590a4
Please grammar and spell check
Answer all Seven (7) questions.
· Submission Requirements
ü All sentences must be grammatically correct, and free from spelling errors.
ü Your answer for questions 1 to 6 should not exceed 250 words.
ü Your answer for question 7 should not exceed 500 words.
ü Submit a Single Microsoft Word Document.
ü Font: Times New Roman, Size 12, Double-Space.
ü Cite all references used in APA format.
1. For each of the seven domains of a typical IT infrastructure, describe a policy you would write and implement for each domain.
2. How does separation of duties throughout an IT infrastructure mitigate risk for an organization?
3. When using a layered security approach to system administration, who would have the highest access privileges?
4. Why do you only want to refer to technical standards in a policy definition document?
5. Explain why the seven domains of a typical IT infrastructure help organizations align to separation of duties.
6. Why is it important for an organization to have a policy definition for business continuity and disaster recovery?
7. Create a security management policy that addresses the management and the separation of duties throughout the seven domains of a typical IT infrastructure. You are to define what the information systems security responsibility is for each of the seven domains of a typical IT infrastructure. From this definition, you must incorporate a definition for the separation of duties into the Procedures section of the policy definition template that you will fill out later in this step.
The scenario you are to work with is for the mock Lone Star Credit Union/Bank:
The organization is a regional Lone Star Credit Union/Bank that has multiple branches and locations throughout the region.
Online banking and use of the Internet are the banks strengths, given its limited human resources.
The customer service department is the organizations most critical business function.
The organization wants to be in compliance with the Gramm-Leach-Bliley Act (GLBA) and IT security best practices regarding its employees.
The organization wants to monitor and control use of the Internet by implementing content filtering.
The organization wants to eliminate personal use of organization-owned IT assets and systems.
The organization wants to monitor and control use of the e-mail system by implementing e-mail security controls.
The organization wants to implement this policy for all the IT assets it owns and to incorporate this policy review into its annual security awareness training.
The organization wants to define a policy framework, including a security management policy defining the separation of duties for information systems security.
Using the following template, create a security management policy with defined separation of duties for the Lone Star Credit Union/Bank organization (this should not be longer than two pages):
Lone Star Credit Union
Policy Name
Policy Statement
{Insert policy verbiage here.}
Purpose/Objectives
{Insert the policys purpose as well as its objectives; include a bulleted list of the policy definitions.}
Scope
{Define whom this policy covers and its scope. Which of the seven domains of a typical
IT infrastructure are impacted? All seven must be included in the scope. What elements, IT assets, or organization-owned assets are within the scope of this policy? In this case, you are concerned about which IT assets and elements in each of the domains require information systems security management.}
Standards
{Does this policy point to any hardware, software, or configuration standards? If so, list them here and explain the relationship of this policy to these standards. You need to reference technical hardware, software, and configuration standards for IT assets throughout the seven domains of a typical IT infrastructure.}
Procedures
{Explain how you intend to implement this policy for the entire organization. This is the most important part of the policy definition because you must explain and define your separation of duties throughout the seven domains of a typical IT infrastructure. All seven domains must be listed in this section as well as who is responsible for ensuring CIA and security policy implementation within that domain.}
Guidelines
{Explain any roadblocks or implementation issues that you must overcome in this section and how you will surmount them per defined policy guidelines. Any disputes or gaps in the definition and separation of duties and responsibilities may need to be addressed in this section.}