Uploaded byaryan532920
DOCX, PDF20 views

CIS333 – Networking Security Fundamentals © 2017 Stray.docx

This document outlines an assignment for IT professionals at Strayer University, requiring the creation of a memo to communicate a new security strategy for a fictional company located in a shopping mall. It emphasizes the importance of defining security policies, standards, and practices, while also requiring the assessment of the business environment and the development of necessary documentation. The assignment is structured to help students analyze and articulate security concepts relevant to real-world IT scenarios.

Embed presentation

Download to read offline
CIS333 – Networking Security Fundamentals © 2017 Strayer University. All Rights Reserved. This document contains Strayer University Confidential and Proprietary information and may not be copied, further distributed, or otherwise disclosed in whole or in part, without the expressed written permission of Strayer University. Page 1 of 6 Assignment 1: Creating and Communicating a Security Strategy First Draft Due Week 4 Final Due Week 6, worth 80 points As an IT professional, you’ll often be required to communicate policies, standards, and practices in the workplace. For this assignment, you’ll practice this important task by taking on the role of an IT professional charged with creating a memo to communicate your company’s new security strategy. The specific course learning outcomes associated with this assignment are:
• Analyze the importance of network architecture to security operations. • Apply information security standards to real-world implementation. • Communicate how problem-solving concepts are applied in a business environment. • Use information resources to research issues in information systems security. • Write clearly about network security topics using proper writing mechanics and business formats. Preparation 1. Review the essential elements of a security strategy A successful IT administration strategy requires the continuous enforcement of policies, standards, and practices (procedures) within the organization. Review these elements to see how they compare: Policy The general statements that direct the organization’s internal and external communication and goals. Standards Describe the requirements of a given activity related to the policy. They are more
detailed and specific than policies. In effect, standards are rules that evaluate the quality of the activity. For example, standards define the structure of the password and the numbers, letters, and special characters that must be used in order to create a password. Practices The written instructions that describe a series of steps to be followed during the performance of a given activity. Practices must support and enhance the work environment. Also referred to as procedures. 2. Describe the business environment You are the IT professional in charge of security for a company that has recently opened within a shopping mall. Describe the current IT environment at this business. You can draw details from a company you work for now or for which you have worked in the past. You’ll need to get creative and identify the details about this business that will influence the policies you’ll create. For example, does the
company allow cell phone email apps? Does the company allow web mail? If so, how will this affect the mobile computing policy? Describe all the details about this business environment that will be necessary to support your strategy. CIS333 – Networking Security Fundamentals © 2017 Strayer University. All Rights Reserved. This document contains Strayer University Confidential and Proprietary information and may not be copied, further distributed, or otherwise disclosed in whole or in part, without the expressed written permission of Strayer University. Page 2 of 6 3. Research sample policies Familiarize yourself with various templates and sample policies used in the IT field. Do not just copy another company’s security policy, but rather learn from the best practices of other companies and apply them to yours. Use these resources to help structure your policies:
● Information Security Policy Templates ● Sample Data Security Policies ● Additional Examples and Tips Instructions With the description of the business environment (the fictional company that has opened in a shopping mall) in mind and your policy review and research complete, create a new security strategy in the format of a company memo (no less than three to five pages) in which you do the following: 1. Describe the business environment and identify the risk and reasoning Provide a brief description of all the important areas of the business environment that you’ve discovered in your research. Be sure to identify the reasons that prompted the need to create a security policy. 2. Assemble a security policy Assemble a security policy or policies for this business. Using the memo outline as a guide, collect industry-specific and quality best practices. In your own words, formulate your fictional company’s security policy or policies. You may use online
resources, the Strayer Library, or other industry-related resources such as the National Security Agency (NSA) and Network World. In a few brief sentences, provide specific information on how your policy will support the business' goal. 3. Develop standards Develop the standards that will describe the requirements of a given activity related to the policy. Standards are the in-depth details of the security policy or policies for a business. 4. Develop practices Develop the practices that will be used to ensure the business enforces what is stated in the security policy or policies and standards. Format your assignment according to the following formatting requirements: • This course is designed to prepare you for a career in IT. While most Strayer University courses require APA (essay) format, this course focuses on writing in a business format. Review this resource to learn more about the important features of business writing: The One Unbreakable Rule in Business Writing. ● You may use the provided memo outline as a guide for this assignment, or you may use your own. Get creative and be original! (You should not just copy a
memo from another source.) Adapt the strategy you create to your “company” specifically. In the workplace, it will be important to use company standard documents for this type of communication. ● Do not cut and paste someone else’s strategy. Plagiarism detection software will be used to evaluate your submissions. https://www.sans.org/security-resources/policies https://www.sophos.com/en-us/medialibrary/PDFs/other/sophos- example-data-security-policies-na.pdf?la=en http://www.nsa.gov/ https://www.networkworld.com/category/security/ http://libdatab.strayer.edu/login?url=http://search.ebscohost.co m/login.aspx?direct=true&db=bth&AN=118683852&site=eds- live&scope=site http://libdatab.strayer.edu/login?url=http://search.ebscohost.co m/login.aspx?direct=true&db=bth&AN=118683852&site=eds- live&scope=site CIS333 – Networking Security Fundamentals © 2017 Strayer University. All Rights Reserved. This document contains Strayer University Confidential and Proprietary information and may not be copied, further distributed, or otherwise disclosed in whole or in part, without the expressed written permission of Strayer University. Page 3 of 6 Rubric
