Security Policy Document Project
The purpose of this two-part project is to familiarize the student with the security policy documentation. By completing the two documents, the student will gain practical knowledge of the security policy documentation process. The project will enable the student to see and understand the required standards in practice, as well as the details that should be covered within the security policy documentation.
Project Deliverable #1 (Due Week 3)
Using the GDI Case Study below, complete the Security Policy Document Outline.
Provide a one or two-page Security Policy Document Outline. The Outline should cover all aspects of the security policy document and convey the accurate and appropriate information for the stakeholders to make the appropriate decision.
Ungraded but instructor will provide feedback to make sure students are on-track.This outline can become major part of the “Executive Summary” of the final deliverable.
Project Deliverable #2 (Due Week 7)
Using the GDI Case Study, complete the Security Policy Document.
Provide a seven- to ten-page analysis summarizing the security policy to the executive management team of GDI. The summary should effectively describe the security policy in a manner that will allow the Senior Management to understand the organizational security requirements and make the appropriate decisions to enforce.
Using the GDI Case Study, create the security policy document.
The security policy document must be 7 to 10 pages long, conforming to APA standards. See “Writing Guideline” in WebTycho where you’ll find help on writing for research projects.
At least three authoritative, outside references are required (anonymous authors or web pages are not acceptable). These should be listed on the last page titled “References.”
Appropriate citations are required. See the syllabus regarding plagiarism policies.
This will be graded on quality of research topic, quality of paper information, use of citations, grammar and sentence structure, and creativity.
The paper is due during Week 7 of this course.
For those that are not familiar with the term, this project is called an Authentic Assessment Project.These projects are designed to reflect “real life” activities and will require you to perform considerable self-directed study.Like real life problems, you will not find all the answers you need in the textbook.You will, however, have the help of your instructor to resolve issues you may encounter.
The project is to write a company Security Policy Document for a fictitious company called Global Distribution, Inc. (GDI). A Security Policy Document is an absolutely essential item for any organization that is subjected to a security audit. Lack of such a document will result in an automatic failed audit.A Security Policy Document within an organization provides a high-level description of the various security controls the organization will use to protect its information and assets.A typical Security Policy Document contains a large set of specific policies and can run several hundred pages.However, for this project, you will write a brief document with a maximum of 12 specific policies for the GDI Company.Therefore, you must carefully consider and select only the most important policies from hundreds of possible specific policies.A brief description of the GDI Company is given below.
You will work individually on this project for a total of 25% of your grading for the course. You may collaborate with your classmates to share ideas and activities in preparation of the final project deliverable. However, you will be graded for your individual effort and deliverables, and you will submit the project in your individual project assignment folders. You will treat this project deliverable as if you would deliver it to your own customer or client who will be paying you for the deliverables.
Global Distribution, Inc. (GDI)
Global Distribution, Inc. (GDI) is a distribution company that manages thousands of accounts across Canada, the United States, and Mexico.A public company traded on the NYSE, GDI specializes in supply chain management and in coordinating the warehousing, staging, distribution, transportation, and wholesaler/VAR relationship for their customers.
GDI employs over 3,200 employees and has been experiencing consistent growth keeping pace with S&P averages (approximately 8%) for nearly six years. A well-honed management strategy built on scaling operational performance through automation and technological innovation has propelled the company into the big leagues; GDI was only recently profiled in Fortune Magazine.
The executive management team of GDI:
BACKGROUND AND YOUR ROLE
You are the Computer Security Program Manager (CSPM) educated, trained, and hired to protect the physical and operational security of GDI’s corporate information system.
You were hired by COO Don Jacobson and currently report to the COO. You are responsible for a $7.25m annual budget, a staff of 17, and a sprawling and expansive data center located on the 9th floor of the corporate tower.This position is the pinnacle of your career – you are counting on your performance here to pave the way into a more strategic leadership position in IT, filling a vacancy that you feel is so significantly lacking from the executive team.
There is actually a reason for this.CEO Jamie Pierce believes that the IT problem is a known quantity – that is, she feels the IT function can be nearly entirely outsourced at fractions of the cost associated with creating and maintaining an established internal IT department; the CEO’s strategy has been to prevent IT from becoming a core competency since so many services can be obtained from 3rd parties.Since the CEO has taken the reigns two years ago, the CEO has made significant headway in cutting your department’s budget by 30% and reducing half of your staff through outsourcing.This has been a political fight for you: maintaining and reinforcing the relevance of an internal IT department is a constant struggle.COO Jacobson’s act of hiring you was, in fact, an act of desperation: the increasing operational dependence on technology combined with a diminishing IT footprint gravely concerned Jacobson, and he begged to at least bring in a manager to whom these obligations could be delegated to.Jacobson’s worst nightmare is a situation where the Confidentiality, Integrity, and Availability of the information system was compromised – bringing the company to its knees – then having to rely on vendors to pull him out of the mess.
There’s no question that the company’s CEO sees the strategic importance of technology in executing her business plan, and in this way you share a common basis of principle with her: that IT is a competitive differentiator.However, you believe that diminishing internal IT services risks security and strategic capability, whereas the CEO feels she can acquire that capability immediately and on the cheap through the open market.You’re told that CEO Pierce reluctantly agreed to your position if only to pacify COO Jacobson’s concerns.