This week’s topic, information security policies, is perhaps the most important topic that a Business major can take from this course. This is the governance layer that lays the bedrock for your organization’s security posture. Sure, the technical folks are responsible for executing that policy but this is where the leaders of a business get together, reach an agreement, at times do a sanity check on what is enforceable in the organization, and draft the rules that will make sure the organization is secure. This is not an exercise in putting down whatever “sounds” good in order to check the box and claim that your organization has policies. It takes a realistic perspective and evaluation on what is needed, what is possible, and what is enforceable. It is typically better to a have a weak policy that is enforced than to have a strong policy that is ignored. The resources provided include three articles on approaches to drafting and information security policy. Among the steps is to select a framework or set of standards. These could include “best practice” frameworks such as ISO 27001, NIST SP 800 Series, COBIT, ITIL, or similar guidelines. Depending on the industry, this will likely also include “compliance” standards such as PCI-DSS, HIPAA/HITECH, SOX, FISMA, GLBA, or other legal and regulatory obligations. The resources provided include the NIST Cybersecurity Framework as an example of best practice frameworks and the PCI-DSS compliance standards for those who process credit cards. Both of these will include specific elements or policies that should be included in your overall policy set. Additionally, I have included links to the Greater Houston Partnership’s Cybersecurity Assessment Tool, the FCC’s CyberPlanner Tool, and the Traveler’s Insurance Cyber Risk Pressure Test. These tools can help you evaluate your organization’s current posture. Such evaluations can help to flesh out the organization’s policies much like the best practice standards. Additionally, from a learning standpoint, they are a bit easier to go through than something like the full PCI-DSS standard. Last, but definitely not least, I have included a link to the SANS security policy template library. When it comes to actually drafting policies. These or similar “out-of-the-box” policy templates can provide a good start and help to understand the level of detail needed. Remember that details are important, but it should not be so complicated that it must be updated constantly or that it becomes unmanageable. This includes considering how much time you have available for dealing with policy issues. This is a lot of information. My primary concern this week is that you take the time to review the resources. It would be impractical to have you draft a policy or try to regurgitate all of what you see here. Read the articles, skim the frameworks and standards, tinker with some of the assessment/planning tools. For your web project, I’d like you to pick three things that stood out to you. This could relate to the process of drafting the policies, the contents of the frameworks or standards, the usefulness of the assessment/planning tools, the format/contents/level of detail in the policy templates, etc. Just choose any three things you learned and share your thoughts about them in 300-400 words. This is an informal assignment. Citations are not necessary unless you are quoting, but may be useful to indicate what you are referencing.
Papers are written from scratch We have molded our writers to develop content for all assignments from scratch. This way, we promote originality and reduce cases of plagiarism that might affect your grades and hinder you from realizing your academic goals. We encourage our clients to indicate the deliverables that should be featured in the final paper. Our online help services allow one to make a clarification and even interact with the writer directly to help them understand the needs of the assignment. Many of our writers are professional tutors who understand the approaches that should be used to fulfill the specified instructions. Every time a client places an order on our system, we link them with the most qualified writer in the subject of interest.
YUnlike other writing companies, we encourage clients to draw back their money at any stage of the writing process if they experience any uncertainties with the quality of generated content. However, you will hardly have to make this decision because of our business approach that suits your needs.
We have an advanced plagiarism-detection system that flags any work that fails to meet the required academic expectations. Our company thrives in honesty, and as such, you will be guaranteed to achieve a paper that meets your expectations.
We encourage our clients to return papers for revision seven days after the last submission for free. Depending on the proposed changes, we will work on your article to achieve the desired expectations.
We uphold confidentiality and privacy through our interactions with clients, an aspect that has enhanced our relationship with prospective customers seeking for assignment help. We do not disclose your information with third-parties
We boast of a diverse pool of ENL and ESL professionals who respond with a personal touch to the needs of every client. Our focus is to become the best platform that offers specialized services to individuals to accomplish their academic goals.