This assessment will assess the following Course learning outcomes:
CLO1 CLO2 CLO3 CLO4 CLO5 CLO6
Question No.
• The entire project/case study/poster is designed and developed by me (and my team members).
• The proper citation has been used when I (and my team members) used other sources.
• No part of this project has been designed, developed or written for me (and my team members) by a third party.
• I have a copy of this project in case the submitted copy is lost or damaged.
• None of the music/graphics/animation/video/images used in this project have violated the Copy Right/Patent/Intellectual Property rights of an individual,
company or an Institution.
• I have the written permission from people who are featuring in this project.
Student Signature: Date:
For Examiner’s Use Only
Question No. 1 2 3 4
Marks Allocated
Marks Obtained
Total Marks:
Project Overview
In this Project, each group of students is required to choose a company and understand the security requirements based on the nature of its business. They need to use
the collected information about the company to design a suitable Information Security Policy.
Each group needs to update teacher of what they have finished/are doing on a weekly basis. Members of each group need to use the following to come up with a good
Information Security policy report:
• Good communication skills: when they communicate with companies.
• Good research skills: when they search for suitable IS policies
• Good analytical skills: when they study the company and find out the most suitable ISSP policy
• Good writing skills: when they write the required sections in their report
The designed information security policy must demonstrate the students’ understanding of the chosen business and a comprehensive understanding of the components of
both the Enterprise Information Security Policy and the Issue-Specific Security Policy.
The created report should include five ISSPs that address 5 different issues.
General information about the Project
1. What should I include in the report:
Students are required to include the following sections:
1. Section 1: Introduction
2. Section 2: Overview of the chosen company
3. Section 3: Five different Issue-Specific Policies
4. Section 4: Conclusion
5. Section 5: References
2. What should I include in each one of these section?
Following is a summary of what students need to include in each section:
1. Section 1: Introduction
Students need to write general information about the project. This may include information about the team members, the way they collected information about the
company, which might be a pure research or a real company that has been visited and/or called. It can also include an overview of the sections in the report, and a
summary of what is covered in each section.
2. Section 2: Overview of the chosen company
In this section, Students need to provide an overview of the company. This may include: What is the nature of business? What is the number of employees? How many
branches or locations? How many computers? How many servers? Do they have a data center? If yes, where is it located in the building? How many locations are needed to
be Secure Facilities? How many people are working in the security team?
3. Section 3: Five different Issue-Specific Policies
In this section, Students need to compose a single comprehensive ISSP document covering only three issues from the list:
1. Email Security Policy
2. Laptop Security Policy
3. Wireless LAN Security Policy
4. Backup Security Policy
5. Physical Security Policy
Each of these policies must contain the following sections:
Statement of Policy The policy should begin with a clear statement of purpose; outline the scope and applicability of the policy. What does this policy address?
Authorized access and usage of equipment User access, fair and responsible use and protection of privacy
Prohibited usage of equipment Disruptive use or misuse, criminal use, offensive or harassing materials, copyrighted, licensed or other intellectual property.
Systems management Designate the appropriate responsibilities of the user and the systems administrator
Violations of Policy This section describes the penalties for violating policy.
Limitations of liability This section describes the steps the organization will take if an employee is caught conducting illegal activities with organizational
equipment or assets.
4. Section 4: Conclusion
Students can use this section to summarize the outcomes of their project and give some details on how applying these policies will help the company in general.
5. Section 5: References
Students are requested to list the URLs of all the websites they reviewed and used to be able to write their Information Security policies.
Before submitting your project, make sure that the following sections are completed:
Marking Scheme (Assessment Rubrics)
Name: Student ID:
Item Information Marks available Marks Awarded
Section 1: Project overview • General overview of the project
• Members of the team
• A List of the sections
• A brief about each one of the sections 2
Section 2: Company overview • What is the nature of business
• What is the number of employees
• How many branches or locations?
• How many computers? How many servers?
• Do they have a data center? If yes, where is it located?
• Location of the server rooms and wiring closets.
• How many locations are needed to be Secure Facilities?
• How many people are working in the security team? 3
Section 3: Five ISSPs • ISSP (Issue 1) 6
• ISSP (Issue 2) 6
• ISSP (Issue 3) 6
• ISSP (Issue 4) 6
• ISSP (Issue 5) 6
Section 4: Conclusion • Students can use this section to summarize the outcomes of their project and give some details on how applying these policies will help
the company in general. 4
Section 5: References • The URLs of all the websites that have been used to collect information about the company and the different types of policies 3
Total 42
Sample
1.1. Access Privileges
Statement of Policy
Access to information, Network systems, Operating systems and Applications should be controlled on the need-to-know basis and dual-validation principle
(initiate/authorize). Users accessing the system should be uniquely identified to preserve accountability.
Purpose
To control access to information and resources, and to adhere to business and security requirements.
Procedures
• Upon appointment the new employee shall be granted access to the network, operating systems and relevant application according to his/her job description.
• HR manager shall fill the “Granting access Form” shown in Appendix C and highlighted in section xxx.
• The IT coordinator should communicate the request to the IT third party provider who should implement the access.
• The IT third party provider shall grant the user a unique and identifiable name.
• Upon termination the same procedures highlighted in section xxx should be followed.
• The IT coordinator shall review the access privileges at least once a year or upon urgent need
Violations
Employees who violated the policy will be investigated. If found violated the policy then the general HR policies of the organization is applied and may include
demotion and up to termination from organization. Also civil and criminals lasts of the country may apply.
FOR YOUR ASSIGNMENTS TO BE DONE AT A CHEAPER PRICE PLACE THIS ORDER OR A SIMILAR ORDER WITH US NOW