Security Policy Proposal

Critical Thinking: Security Policy Proposal for an Organization
Preparation: Choose organization that uses IT in its product, services, activities, and/or operations.
Assignment: Prepare a well-written security policy proposal, Make sure that your proposal includes the basic elements of a good security policy including:
1. Introduction describing your organization and describing its mission, products/services, technical resources, and technical strategy
2. Analysis of the organization’s relationships to its clients/customers, staff, management, and owners or other stakeholders
3. A vulnerability assessment
4. Your recommendation, including:
a. Security Policy Proposal remedial measures (as appropriate to the situation; these might include firewall/gateway provisions, authentication and authorization, encryption systems, intrusion detection, virus detection, incident reporting, education/training, etc.
b. Security Policy Proposal code of ethics or code of practice to be applied within the organization
c. Legal/compliance requirements and description of how they will be met
d. Security Policy Proposal statement/summary

Sample

Information Security Policy Proposal

Executive Summary

A sturdy security position is maintained through the application of data ownership responsibilities, security controls and maintenance of the security infrastructure. This policy document articulates the requirements, which assist the administration in defining a security framework that creates a secure environment. The framework herein offers the overarching structure for protecting Information Technology (IT) Resources, attaining confidentiality, integrity and data/IT resource availability used to manage the services offered by the UC agencies, stakeholders and business partners.

This top-tier information security policy is an essential component of XYZ, Inc.’s overall information security management framework. It should therefore be considered along with more comprehensive security documentations such as, security guidance, system level security policies, procedures or protocols. XYZ, Inc. is a non-profit research organization essentially funded by long-standing support from European governments, such as Italy, Switzerland, and Germany, alongside other donors like ARPA and NSF. The research firm is intimately affiliated with the Computer Science and Electrical Engineering Departments of the University of California at Berkeley, and is situated off the central UC college grounds in downtown Berkeley.