Grading for this assignment will be based on answer quality, logic/organization of the memo, and language and writing skills, using the following rubric. Points: 80 Assignment 1: Creating and Communicating a Security Strategy Criteria Unacceptable Below 60% F Meets Minimum Expectations 60-69% D Fair 70-79% C Proficient 80-89% B Exemplary 90-100% A 1. Describe the
business and identify the risk and reasoning Weight: 20% Does not describe the business and does not submit or incompletely identifies the risk and reasoning. Insufficiently describes the
business. The risk is unclear and there is not a clear connection to a reason. Partially describes the business. The risk is stated but the reasoning needs more supporting details. More details and
a clear connection to the risk would improve this section. Satisfactorily describes the business. The risk is identified and the reasoning has some supporting details. Thoroughly describes the business.
The risk is clearly identified and the reasoning has well- supported detail to connect the risk to the reasoning. 2. Assemble a security policy or policies for the business
Weight: 25% Does not submit or incompletely assembles a security policy or policies for the business. The policy is missing major elements and does not communicate how it would support the business goal. The policy
includes some elements and partially indicates how it would support the business’ goal, but was lacking supporting details. The policy includes most elements and satisfactorily indicates how it would support the business’ goal, but was lacking
supporting details. The policy includes all the necessary elements and clearly indicates how it will support the business’ goal. 3. Develop standards Weight: 25% Does not submit or
incompletely develops standards. The standards are not fully developed and do not describe the requirements of the activity. The standards partially describe some of the requirements of the activity but lack the details necessary to
make them complete. The standards satisfactorily describe many of the requirements of the activity but could use more details. The standards thoroughly describe all the requirements of the activity and include sound, in- depth details.
CIS333 – Networking Security Fundamentals © 2017 Strayer University. All Rights Reserved. This document contains Strayer University Confidential and Proprietary information and may not be copied, further distributed, or otherwise disclosed in whole or in part, without the expressed written permission of Strayer University. Page 4 of 6 Points: 80 Assignment 1: Creating and Communicating a Security Strategy Criteria Unacceptable Below 60% F Meets Minimum Expectations 60-69% D Fair 70-79% C Proficient
80-89% B Exemplary 90-100% A 4. Develop practices Weight: 25% Does not submit or incompletely develops practices. The practices do not include enough description to ensure the business can
enforce what is stated in the policies and standards. The written instructions do not include steps or enough steps to make them complete. The practices partially describe how to ensure the business can enforce what is
stated in the policies and standards. The written instructions include some steps, but they could be expanded to make them complete. The practices satisfactorily address how to ensure the business can enforce what is stated in the
policies and standards. The written instructions include many of the necessary steps, but additional steps and details would improve the instructions. The practices thoroughly address how to ensure the business can enforce what
is stated in the policies and standards. The written instructions include all the necessary steps and have well- supporting details. 5. Clarity, writing mechanics, and business formatting require-
ments Weight: 5% The writing lacks clarity. Formatting is not appropriate for business. The writing lacks some clarity. Formatting is not appropriate for business. The writing is
beginning to show clarity. Business formatting is partially applied. The writing is mostly clear and business formatting is apparent. Some minor adjustments would improve the overall format. The writing is professional
and clear. The formatting is excellent and aligned with business requirements. CIS333 – Networking Security Fundamentals © 2017 Strayer University. All Rights Reserved. This document contains Strayer University Confidential and Proprietary information and may not be copied, further distributed, or otherwise disclosed in whole or in part, without the expressed written permission of Strayer University. Page 5 of 6 Additional Examples and Tips Example 1: XYZ Inc. Company-Wide Employee Password Strategy
Policies • All users must have a password. • Passwords must be changed every six months. Standards • A password must have a minimum of six characters. • A password must have a maximum of 12 characters. • A password must contain letters, numbers, and special characters other than $. Practices-Employee • Create a password. The UserID should be an EmployeeID already generated by HR. • Send a request to create the account to the Information Technology (IT) department. • User receives a temporary password. • Users must change their temporary password the first time they log in. Example 2: Security Policy and Standards
Password Policy: Passwords are an important part of computer security at your organization. They often serve as the first line of defense in preventing unauthorized access to the organization’s computers and data. In order to define the password policy, it is important to identify the standards. 1. Multi-factor authentication 2. Password strength standard 3. Password security standards; how to keep the password secure Tips and Points to Consider When Identifying Risks or Security Vulnerabilities • Flaws in operating systems due to constant attack by malware • Denial of services attacks • Employees data theft • User set a weak password or password that is easy to guess, such as a birthday or child’s name. • User leaves sensitive data on an unlocked, unattended computer
• Organization allows sensitive data on a laptop that leaves the building • Data can be accessed remotely without using proper security CIS333 – Networking Security Fundamentals © 2017 Strayer University. All Rights Reserved. This document contains Strayer University Confidential and Proprietary information and may not be copied, further distributed, or otherwise disclosed in whole or in part, without the expressed written permission of Strayer University. Page 6 of 6 Memo Outline Network Security Associates of Atlantis, Inc. 123 Watery Lane Atlantis, USVI 91199 From: IT Security Dept. Re: Security Policy Date:
Section 1: General Policies and Motivation Section 2: Passwords Section 3: Biometrics Section 4: Tokens Section 5: Physical Security Section 6: Email Policies Section 7: Breach Reporting Responsibilities Section 8: Mobile Policy and BYOD (Bring Your Own Device)

