Assignment 1: IT Security Policy Framework Due Week 4 and worth 100 points Estab
ID: 3663791 • Letter: A
Question
Assignment 1: IT Security Policy Framework Due Week 4 and worth 100 points Establishing an effective Information Technology Security Policy Framework is critical in the development of a comprehensive security program. Additionally, there are many security frameworks that organizations commonly reference when developing their security programs. Review the security frameworks provided by NIST (SP 800-53), ISO / IEC 27000 series, and COBIT. Assume that you have been hired as a consultant by a medium-sized insurance organization and have been asked to draft an IT Security Policy Framework. You may create and / or assume all necessary assumptions needed for the completion of this assignment. Write a three to five (3-5) page paper in which you: Select a security framework, describe the framework selected, and design an IT Security Policy Framework for the organization. Describe the importance of and method of establishing compliance of IT security controls with U.S. laws and regulations, and how organizations can align their policies and controls with the applicable regulations. Analyze the business challenges within each of the seven (7) domains in developing an effective IT Security Policy Framework. Describe your IT Security Policy Framework implementation issues and challenges and provide recommendations for overcoming these implementation issues and challenges.
Explanation / Answer
Business Challenges within each of the Seven Domains .The security challenges within each of the seven domains in developing an effective IT security policy framework is as follows:
The challenge here is to make sure that you have well defined policies that reflect the organization’s “reasonable expectation
Another challenge is to have processes that can run repeatedly and consistently to ensure high quality products and services
2. Work station Domain. The challenge here is making sure that you are aware of the basic controls expected by regulators and also to install the necessary security, i.e., antivirus software without disrupting the businesses day to day operations
3.LAN Domain. The challenge here is defining and enforcing what is acceptable use over the LAN. LAN resources are not unlimited, but they are finite and this has to be regulated, but at the same time giving the customer or employee the necessary bandwidth to operate
4. LAN-to-WAN Domain. The major concern here is the protection of the Web sits servers. Making sure that the Web site is available and credible and the customers are being fed and seeing the correct information
5. WAN Domain. The major concern here is making sure the WAN is cost effective, reliable, and fast
6. Remote Access Domain. The point of contention here is with flexibility
Employees need to be able to connect to the company’s network wherever there is an Internet connection
7. System /Application Domain. When it comes to data collection, storage, and processing this domain has two areas of critical concern. These areas are: Is the information safe? Can confidential information be prevented from leaving the organization?
IT Security Policy Framework implementation Issues
A successful security policy implementation is contingent on people understanding key concepts and accepting the material. One also needs to be skilled in persuading people in the workplace the importance of these policies and how important these policies will be in the overall success of the organization. The leading issue here is motivation. Motivation which comprises of three elements (pride, self interest, and success) is essential to framework