In your own words, formulate your fictional company’s security policy or policies. You may use online resources, the Strayer Library, or other industry-related resources such as the National Security Agency (NSA) and Network World. In a few brief sentences, provide specific information on how your policy will support the business’ goal. 3. Develop standards Develop the standards that will describe the requirements of a given activity related to the policy. Standards are the in-depth details of the security policy or policies for a business. 4. Develop practices Develop the practices that will be used to ensure the business enforces what is stated in the security policy or policies and standards. Format your assignment according to the following formatting requirements: • This course is designed to prepare you for a career in IT. While most Strayer University courses require APA (essay) format, this course focuses on writing in a business format. Review this resource to learn more about the important features of business writing: The One Unbreakable Rule in Business Writing. ? You may use the provided memo outline as a guide for this assignment, or you may use your own. Get creative and be original! (You should not just copy a memo from another source.) Adapt the strategy you create to your “company” specifically. In the workplace, it will be important to use company standard documents for this type of communication. ? Do not cut and paste someone else’s strategy. Plagiarism detection software will be used to evaluate your submissions.
cis333_assignment_1_creating_and_communicating_a_security_strategy_.pdf

Unformatted Attachment Preview

Don't use plagiarized sources. Get Your Custom Essay on
Assignment 1: Creating and Communicating a Security Strategy.
Just from $13/Page
Order Essay

