27 Mar IT 253 Module Three Activity Guidelines and Rubric
IT 253 Module Three Activity Guidelines and Rubric
Overview
In this module, you explored policies and practices used by organizations to protect information. There are a variety of policies that are intended to improve the security posture of an organization. These policies include but are not limited to: acceptable use policies, privacy policies, authorized access policies, change and configuration management policies, human resource policies, codes of ethics, organizational security policies, password policies, user education and awareness policies, and user management policies, among many others. Many of the aforementioned policies live within an organization’s overarching information security policy, although they can stand alone, depending on the size of the organization. The size of the organization can also affect the ways in which roles and responsibilities are determined. For example, a smaller organization could have an IT department of one, where a larger organization will have dedicated roles with distinct skill sets and responsibilities that no other role takes ownership of.
For the purposes of this activity, you will review a general information security policy of a government organization. Although information security policies can be lengthy, the policy you will be reviewing is considered brief. It is 13 pages long. Be mindful of the time it will take to not only read the policy but to review specific sections in order to address all of the activity questions.
For this week’s activity:
Read the information security policy and the resources provided in the Supporting Materials section.
Consider how laws and regulation influence organizational policies, and the various IT roles that might be included in an information security policy.
Respond to the provided activity questions.
Prompt
Most privately owned and publicly traded firms give their employees access only to security policies and private information. Security policies typically remain for internal use only due to the sensitive nature of their contents. However, many education entities, nonprofits, and government-affiliated institutions make these documents available to the public via their websites. Read the Information Security Policy of the United States Environmental Protection Agency (EPA) and respond to the provided activity questions. To access the policy in full for the purposes of this activity, click on the “Information Security Policy (PDF)” in the link just provided. The Supporting Materials section contains resources that will help you understand the elements of a good policy.
Supporting Materials
These resources will provide you with greater insight into what elements make up a good security policy and help you prepare for your response to the activity questions:
https://www.gartner.com/document/3452221?ref=d-linkShare
https://www.varonis.com/blog/how-to-create-a-good-security-policy
https://www.infosecinstitute.com/resources/management-compliance-auditing/key-elements-information-security-policy/
https://www.varonis.com/blog/fisma-compliance