More Related Content

DOCX
CIS333 – Assignments and Rubrics © 2017 Strayer Unive.docx
byAASTHA76
 
DOCX
CIS333 – Assignments and Rubrics Assignment 1 Creatin.docx
byAASTHA76
 
DOCX
CIS333 – Assignments and Rubrics Assignment 1 Creating an.docx
bysleeperharwell
 
DOCX
Phonemic Awareness TableTaskScriptingDescription and.docx
byJUST36
 
DOCX
Portfolio Project Leaders Dynamics of Power In.docx
byharrisonhoward80223
 
PPT
Network Security
byUnited Nations Development Program
 
PDF
Unit-1 introduction to cyber security discuss about how to secure a system
byshivangisharma636228
 
PDF
Ch09 Information Security Best Practices
byphanleson
 
CIS333 – Assignments and Rubrics © 2017 Strayer Unive.docx
byAASTHA76
 
CIS333 – Assignments and Rubrics Assignment 1 Creatin.docx
byAASTHA76
 
CIS333 – Assignments and Rubrics Assignment 1 Creating an.docx
bysleeperharwell
 
Phonemic Awareness TableTaskScriptingDescription and.docx
byJUST36
 
Portfolio Project Leaders Dynamics of Power In.docx
byharrisonhoward80223
 
Network Security
byUnited Nations Development Program
 
Unit-1 introduction to cyber security discuss about how to secure a system
byshivangisharma636228
 
Ch09 Information Security Best Practices
byphanleson
 

Similar to CIS333 – Networking Security Fundamentals © 2017 Stray.docx

DOCX
Security policy case study
byashu6
 
DOC
Jennings it security overview 1 2
byDonald Jennings
 
DOC
Jennings it security overview 1 2
byDonald Jennings
 
DOCX
Security Policy Document Project Objectives The purpose .docx
bykenjordan97598
 
DOCX
Security Policy Document Project Objectives The purpos.docx
bykenjordan97598
 
