Security Strategy

Creating and Communicating a Security Strategy First Draft Due Week 4 Final Due Week 6, worth 80 points

As an IT professional, you’ll often be required to communicate policies, standards, and practices in the workplace. For this assignment, you’ll practice this important task by taking on the role of an IT professional charged with creating a memo to communicate your company’s new security strategy.

The specific course learning outcomes associated with this assignment are: • Analyze the importance of network architecture to security operations. • Apply information security standards to real-world implementation. • Communicate how problem-solving concepts are applied in a business environment. • Use information resources to research issues in information systems security. • Write clearly about network security topics using proper writing mechanics and business formats.

Preparation

1. Review the essential elements of a security strategy

A successful IT administration strategy requires the continuous enforcement of policies, standards, and practices (procedures) within the organization. Review these elements to see how they compare:

Policy The general statements that direct the organization’s internal and external communication and goals.

Standards Describe the requirements of a given activity related to the policy. They are more detailed and specific than policies. In effect, standards are rules that evaluate the quality of the activity. For example, standards define the structure of the password and the numbers, letters, and special characters that must be used in order to create a password.

Practices The written instructions that describe a series of steps to be followed during the performance of a given activity. Practices must support and enhance the work environment. Also referred to as procedures.