Security Management Policy
Create a layered IT management policy defining separation of duties.
Assignment
In this assignment, you are to create a security management policy that addresses the management and the separation of duties throughout the seven domains of a typical IT infrastructure. You are to define what the information systems security responsibility is for each of the seven domains of a typical IT infrastructure. From this definition, you must incorporate a definition for the separation of duties into the Procedures section of the policy definition template that you will fill out later in this step. The company that’s the subject of this case study is Four Fifths Bank:
· Four Fifths Bank is a regional Bank that has multiple branches and locations throughout the area.
· Bank Management made the strategic decision to focus on online banking and use of the Internet.
· The bank prides itself on its customer service department and their ability to quickly answer customer questions.
· The organization needs to be in compliance with the Gramm-Leach-Bliley Act (GLBA) and IT best practices regarding its employees.
· The organization wants to monitor and control use of the Internet by implementing web content filtering.
· The organization wants to eliminate personal use of organization-owned IT assets and systems. However, they allow BYOD to attach to their guest wireless network.
· The organization wants to monitor and control use of the e-mail system by implementing e-mail security controls.
· The bank wants to implement this policy for all the IT assets it owns and to incorporate a policy review process into its annual awareness training.
· The organization wants to define a policy framework, including a security management policy defining the separation of duties for information systems.
Using the templates in your Security Policy text (pp.160-165), create the IT policy, standard, guideline, and procedure for Four Fifths Bank regarding the use of personal devices (cell phones, tablets, home computers, etc.). All of these may be contained in a single document, but each one should start on a new page.
Textbook : Security Policies and Implementation Issues, 2nd edition, By Robert Johnson & Mark Merkow, ©2014, Jones & Bartlett Learning,
Answer PreviewInformation technology has become part of our everyday activities and this has been witnessed throughout all the industries. It is what many people use to carry out their day to day activities so as to accomplish their tasks…