PPTX
Sec+ Organizational Security
byDavid Meltzer
 
PPT
Chapter 5 Planning for Security-students.ppt
byShruthi48
 
PPTX
12 security policies
bySaqib Raza
 
PPT
lecture on cyber security_1234567890.ppt
byVijayDSK1
 
PDF
Information security policy how to writing
byPasangdolmoTamang
 
PPT
Identifying and Using Network Hand Tools
bywondimagegndesta
 
DOCX
Operationaland Organizational SecurityChapter 3Princ.docx
bymccormicknadine86
 
DOCX
Operationaland Organizational SecurityChapter 3Princ.docx
byamit657720
 
PPT
Policy-1.pptznlaldjwodmwlznalpqjdc ktpanV
bywardaabbas1
 
PPT
Information security Lecture slides .ppt
byMuhammadAbdullah311866
 
PPT
Lecture3.ppt
byTSampathKumar4
 
DOCX
Part 3 ApplicationEnd-User Security Recommendations.docx
bydanhaley45372
 
PDF
Ise viii-information and network security [10 is835]-solution
byVivek Maurya
 
DOCX
CHAPTER 5 Security Policies, Standards, Procedures, a
byMaximaSheffield592
 
PPTX
CyberCare Pro - Cybersecurity for SME's updated.pptx
bymargueritemcleod1
 
Security policy case study
byashu6
 
Jennings it security overview 1 2
byDonald Jennings
 
Jennings it security overview 1 2
byDonald Jennings
 
Security Policy Document Project Objectives The purpose .docx
bykenjordan97598
 
Security Policy Document Project Objectives The purpos.docx
bykenjordan97598
 
Sec+ Organizational Security
byDavid Meltzer
 
Chapter 5 Planning for Security-students.ppt
byShruthi48
 
12 security policies
bySaqib Raza
 
lecture on cyber security_1234567890.ppt
byVijayDSK1
 
Information security policy how to writing
byPasangdolmoTamang
 
Identifying and Using Network Hand Tools
bywondimagegndesta
 
Operationaland Organizational SecurityChapter 3Princ.docx
bymccormicknadine86
 
Operationaland Organizational SecurityChapter 3Princ.docx
byamit657720
 
Policy-1.pptznlaldjwodmwlznalpqjdc ktpanV
bywardaabbas1
 
Information security Lecture slides .ppt
byMuhammadAbdullah311866
 
Lecture3.ppt
byTSampathKumar4
 
Part 3 ApplicationEnd-User Security Recommendations.docx
bydanhaley45372
 
Ise viii-information and network security [10 is835]-solution
byVivek Maurya
 
CHAPTER 5 Security Policies, Standards, Procedures, a
byMaximaSheffield592
 
CyberCare Pro - Cybersecurity for SME's updated.pptx
bymargueritemcleod1
 

More from aryan532920

DOCX
According to the NASW Code of Ethics section 6.04 (NASW, 2008), .docx
byaryan532920
 
DOCX
According to the text, crime has been part of the human condition si.docx
byaryan532920
 
DOCX
According to Ronald Story and Bruce Laurie, The dozen years between.docx
byaryan532920
 
DOCX
According to Kirk (2016), most of your time will be spent work with .docx
byaryan532920
 
DOCX
According to the Council on Social Work Education, Competency 5 Eng.docx
byaryan532920
 
DOCX
According to Kirk (2016), most of our time will be spent working.docx
byaryan532920
 
DOCX
According to Kirk (2016), most of your time will be spent working wi.docx
byaryan532920
 
DOCX
According to Davenport (2014) the organizational value of healthcare.docx
byaryan532920
 
DOCX
According to the authors, privacy and security go hand in hand; .docx
byaryan532920
 
DOCX
According to Gilbert and Troitzsch (2005), Foundations of Simula.docx
byaryan532920
 
DOCX
According to Klein (2016), using ethical absolutism and ethical .docx
byaryan532920
 
DOCX
According to Franks and Smallwood (2013), information has become.docx
byaryan532920
 
DOCX
According to the Council on Social Work Education, Competency 5.docx
byaryan532920
 
DOCX
According to the authors, privacy and security go hand in hand; and .docx
byaryan532920
 
DOCX
According to recent surveys, China, India, and the Philippines are t.docx
byaryan532920
 
DOCX
According to the authors, countries that lag behind the rest of the .docx
byaryan532920
 
DOCX
According to Peskin et al. (2013) in our course reader, Studies on .docx
byaryan532920
 
DOCX
According to Franks and Smallwood (2013), information has become the.docx
byaryan532920
 
