Information Security Policy

Home » Downloads » Information Security Policy

Information Security Policy

Case Study 1: COBIT Framework.
Control Objectives for Information and related Technology (COBIT) is an IT control framework that allows IT management to develop clear policies and apply good practices. COBIT is a business-focused, process-oriented, controls-based, and measurement-driven structure that helps align IT with the business requirements. Imagine your organization was recently assessed by a third party and the results are addressed in the article titled “ Social Engineering, the USB Way” located at http://www.darkreading.com/security/article/208803634/index.html. In an attempt to mitigate future risks identified in the assessment, complete the following requirements:

Write a three (4) page paper in which you:

this section is three pages
  1. Develop an IT security policy statement for your organization that addresses the following:
    1. social engineering
    2. malware
    3. the use of external storage devices on organizational equipment
    4. the education and training of users
  2. Explain and defend your proposed security policy statement.
  3. Suggest three (3) automated and / or physical controls to be incorporated into the IT infrastructure that support your proposed security policy statement.
  4. Analyze how the implemented controls would be monitored and evaluated for the purpose of effectiveness.

next section needs to be one page

  1. Define social engineering, malware, and removable storage devices.
  2. Identify the potential risks of social engineering, malware, and removable storage devices.
  3. Describe how the organization intends to combat the potential risks of social engineering, malware, and removable storage devices.

 

the work needs 4 references in apa

use subtitles to clearly show the sections
APA formatting
………….Answer Preview……………

Information Security Policy

Information security policy refers to a set of policies that an organization uses to ensure that the users of information technology operate within the defined organization domain and at the same time ensure that organizational networks comply with guidelines and rules that govern the security of stored data (Skoudis & Zeltser, 2004). This analysis discusses an IT security policy for an organization focusing on major areas such as social engineering, external storage devices, and user training and education. The analysis includes arguments…………………

APA
1,428 Words
× Lets chat on whatsapp?