Cybersecurity

Return to the Cybersecurity Project List

Project 4: Security Policies

Project Overview

Purpose:
Information security policies provide a framework for how an organization protects its assets and is a safeguard that the organization employs to reduce risk. Students examine why an organization develops information security policies and the differences between policies, standards, guidelines, and procedures. They will then create information security policies to mitigate existing vulnerabilities exposed by a third-party audit.

Courses for Implementation:

Security+

Key Terms/Major Topics:

Key terms: Policies, Security Policies
Technical skills: Analyze current security vulnerabilities; identify and construct a series of security policies to address each vulnerability identified.
Employability skills:
1. Teamwork. Work constructively and respectfully in teams to research and prioritize vulnerabilities and construct security policies designed to mitigate identified vulnerabilities.
2. Problem solving. Prioritize a list of security vulnerabilities and identify countermeasures in the form of security policies and operational procedures, and proceed to develop and plan for implementing the recommended policies.
3. Written communications. Communicate in writing the relevance and implementation of specific security policies and procedures, and a plan for implementation and dissemination.
4. Verbal Communications (optional). Demonstrate effective verbal communication skills to present and refine one's recommended policy to ACME Managers.

Equipment/Materials:

Internet access to:
1. SANS Security Policy Project
  https://www.sans.org/security-resources/policies/
2. Information Security Policy (video)
  https://youtu.be/ZlKgMUOpMf8
3. Top Computer Security Vulnerabilities
  https://www.solarwindsmsp.com/content/computer-security-vulnerabilities
4. Information Security Policy – A Development Guide for Large and Small Companies (pdf)
  https://www.sans.org/reading-room/whitepapers/policyissues/information-security-policy-development-guide-large-small-companies-1331
5. Technical Writing for IT Security Policies in Five Easy Steps
  https://www.sans.org/reading-room/whitepapers/policyissues/technical-writing-security-policies-easy-steps-492
Handouts:
1. Student Security Policies

Estimated Time Required: 2 hours