DOCX
According to Ang (2011), how is Social Media management differen.docx
byaryan532920
 
DOCX
According to (Alsaidi & Kausar (2018), It is expected that by 2020,.docx
byaryan532920
 
According to the NASW Code of Ethics section 6.04 (NASW, 2008), .docx
byaryan532920
 
According to the text, crime has been part of the human condition si.docx
byaryan532920
 
According to Ronald Story and Bruce Laurie, The dozen years between.docx
byaryan532920
 
According to Kirk (2016), most of your time will be spent work with .docx
byaryan532920
 
According to the Council on Social Work Education, Competency 5 Eng.docx
byaryan532920
 
According to Kirk (2016), most of our time will be spent working.docx
byaryan532920
 
According to Kirk (2016), most of your time will be spent working wi.docx
byaryan532920
 
According to Davenport (2014) the organizational value of healthcare.docx
byaryan532920
 
According to the authors, privacy and security go hand in hand; .docx
byaryan532920
 
According to Gilbert and Troitzsch (2005), Foundations of Simula.docx
byaryan532920
 
According to Klein (2016), using ethical absolutism and ethical .docx
byaryan532920
 
According to Franks and Smallwood (2013), information has become.docx
byaryan532920
 
According to the Council on Social Work Education, Competency 5.docx
byaryan532920
 
According to the authors, privacy and security go hand in hand; and .docx
byaryan532920
 
According to recent surveys, China, India, and the Philippines are t.docx
byaryan532920
 
According to the authors, countries that lag behind the rest of the .docx
byaryan532920
 
According to Peskin et al. (2013) in our course reader, Studies on .docx
byaryan532920
 
According to Franks and Smallwood (2013), information has become the.docx
byaryan532920
 
According to Ang (2011), how is Social Media management differen.docx
byaryan532920
 
According to (Alsaidi & Kausar (2018), It is expected that by 2020,.docx
byaryan532920
 

Recently uploaded

PPTX
Mohan - "A man of silence and authority"
bynidhibachauhan46
 
PPTX
LEGAL AND RIGHTS ASPECTS OF FAMILY PLANNING.pptx
bysonia
 
PDF
Risks and opportunities of artificial intelligence in education: A critical view
byYannis
 
PPTX
Metabolism ( BIOCHEMISTRY & CLINICAL PATHOLOGY )
byBushraDeshpande
 
PPTX
Statistical Data Analysis using R Programming.pptx
byVETRISELVIP1
 
PPTX
OCCULTISM IN JEHOVAH'S WITNESSES' ARTWORK
byDaniel Barnea
 
PPTX
Alma Šuto - From Tradition to Innovation: Creative AI in Education
bybvtricks
 
PDF
Introduction to Principle Components Analysis algorithms
byBapusahebDange
 
PDF
ĐỀ MINH HỌA KỲ THI TỐT NGHIỆP TRUNG HỌC PHỔ THÔNG NĂM 2026 MÔN TIẾNG ANH 2026...
byNguyen Thanh Tu Collection
 
PPTX
HABIT. Cognitive process. I Semester Shilpa Hotakar pptx
bySHILPA HOTAKAR
 
PPTX
christal dinesha (1).ppt seminar topic..
bychristaldinesha
 
PPTX
MENTAL STATUS EXAMINATION Part-1.Shilpa hotakar.pptx
bySHILPA HOTAKAR
 
PDF
U.S. Departments of Education and Treasury fact sheet
byMebane Rash
 
PPTX
PREVENTIVE PEDIATRICS.pptx
byBANDITA PATRA
 
PDF
NCA New Family Orientation 2026 Dosemagen.pdf
bytimdosemagen1
 
PPTX
Setting Up and Processing Down Payments in Odoo 18 Sales
byCeline George
 
PPTX
COMMUNICATION ITS PROCESS ELEMENTS & BARRIER .pptx
byPoojaSen20
 
PPTX
ALL London Event, January 17th 2026, at the British Film Institite, South Bank.
bySteve Smith
 
PPTX
2026SlideShare.pptx welcome talk 2026 for peace harmony
byBryanGan8
 
PDF
Lamarckism: Theory of Evolution, Principles, Examples, Objections and Neo-Lam...
byIPGDCWA,NAMPALLY
 
