Assignment 1: creating and communicating a security strategy

Author:

June 19th, 2020

Assignment 1: Creating and Communicating a Security Strategy

First Draft Due Week 4

Final Due Week 6, worth 80 points

As an IT professional, you’ll often be required to communicate policies, standards, and practices in the workplace. For this assignment, you’ll practice this important task by taking on the role of an IT professional charged with creating a memo to communicate your company’s new security strategy.

The specific course learning outcomes associated with this assignment are:

Analyze the importance of network architecture to security operations.
Apply information security standards to real-world implementation.
Communicate how problem-solving concepts are applied in a business environment.
Use information resources to research issues in information systems security.
Write clearly about network security topics using proper writing mechanics and business formats.

Preparation

Review the essential elements of a security strategy

A successful IT administration strategy requires the continuous enforcement of policies, standards, and practices (procedures) within the organization. Review these elements to see how they compare:

Policy: The general statements that direct the organization’s internal and external communication and goals.

Standards: Describe the requirements of a given activity related to the policy. They are more detailed and specific than policies. In effect, standards are rules that evaluate the quality of the activity. For example, standards define the structure of the password and the numbers, letters, and special characters that must be used in order to create a password.

Practices: The written instructions that describe a series of steps to be followed during the performance of a given activity. Practices must support and enhance the work environment. Also referred to as procedures.

2. Describe the business environment

You are the IT professional in charge of security for a company that has recently opened within a shopping mall. Describe the current IT environment at this business. You can draw details from a company you work for now or for which you have worked in the past. You’ll need to get creative and identify the details about this business that will influence the policies you’ll create. For example, does the company allow cell phone email apps? Does the company allow web mail? If so, how will this affect the mobile computing policy? Describe all the details about this business environment that will be necessary to support your strategy.

Research sample policies

Familiarize yourself with various templates and sample policies used in the IT field. Do not just copy another company’s security policy, but rather learn from the best practices of other companies and apply them to yours. Use these resources to help structure your policies:

Instructions

With the description of the business environment (the fictional company that has opened in a shopping mall) in mind and your policy review and research complete, create a new security strategy in the format of a company memo (no less than three to five pages) in which you do the following:

Describe the business environment and identify the risk and reasoning

Provide a brief description of all the important areas of the business environment that you’ve discovered in your research. Be sure to identify the reasons that prompted the need to create a security policy.

Assemble a security policy

Assemble a security policy or policies for this business. Using the memo outline as a guide, collect industry-specific and quality best practices. In your own words, formulate your fictional company’s security policy or policies. You may use online resources, such as the National Security Agency (NSA) – https://www.nsa.gov/ and Network World – https://www.networkworld.com/category/security/ . In a few brief sentences, provide specific information on how your policy will support the business’ goal.

Develop standards

Develop the standards that will describe the requirements of a given activity related to the policy. Standards are the in-depth details of the security policy or policies for a business.

Develop practices

Develop the practices that will be used to ensure the business enforces what is stated in the security policy or policies and standards.

Format your assignment according to the following formatting requirements:

You may use the provided memo outline as a guide for this assignment, or you may use your own. Get creative and be original! (You should not just copy a memo from another source.) Adapt the strategy you create to your “company” specifically. In the workplace, it will be important to use company standard documents for this type of communication.
Do not cut and paste someone else’s strategy. Plagiarism detection software will be used to evaluate your submissions.

Rubric

Grading for this assignment will be based on answer quality, logic/organization of the memo, and language and writing skills, using the following rubric.

Points: 80

Assignment 1: Creating and Communicating a Security Strategy

Criteria

Unacceptable

Below 60% F

Meets Minimum Expectations

60-69% D

Fair

70-79% C

Proficient

80-89% B

Exemplary

90-100% A

1. Describe the business and identify the risk and reasoning

Weight: 20%

Does not describe the business and does not submit or incompletely identifies the risk and reasoning.

Insufficiently describes the business.

The risk is unclear and there is not a clear connection to a reason.

Partially describes the business.

The risk is stated but the reasoning needs more supporting details.

More details and a clear connection to the risk would improve this section.

Satisfactorily describes the business.

The risk is identified and the reasoning has some supporting details.

Thoroughly describes the business.

The risk is clearly identified and the reasoning has well-supported detail to connect the risk to the reasoning.

2. Assemble a security policy or policies for the business

Weight: 25%

Does not submit or incompletely assembles a security policy or policies for the business.

The policy is missing major elements and does not communicate how it would support the business goal.

The policy includes some elements and partially indicates how it would support the business’ goal, but was lacking supporting details.

The policy includes most elements and satisfactorily indicates how it would support the business’ goal, but was lacking supporting details.

The policy includes all the necessary elements and clearly indicates how it will support the business’ goal.

3. Develop standards

Weight: 25%

Does not submit or incompletely develops standards.

The standards are not fully developed and do not describe the requirements of the activity.

The standards partially describe some of the requirements of the activity but lack the details necessary to make them complete.

The standards satisfactorily describe many of the requirements of the activity but could use more details.

The standards thoroughly describe all the requirements of the activity and include sound, in-depth details.

4. Develop practices

Weight: 25%

Does not submit or incompletely develops practices.

The practices do not include enough description to ensure the business can enforce what is stated in the policies and standards.

The written instructions do not include steps or enough steps to make them complete.

The practices partially describe how to ensure the business can enforce what is stated in the policies and standards.

The written instructions include some steps, but they could be expanded to make them complete.

The practices satisfactorily address how to ensure the business can enforce what is stated in the policies and standards.

The written instructions include many of the necessary steps, but additional steps and details would improve the instructions.

