Running head: INFORMATION SECURITY POLICY: NUTS AND BOLTS
Information Security Policy Nuts and Bolts Michael Johnson Kaplan University IT540 March 19, 2013 Dr. Bhanu Kapoor
INFORMATION SECURITY POLICY: NUTS AND BOLTS Abstract This paper is divided into two parts. The first part examines the steps to create a security policy
for a mid-size company that uses networks to support business functions. This analysis includes a list of important assets, threats to the organization, the networks role in the business, and corporate culture. Part two is an assessment of an existing security policy for a fictitious company named Acme. This analysis tries to determine the missing, inaccurate, incomplete, or ill advised aspects of the security policy.
INFORMATION SECURITY POLICY: NUTS AND BOLTS Information Security Policy Nuts and Bolts Part one of this study begins with a general description of the business, followed by identifying 10 areas that require protection, and culminating in a partial policy based on threats to the ten areas identified. Understanding the business and how the network supports the
business function is an important first step in the process for developing a security policy. Some consideration is also given to the industry practices, government regulatory requirements, corporate security strategy, and methods of conducting business. No examination is complete without a review of threats in this context. This paper is not intended to provide an exhaustive security policy, but it will cover methods for protecting 10 specific areas threatened by cyberattacks. Company Background The company under analysis is the research and development (R & D) division of one of the largest information and communications technology (ICT) manufacturers in the world. Seven hundred people work at this site qualifying them as a mid-sized company. Furthermore, this division operates within United States borders, a country different from the parent...