Project 4: Security Policies
Information security policies provide a framework for how an organization
protects its assets and is a safeguard that the organization employs to
reduce risk. Students examine why an organization develops information
security policies and the differences between policies, standards, guidelines,
and procedures. They will then create information security policies to
mitigate existing vulnerabilities exposed by a third-party audit.
Courses for Implementation:
Key Terms/Major Topics:
- Key terms: Policies, Security Policies
- Technical skills: Analyze current security
vulnerabilities; identify and construct a series of security policies to
address each vulnerability identified.
- Employability skills:
- Teamwork. Work constructively and respectfully in teams to research and prioritize vulnerabilities and construct security policies designed to mitigate identified vulnerabilities.
- Problem solving. Prioritize a list of security vulnerabilities and identify countermeasures in the form of security policies and operational procedures, and proceed to develop and plan for implementing the recommended policies.
- Written communications.
Communicate in writing the relevance and implementation of specific security
policies and procedures, and a plan for implementation and dissemination.
- Verbal Communications (optional).
Demonstrate effective verbal communication skills to present and refine one's recommended
policy to ACME Managers.
Estimated Time Required: 2 hours