CIS333 – Networking Security Fundamentals
Assignment 1: Creating and Communicating a Security Strategy
First Draft Due Week 4
Final Due Week 6, worth 80 points
As an IT professional, you’ll often be required to communicate policies, standards, and practices in the
workplace. For this assignment, you’ll practice this important task by taking on the role of an IT
professional charged with creating a memo to communicate your company’s new security strategy.
The specific course learning outcomes associated with this assignment are:
• Analyze the importance of network architecture to security operations.
•
Apply information security standards to real-world implementation.
•
Communicate how problem-solving concepts are applied in a business environment.
•
•
Use information resources to research issues in information systems security.
Write clearly about network security topics using proper writing mechanics and business formats.
Preparation
1. Review the essential elements of a security strategy
A successful IT administration strategy requires the continuous enforcement of policies, standards, and
practices (procedures) within the organization. Review these elements to see how they compare:
Policy
The general statements that direct the organization’s internal and external
communication and goals.
Standards
Describe the requirements of a given activity related to the policy. They are more
detailed and specific than policies. In effect, standards are rules that evaluate the
quality of the activity. For example, standards define the structure of the password
and the numbers, letters, and special characters that must be used in order to
create a password.
Practices
The written instructions that describe a series of steps to be followed during the
performance of a given activity. Practices must support and enhance the work
environment. Also referred to as procedures.
2. Describe the business environment
You are the IT professional in charge of security for a company that has recently opened within a
shopping mall. Describe the current IT environment at this business. You can draw details from a
company you work for now or for which you have worked in the past. You’ll need to get creative and
identify the details about this business that will influence the policies you’ll create. For example, does the
company allow cell phone email apps? Does the company allow web mail? If so, how will this affect the
mobile computing policy? Describe all the details about this business environment that will be necessary
to support your strategy.
© 2017 Strayer University. All Rights Reserved. This document contains Strayer University Confidential and Proprietary information and may
not be copied, further distributed, or otherwise disclosed in whole or in part, without the expressed written permission of Strayer University.
Page 1 of 6
CIS333 – Networking Security Fundamentals
3. Research sample policies
Familiarize yourself with various templates and sample policies used in the IT field. Do not just copy
another company’s security policy, but rather learn from the best practices of other companies and apply
them to yours. Use these resources to help structure your policies:
?
Information Security Policy Templates
?
Sample Data Security Policies
?
Additional Examples and Tips
Instructions
With the description of the business environment (the fictional company that has opened in a shopping
mall) in mind and your policy review and research complete, create a new security strategy in the format
of a company memo (no less than three to five pages) in which you do the following:
1. Describe the business environment and identify the risk and reasoning
Provide a brief description of all the important areas of the business environment that you’ve
discovered in your research. Be sure to identify the reasons that prompted the need to create a
security policy.
2. Assemble a security policy
Assemble a security policy or policies for this business. Using the memo outline as a guide,
collect industry-specific and quality best practices. In your own words, formulate your fictional
company’s security policy or policies. You may use online resources, the Strayer Library, or other
industry-related resources such as the National Security Agency (NSA) and Network World. In a
few brief sentences, provide specific information on how your policy will support the business’
goal.
3. Develop standards
Develop the standards that will describe the requirements of a given activity related to the policy.
Standards are the in-depth details of the security policy or policies for a business.
4. Develop practices
Develop the practices that will be used to ensure the business enforces what is stated in the
security policy or policies and standards.
Format your assignment according to the following formatting requirements:
•
?
?
This course is designed to prepare you for a career in IT. While most Strayer University courses
require APA (essay) format, this course focuses on writing in a business format. Review this
resource to learn more about the important features of business writing: The One Unbreakable
Rule in Business Writing.
You may use the provided memo outline as a guide for this assignment, or you may use your
own. Get creative and be original! (You should not just copy a memo from another source.) Adapt
the strategy you create to your “company” specifically. In the workplace, it will be important to use
company standard documents for this type of communication.
Do not cut and paste someone else’s strategy. Plagiarism detection software will be used to
evaluate your submissions.
© 2017 Strayer University. All Rights Reserved. This document contains Strayer University Confidential and Proprietary information and may
not be copied, further distributed, or otherwise disclosed in whole or in part, without the expressed written permission of Strayer University.
Page 2 of 6
CIS333 – Networking Security Fundamentals
Rubric
Grading for this assignment will be based on answer quality, logic/organization of the memo, and
language and writing skills, using the following rubric.
Points: 80
Assignment 1: Creating and Communicating a Security Strategy
Criteria
Unacceptable
Below 60% F
1. Describe
the
business
and identify
the risk and
reasoning
Does not
describe the
business and
does not
submit or
incompletely
identifies the
risk and
reasoning.
Weight:
20%
2.
Assemble a
security
policy or
policies for
the
business
Meets
Minimum
Expectations
60-69% D
Insufficiently
describes the
business.
The risk is
unclear and
there is not a
clear
connection to
a reason.
Does not
submit or
incompletely
assembles a
security policy
or policies for
the business.
The policy is
missing major
elements and
does not
communicate
how it would
support the
business goal.
Does not
submit or
incompletely
develops
standards.
The standards
are not fully
developed and
do not
describe the
requirements
of the activity.
Weight:
25%
3. Develop
standards
Weight:
25%
Fair
70-79% C
Proficient
80-89% B
Exemplary
90-100% A
Partially
describes the
business.
Satisfactorily
describes the
business.
Thoroughly
describes the
business.
The risk is
stated but the
reasoning needs
more supporting
details.
The risk is
identified and the
reasoning has
some supporting
details.
The risk is
clearly
identified and
the reasoning
has wellsupported
detail to
connect the
risk to the
reasoning.
The policy
includes most
elements and
satisfactorily
indicates how it
would support the
business’ goal,
but was lacking
supporting
details.
The policy
includes all
the necessary
elements and
clearly
indicates how
it will support
the business’
goal.
The standards
satisfactorily
describe many of
the requirements
of the activity but
could use more
details.
The standards
thoroughly
describe all
the
requirements
of the activity
and include
sound, indepth details.
More details and
a clear
connection to
the risk would
improve this
section.
The policy
includes some
elements and
partially
indicates how it
would support
the business’
goal, but was
lacking
supporting
details.
The standards
partially
describe some
of the
requirements of
the activity but
lack the details
necessary to
make them
complete.
© 2017 Strayer University. All Rights Reserved. This document contains Strayer University Confidential and Proprietary information and may
not be copied, further distributed, or otherwise disclosed in whole or in part, without the expressed written permission of Strayer University.
Page 3 of 6
CIS333 – Networking Security Fundamentals
Points: 80
Criteria
4. Develop
practices
Weight:
25%
5. Clarity,
writing
mechanics,
and
business
formatting
requirements
Weight: 5%
Assignment 1: Creating and Communicating a Security Strategy
Unacceptable
Below 60% F
Does not
submit or
incompletely
develops
practices.
The writing
lacks clarity.
Formatting is
not
appropriate
for business.
Meets
Minimum
Expectations
60-69% D
The practices
do not include
enough
description to
ensure the
business can
enforce what
is stated in the
policies and
standards.
Fair
70-79% C
Proficient
80-89% B
Exemplary
90-100% A
The practices
partially
describe how to
ensure the
business can
enforce what is
stated in the
policies and
standards.
The practices
satisfactorily
address how to
ensure the
business can
enforce what is
stated in the
policies and
standards.
The practices
thoroughly
address how
to ensure the
business can
enforce what
is stated in the
policies and
standards.
The written
instructions do
not include
steps or
enough steps
to make them
complete.
The written
instructions
include some
steps, but they
could be
expanded to
make them
complete.
The written
instructions
include all the
necessary
steps and
have wellsupporting
details.
The writing
lacks some
clarity.
The writing is
beginning to
show clarity.
Formatting is
not
appropriate for
business.
Business
formatting is
partially applied.
The written
instructions
include many of
the necessary
steps, but
additional steps
and details would
improve the
instructions.
The writing is
mostly clear and
business
formatting is
apparent.
Some minor
adjustments
would improve
the overall
format.
The writing is
professional
and clear.
The formatting
is excellent
and aligned
with business
requirements.
© 2017 Strayer University. All Rights Reserved. This document contains Strayer University Confidential and Proprietary information and may
not be copied, further distributed, or otherwise disclosed in whole or in part, without the expressed written permission of Strayer University.
Page 4 of 6
CIS333 – Networking Security Fundamentals
Additional Examples and Tips
Example 1: XYZ Inc. Company-Wide Employee Password Strategy
Policies
• All users must have a password.
• Passwords must be changed every six months.
Standards
• A password must have a minimum of six characters.
• A password must have a maximum of 12 characters.
• A password must contain letters, numbers, and special characters other than $.
Practices-Employee
•
•
•
•
Create a password. The UserID should be an EmployeeID already generated by HR.
Send a request to create the account to the Information Technology (IT) department.
User receives a temporary password.
Users must change their temporary password the first time they log in.
Example 2: Security Policy and Standards
Password Policy: Passwords are an important part of computer security at your organization. They often
serve as the first line of defense in preventing unauthorized access to the organization’s computers and
data.
In order to define the password policy, it is important to identify the standards.
1. Multi-factor authentication
2. Password strength standard
3. Password security standards; how to keep the password secure
Tips and Points to Consider When Identifying Risks or Security Vulnerabilities
•
•
•
•
•
•
•
Flaws in operating systems due to constant attack by malware
Denial of services attacks
Employees data theft
User set a weak password or password that is easy to guess, such as a birthday or child’s name.
User leaves sensitive data on an unlocked, unattended computer
Organization allows sensitive data on a laptop that leaves the building
Data can be accessed remotely without using proper security
© 2017 Strayer University. All Rights Reserved. This document contains Strayer University Confidential and Proprietary information and may
not be copied, further distributed, or otherwise disclosed in whole or in part, without the expressed written permission of Strayer University.
Page 5 of 6
CIS333 – Networking Security Fundamentals
Memo Outline
Network Security Associates of Atlantis, Inc.
123 Watery Lane
Atlantis, USVI 91199
From: IT Security Dept.
Re: Security Policy
Date:
Section 1: General Policies and Motivation
Section 2: Passwords
Section 3: Biometrics
Section 4: Tokens
Section 5: Physical Security
Section 6: Email Policies
Section 7: Breach Reporting Responsibilities
Section 8: Mobile Policy and BYOD (Bring Your Own Device)
© 2017 Strayer University. All Rights Reserved. This document contains Strayer University Confidential and Proprietary information and may
not be copied, further distributed, or otherwise disclosed in whole or in part, without the expressed written permission of Strayer University.
Page 6 of 6

