This discussion assesses your ability to clarify the role of each legally mandated attendee on the Individualized Education Program team. This assessment also supports your achievement of Course Learning Outcome….
Prepare a well-written security policy proposal for your organization that utilizes the concepts learned in the course as a basis for your analysis and policy.
Propose a Security Policy for an Organization
Preparation: Choose a real or hypothetical organization, corporation (profit or nonprofit), or institution that uses IT in its product, services, activities, and/or operations. If you work in an organization or field that could benefit from an information network security policy, you might wish to apply the project to it.
Assignment: Prepare a well-written security policy proposal for your organization that utilizes the concepts learned in the course as a basis for your analysis and policy.
Make sure that your proposal includes the basic elements of a good security policy including:
- Introduction describing your organization and describing its mission, products/services, technical resources, and technical strategy
- Analysis of the organization’s relationships to its clients/customers, staff, management, and owners or other stakeholders
- A vulnerability assessment
- Your recommendation, including:
- Proposed remedial measures (as appropriate to the situation; these might include firewall/gateway provisions, authentication and authorization, encryption systems, intrusion detection, virus detection, incident reporting, education/training, etc.)
- Proposed code of ethics or code of practice to be applied within the organization
- Legal/compliance requirements and description of how they will be met
- Proposed security policy statement/summary
Important: Your proposal must justify every element of your proposal in ethical and legal terms. In other words, you need to state why each policy/code element (including technical elements) is good for business and why it is good/sound ethical policy (how it is good for the organization and why it is good for customers, users, or employees, or the public). Also identify any ethical/legal tensions, conflicts, and/or contradictions and justify any trade-offs being made in the recommendation.
Discuss and cite at least four credible or scholarly sources other than the course textbooks (which can be cited as well) to support your analysis and policy choices. Your paper should be 10-12 pages in length with document and citation formatting per the APA guidelines.
Recommendation: It is recommended that students review Chapter 8 in the course textbook, which is required reading for Module 6, early in the term and apply the knowledge therein to planning and drafting the Portfolio Project. In Chapter 8 (and also in the early part of Chapter 10), the textbook author discusses the role of a security policy in the compliance of an organization. He observes that in response to public outcry in the 1990s, governments went on a binge passing laws to regulate the new Internet. But privacy advocates pushed back and by the early 2000s, the result of much politicking was a mixed system of sectoral laws (dealing with specific situations) and largely voluntary norms. These norms were adopted by organizations and enshrined in security and privacy policies regarding data and networking. Kizza (2011) made the point that, “A good, balanced and unified approach to information security compliance consists of a good security policy that effectively balances and enforces core information security and compliance elements” (p. 184).
Incremental Deliverable due 11:59 P.M. on Sunday of Week 2
Submit a brief description of the “real or hypothetical organization, corporation (profit or non-profit), or institution that uses IT in its product, activities, or operations” that will serve as the scenario for your Portfolio Project. If you work or have worked for an organization could benefit from an information network security policy, consider using your place of employment as the scenario for your project.
Your description should be at least a paragraph and no more than a page in length.