The practices thoroughly address how to ensure the business can enforce what is stated in the policies and standards.

The written instructions include all the necessary steps and have well-supporting details.

5. Clarity, writing mechanics, and business

formatting require-
ments

Weight: 5%

The writing lacks clarity.

Formatting is not appropriate for business.

The writing lacks some clarity.

Formatting is not appropriate for business.

The writing is beginning to show clarity.

Business formatting is partially applied.

The writing is mostly clear and business formatting is apparent.

Some minor adjustments would improve the overall format.

The writing is professional and clear.

The formatting is excellent and aligned with business requirements.

Additional Examples and Tips

Example 1: XYZ Inc. Company-Wide Employee Password Strategy

Policies

• All users must have a password.

• Passwords must be changed every six months.

Standards

• A password must have a minimum of six characters.

• A password must have a maximum of 12 characters.

• A password must contain letters, numbers, and special characters other than $.

Practices-Employee

• Create a password. The UserID should be an EmployeeID already generated by HR.

• Send a request to create the account to the Information Technology (IT) department. • User receives a temporary password.

• Users must change their temporary password the first time they log in.

Example 2: Security Policy and Standards

Password Policy: Passwords are an important part of computer security at your organization. They often serve as the first line of defense in preventing unauthorized access to the organization’s computers and data.

In order to define the password policy, it is important to identify the standards.

1. Multi-factor authentication

2. Password strength standard

3. Password security standards; how to keep the password secure

Tips and Points to Consider When Identifying Risks or Security Vulnerabilities

Flaws in operating systems due to constant attack by malware
Denial of services attacks
Employees data theft
User set a weak password or password that is easy to guess, such as a birthday or child’s name.
User leaves sensitive data on an unlocked, unattended computer
Organization allows sensitive data on a laptop that leaves the building
Data can be accessed remotely without using proper security

Memo Outline

Network Security Associates of Atlantis, Inc.

123 Watery Lane

Atlantis, USVI 91199

From: IT Security Dept.

Re: Security Policy

Date:

Section 1: General Policies and Motivation Section

2: Passwords Section

3: Biometrics Section

4: Tokens Section

5: Physical Security Section

6: Email Policies Section

7: Breach Reporting Responsibilities Section

8: Mobile Policy and BYOD (Bring Your Own Device)

Calculate the price

Make an order in advance and get the best price

Type of paper

Academic level

Deadline

Pages (550 words)

$0.00

*Price with a welcome 15% discount applied.

Pro tip: If you want to save more money and pay the lowest price, you need to set a more extended deadline.

We know how difficult it is to be a student these days. That's why our prices are one of the most affordable on the market, and there are no hidden fees.

Instead, we offer bonuses, discounts, and free services to make your experience outstanding.

How it works

Receive a 100% original paper that will pass Turnitin from a top essay writing service

step 1

Upload your instructions

Fill out the order form and provide paper details. You can even attach screenshots or add additional instructions later. If something is not clear or missing, the writer will contact you for clarification.

step 2

Control the process

Once you place an order with our professional essay writing services, we will email you login details to your account. There, you'll communicate with the writer and support team and track the writer's progress.

step 3

Download your paper on time

As soon as your work is ready, we’ll notify you via email. You'll then be able to download it from your account and request a revision if needed. Please note that you can also rate the writer's work in your account.

Pro service tips

How to get the most out of your experience with Australia Assessments

One writer throughout the entire course

If you like the writer, you can hire them again. Just copy & paste their ID on the order form ("Preferred Writer's ID" field). This way, your vocabulary will be uniform, and the writer will be aware of your needs.

The same paper from different writers

You can order essay or any other work from two different writers to choose the best one or give another version to a friend. This can be done through the add-on "Same paper from another writer."

Copy of sources used by the writer

Our college essay writers work with ScienceDirect and other databases. They can send you articles or materials used in PDF or through screenshots. Just tick the "Copy of sources" field on the order form.

Testimonials

See why 20k+ students have chosen us as their sole writing assistance provider

Check out the latest reviews and opinions submitted by real customers worldwide and make an informed decision.

Education

Thank you

Customer 463515, October 19th, 2022

Business and administrative studies

Commendable. Review credentials alignment in APA cover page. Student paper https://owl.purdue.edu/owl/research_and_citation/apa_style/apa_formatting_and_style_guide/apa_sample_paper.html

Customer 453187, March 31st, 2022

SEO

The article was well researched on and well written. Thank you for following the instructions. I'm very pleased with the work I received.

Customer 463869, March 20th, 2023

Military

Good job

Customer 456821, November 28th, 2022

Aviation

Great job on the revision. Rating reflects the revision after upgrading the writer. Previous tutor's assistance was not very good at all. I am still very happy with the assistance provided by the tutor and the support team.

Customer 454145, April 5th, 2020

Healthcare & Medical

Good work

Customer 463469, October 22nd, 2022

Business

Good job!

Customer 463337, March 16th, 2023

Military

Excellent

Customer 456821, November 12th, 2022

Senior Services

Outstanding quality.

Customer 452441, April 13th, 2022

Marketing & Advertising

Nice article. I've also learnt alot.

Customer 453915, September 21st, 2022

Business and administrative studies

Good content. Journals do not require citations/references.

Customer 459947, May 29th, 2022

history

Excellent responses.

Customer 463049, June 5th, 2022

11,595

Customer reviews in total

96%

Current satisfaction rate

3 pages

Average paper length

37%

Customers referred by a friend

OUR GIFT TO YOU

15% OFF your first order

Use a coupon FIRST15 and enjoy expert help with any task at the most affordable price.

Claim my 15% OFF Order in Chat