Purchase answer to see full
attachment

GradeAcers
Calculate your paper price
Pages (550 words)
Approximate price: -

Why Work with Us

Top Quality and Well-Researched Papers

We always make sure that writers follow all your instructions precisely. You can choose your academic level: high school, college/university or professional, and we will assign a writer who has a respective degree.

Professional and Experienced Academic Writers

We have a team of professional writers with experience in academic and business writing. Many are native speakers and able to perform any task for which you need help.

Free Unlimited Revisions

If you think we missed something, send your order for a free revision. You have 10 days to submit the order for review after you have received the final document. You can do this yourself after logging into your personal account or by contacting our support.

Prompt Delivery and 100% Money-Back-Guarantee

All papers are always delivered on time. In case we need more time to master your paper, we may contact you regarding the deadline extension. In case you cannot provide us with more time, a 100% refund is guaranteed.

Original & Confidential

We use several writing tools checks to ensure that all documents you receive are free from plagiarism. Our editors carefully review all quotations in the text. We also promise maximum confidentiality in all of our services.

24/7 Customer Support

Our support agents are available 24 hours a day 7 days a week and committed to providing you with the best customer experience. Get in touch whenever you need any assistance.

Try it now!

Calculate the price of your order

Total price:
$0.00

How it works?

Follow these simple steps to get your paper done

Place your order

Fill in the order form and provide all details of your assignment.

Proceed with the payment

Choose the payment system that suits you most.

Receive the final file

Once your paper is ready, we will email it to you.

Our Services

No need to work on your paper at night. Sleep tight, we will cover your back. We offer all kinds of writing services.

Essays

Essay Writing Service

No matter what kind of academic paper you need and how urgent you need it, you are welcome to choose your academic level and the type of your paper at an affordable price. We take care of all your paper needs and give a 24/7 customer care support system.

Admissions

Admission Essays & Business Writing Help

An admission essay is an essay or other written statement by a candidate, often a potential student enrolling in a college, university, or graduate school. You can be rest assurred that through our service we will write the best admission essay for you.

Reviews

Editing Support

Our academic writers and editors make the necessary changes to your paper so that it is polished. We also format your document by correctly quoting the sources and creating reference lists in the formats APA, Harvard, MLA, Chicago / Turabian.

Reviews

Revision Support

If you think your paper could be improved, you can request a review. In this case, your paper will be checked by the writer or assigned to an editor. You can use this option as many times as you see fit. This is free because we want you to be completely satisfied with the service offered.

Order your essay today and save 15% with the discount code DISCOUNT15