Your group is working for a global organization that handles highly classified intellectual property. Your team has been tasked with developing a series of important network security policies that will provide direction and guidance to the organization on important information security issues.
Each group member will choose an element(s) of the policy to research and design. The group will collaborate on what the overall design and outline should look like and include components from end-user behavior, a training plan, file and folder access, social engineering safeguards, bring-your-own-device policies, use of external drives on company assets, security hardware, penetration testing, and affiliation of the information security department with law enforcement agencies. Students may either interview someone in the local FBI field office or research the FBI and DHS Web sites related to information-sharing programs that the government offers; this could be advantageous to the organization’s information security program.
- Assign group members to the sections below, research the various components, and create an appropriate policy.
- The final deliverable should be organized in this format.
- Cover page with the group name, date, a listing of all group members, and sections of the Policy they contributed. (If no contribution is received, please list their name and “no contribution.”
- Section 1: End-user behavior -Acceptable Use Policy
- Section 2: A training plan,- Policy on employee security training
- Section 3: File and folder access -Policy on how access and authorization controls
- Section 4: Social engineering safeguards, Policy on technical controls, and end-user training to prevent multiple forms of social engineering to include phishing, spearfishing, whaling-based email attacks, phone call attacks, physical security attacks, and USB devices left in the parking lot attacks.
- Section 5: Bring-your-own-device policies,
- Section 6: Use of external drives on company assets,
- Section 7: Security hardware, penetration testing, Define your Policy for what security hardware will be purchased, how it will be configured, and how often penetration test and vulnerability assessments will be completed
- Section 8: Affiliation of the information security department with law enforcement agencies. This Policy will explain the importance of working with federal law enforcement authorities in information sharing and incident response of breaches.
- References: Citations for all your work in APA version 7 format
Special note: Your team’s network security policy should look exactly like this and be organized in this manner. Please do not add or remove sections. Please do not submit policy sections individually, as they must all be included within the single group policy.
