Using your enterprise security plan proposal as a guide, now write the enterprise security policy for the organization you have chosen.
An enterprise security policy provides the framework for the deployment of security technology within the enterprise. You are the security officer in this scenario and it is up to you to align business and corporate objectives with security requirements in the development of the security policy. Part of what the security officer’s job is to identify the parts of the network and the systems that are trusted and don’t require security services.
The security officer identifies all security requirements for an enterprise. As the security officer, write a document that outlines the enterprise security policy for the company including:
- Introduction
- Risk management and security principles
- Security-related organizational roles and responsibilities
- Planning processes and risk assessment
- Information classification
- Encryption
- Non-employee personnel and security
- Application communications
- Viruses and malicious code
- Physical security
- Incident reporting and response
It should be a 3 page paper (a minimum of two pages of content) to propose an enterprise-wide security policy for the organization that you have chosen. This policy should be addressed to all employees in the company to inform them on both guidelines and guidance for how security is addressed at the company. Again, professional speech should be used in the creation of the policy as it should be formal in nature.
A link for how to develop an enterprise computer policy:
Utah Department of Administrative Services policy for an example:
https://dts.utah.gov/policies/enterprise-information-security-policy/