Mohan - "A man of silence and authority"
bynidhibachauhan46
 
LEGAL AND RIGHTS ASPECTS OF FAMILY PLANNING.pptx
bysonia
 
Risks and opportunities of artificial intelligence in education: A critical view
byYannis
 
Metabolism ( BIOCHEMISTRY & CLINICAL PATHOLOGY )
byBushraDeshpande
 
Statistical Data Analysis using R Programming.pptx
byVETRISELVIP1
 
OCCULTISM IN JEHOVAH'S WITNESSES' ARTWORK
byDaniel Barnea
 
Alma Šuto - From Tradition to Innovation: Creative AI in Education
bybvtricks
 
Introduction to Principle Components Analysis algorithms
byBapusahebDange
 
ĐỀ MINH HỌA KỲ THI TỐT NGHIỆP TRUNG HỌC PHỔ THÔNG NĂM 2026 MÔN TIẾNG ANH 2026...
byNguyen Thanh Tu Collection
 
HABIT. Cognitive process. I Semester Shilpa Hotakar pptx
bySHILPA HOTAKAR
 
christal dinesha (1).ppt seminar topic..
bychristaldinesha
 
MENTAL STATUS EXAMINATION Part-1.Shilpa hotakar.pptx
bySHILPA HOTAKAR
 
U.S. Departments of Education and Treasury fact sheet
byMebane Rash
 
PREVENTIVE PEDIATRICS.pptx
byBANDITA PATRA
 
NCA New Family Orientation 2026 Dosemagen.pdf
bytimdosemagen1
 
Setting Up and Processing Down Payments in Odoo 18 Sales
byCeline George
 
COMMUNICATION ITS PROCESS ELEMENTS & BARRIER .pptx
byPoojaSen20
 
ALL London Event, January 17th 2026, at the British Film Institite, South Bank.
bySteve Smith
 
2026SlideShare.pptx welcome talk 2026 for peace harmony
byBryanGan8
 
Lamarckism: Theory of Evolution, Principles, Examples, Objections and Neo-Lam...
byIPGDCWA,NAMPALLY
 

CIS333 – Networking Security Fundamentals © 2017 Stray.docx

  • 1.
    CIS333 – NetworkingSecurity Fundamentals © 2017 Strayer University. All Rights Reserved. This document contains Strayer University Confidential and Proprietary information and may not be copied, further distributed, or otherwise disclosed in whole or in part, without the expressed written permission of Strayer University. Page 1 of 6 Assignment 1: Creating and Communicating a Security Strategy First Draft Due Week 4 Final Due Week 6, worth 80 points As an IT professional, you’ll often be required to communicate policies, standards, and practices in the workplace. For this assignment, you’ll practice this important task by taking on the role of an IT professional charged with creating a memo to communicate your company’s new security strategy. The specific course learning outcomes associated with this assignment are:
  • 2.
    • Analyze theimportance of network architecture to security operations. • Apply information security standards to real-world implementation. • Communicate how problem-solving concepts are applied in a business environment. • Use information resources to research issues in information systems security. • Write clearly about network security topics using proper writing mechanics and business formats. Preparation 1. Review the essential elements of a security strategy A successful IT administration strategy requires the continuous enforcement of policies, standards, and practices (procedures) within the organization. Review these elements to see how they compare: Policy The general statements that direct the organization’s internal and external communication and goals. Standards Describe the requirements of a given activity related to the policy. They are more
  • 3.
    detailed and specificthan policies. In effect, standards are rules that evaluate the quality of the activity. For example, standards define the structure of the password and the numbers, letters, and special characters that must be used in order to create a password. Practices The written instructions that describe a series of steps to be followed during the performance of a given activity. Practices must support and enhance the work environment. Also referred to as procedures. 2. Describe the business environment You are the IT professional in charge of security for a company that has recently opened within a shopping mall. Describe the current IT environment at this business. You can draw details from a company you work for now or for which you have worked in the past. You’ll need to get creative and identify the details about this business that will influence the policies you’ll create. For example, does the
  • 4.
    company allow cellphone email apps? Does the company allow web mail? If so, how will this affect the mobile computing policy? Describe all the details about this business environment that will be necessary to support your strategy. CIS333 – Networking Security Fundamentals © 2017 Strayer University. All Rights Reserved. This document contains Strayer University Confidential and Proprietary information and may not be copied, further distributed, or otherwise disclosed in whole or in part, without the expressed written permission of Strayer University. Page 2 of 6 3. Research sample policies Familiarize yourself with various templates and sample policies used in the IT field. Do not just copy another company’s security policy, but rather learn from the best practices of other companies and apply them to yours. Use these resources to help structure your policies:
  • 5.
    ● Information SecurityPolicy Templates ● Sample Data Security Policies ● Additional Examples and Tips Instructions With the description of the business environment (the fictional company that has opened in a shopping mall) in mind and your policy review and research complete, create a new security strategy in the format of a company memo (no less than three to five pages) in which you do the following: 1. Describe the business environment and identify the risk and reasoning Provide a brief description of all the important areas of the business environment that you’ve discovered in your research. Be sure to identify the reasons that prompted the need to create a security policy. 2. Assemble a security policy Assemble a security policy or policies for this business. Using the memo outline as a guide, collect industry-specific and quality best practices. In your own words, formulate your fictional company’s security policy or policies. You may use online
  • 6.
    resources, the StrayerLibrary, or other industry-related resources such as the National Security Agency (NSA) and Network World. In a few brief sentences, provide specific information on how your policy will support the business' goal. 3. Develop standards Develop the standards that will describe the requirements of a given activity related to the policy. Standards are the in-depth details of the security policy or policies for a business. 4. Develop practices Develop the practices that will be used to ensure the business enforces what is stated in the security policy or policies and standards. Format your assignment according to the following formatting requirements: • This course is designed to prepare you for a career in IT. While most Strayer University courses require APA (essay) format, this course focuses on writing in a business format. Review this resource to learn more about the important features of business writing: The One Unbreakable Rule in Business Writing. ● You may use the provided memo outline as a guide for this assignment, or you may use your own. Get creative and be original! (You should not just copy a
  • 7.
    memo from anothersource.) Adapt the strategy you create to your “company” specifically. In the workplace, it will be important to use company standard documents for this type of communication. ● Do not cut and paste someone else’s strategy. Plagiarism detection software will be used to evaluate your submissions. https://www.sans.org/security-resources/policies https://www.sophos.com/en-us/medialibrary/PDFs/other/sophos- example-data-security-policies-na.pdf?la=en http://www.nsa.gov/ https://www.networkworld.com/category/security/ http://libdatab.strayer.edu/login?url=http://search.ebscohost.co m/login.aspx?direct=true&db=bth&AN=118683852&site=eds- live&scope=site http://libdatab.strayer.edu/login?url=http://search.ebscohost.co m/login.aspx?direct=true&db=bth&AN=118683852&site=eds- live&scope=site CIS333 – Networking Security Fundamentals © 2017 Strayer University. All Rights Reserved. This document contains Strayer University Confidential and Proprietary information and may not be copied, further distributed, or otherwise disclosed in whole or in part, without the expressed written permission of Strayer University. Page 3 of 6 Rubric
  • 8.
    Grading for thisassignment will be based on answer quality, logic/organization of the memo, and language and writing skills, using the following rubric. Points: 80 Assignment 1: Creating and Communicating a Security Strategy Criteria Unacceptable Below 60% F Meets Minimum Expectations 60-69% D Fair 70-79% C Proficient 80-89% B Exemplary 90-100% A 1. Describe the
  • 9.
    business and identify the riskand reasoning Weight: 20% Does not describe the business and does not submit or incompletely identifies the risk and reasoning. Insufficiently describes the
  • 10.
    business. The risk is unclearand there is not a clear connection to a reason. Partially describes the business. The risk is stated but the reasoning needs more supporting details. More details and
  • 11.
    a clear connection to therisk would improve this section. Satisfactorily describes the business. The risk is identified and the reasoning has some supporting details. Thoroughly describes the business.
  • 12.
    The risk is clearly identifiedand the reasoning has well- supported detail to connect the risk to the reasoning. 2. Assemble a security policy or policies for the business
  • 13.
    Weight: 25% Does not submit or incompletely assemblesa security policy or policies for the business. The policy is missing major elements and does not communicate how it would support the business goal. The policy
  • 14.
    includes some elements and partially indicateshow it would support the business’ goal, but was lacking supporting details. The policy includes most elements and satisfactorily indicates how it would support the business’ goal, but was lacking
  • 15.
    supporting details. The policy includes all thenecessary elements and clearly indicates how it will support the business’ goal. 3. Develop standards Weight: 25% Does not submit or
  • 16.
    incompletely develops standards. The standards are notfully developed and do not describe the requirements of the activity. The standards partially describe some of the requirements of the activity but lack the details necessary to
  • 17.
    make them complete. The standards satisfactorily describemany of the requirements of the activity but could use more details. The standards thoroughly describe all the requirements of the activity and include sound, in- depth details.
  • 18.
    CIS333 – NetworkingSecurity Fundamentals © 2017 Strayer University. All Rights Reserved. This document contains Strayer University Confidential and Proprietary information and may not be copied, further distributed, or otherwise disclosed in whole or in part, without the expressed written permission of Strayer University. Page 4 of 6 Points: 80 Assignment 1: Creating and Communicating a Security Strategy Criteria Unacceptable Below 60% F Meets Minimum Expectations 60-69% D Fair 70-79% C Proficient
  • 19.
    80-89% B Exemplary 90-100% A 4.Develop practices Weight: 25% Does not submit or incompletely develops practices. The practices do not include enough description to ensure the business can
  • 20.
    enforce what is statedin the policies and standards. The written instructions do not include steps or enough steps to make them complete. The practices partially describe how to ensure the business can enforce what is
  • 21.
    stated in the policiesand standards. The written instructions include some steps, but they could be expanded to make them complete. The practices satisfactorily address how to ensure the business can enforce what is stated in the
  • 22.
    policies and standards. The written instructions includemany of the necessary steps, but additional steps and details would improve the instructions. The practices thoroughly address how to ensure the business can enforce what
  • 23.
    is stated inthe policies and standards. The written instructions include all the necessary steps and have well- supporting details. 5. Clarity, writing mechanics, and business formatting require-
  • 24.
    ments Weight: 5% The writing lacksclarity. Formatting is not appropriate for business. The writing lacks some clarity. Formatting is not appropriate for business. The writing is
  • 25.
    beginning to show clarity. Business formattingis partially applied. The writing is mostly clear and business formatting is apparent. Some minor adjustments would improve the overall format. The writing is professional
  • 26.
    and clear. The formatting isexcellent and aligned with business requirements. CIS333 – Networking Security Fundamentals © 2017 Strayer University. All Rights Reserved. This document contains Strayer University Confidential and Proprietary information and may not be copied, further distributed, or otherwise disclosed in whole or in part, without the expressed written permission of Strayer University. Page 5 of 6 Additional Examples and Tips Example 1: XYZ Inc. Company-Wide Employee Password Strategy
  • 27.
    Policies • All usersmust have a password. • Passwords must be changed every six months. Standards • A password must have a minimum of six characters. • A password must have a maximum of 12 characters. • A password must contain letters, numbers, and special characters other than $. Practices-Employee • Create a password. The UserID should be an EmployeeID already generated by HR. • Send a request to create the account to the Information Technology (IT) department. • User receives a temporary password. • Users must change their temporary password the first time they log in. Example 2: Security Policy and Standards
  • 28.
    Password Policy: Passwordsare an important part of computer security at your organization. They often serve as the first line of defense in preventing unauthorized access to the organization’s computers and data. In order to define the password policy, it is important to identify the standards. 1. Multi-factor authentication 2. Password strength standard 3. Password security standards; how to keep the password secure Tips and Points to Consider When Identifying Risks or Security Vulnerabilities • Flaws in operating systems due to constant attack by malware • Denial of services attacks • Employees data theft • User set a weak password or password that is easy to guess, such as a birthday or child’s name. • User leaves sensitive data on an unlocked, unattended computer
  • 29.
    • Organization allowssensitive data on a laptop that leaves the building • Data can be accessed remotely without using proper security CIS333 – Networking Security Fundamentals © 2017 Strayer University. All Rights Reserved. This document contains Strayer University Confidential and Proprietary information and may not be copied, further distributed, or otherwise disclosed in whole or in part, without the expressed written permission of Strayer University. Page 6 of 6 Memo Outline Network Security Associates of Atlantis, Inc. 123 Watery Lane Atlantis, USVI 91199 From: IT Security Dept. Re: Security Policy Date:
  • 30.
    Section 1: GeneralPolicies and Motivation Section 2: Passwords Section 3: Biometrics Section 4: Tokens Section 5: Physical Security Section 6: Email Policies Section 7: Breach Reporting Responsibilities Section 8: Mobile Policy and BYOD (Bring Your Own Device)