Security Management Assignment Help
Security Management Assignment Help You were recently hired as a Chief Security Officer of the Faculty of Science and your first task is to draft an information security policy along the lines of ISO2700X:
- Compile an information security policy for the Faculty of Science following the outline below (Sections 1-7 and the Appendices outlined below).
This should result in a fictive information security policy of the Faculty of Science (and not in a list of explicit answers of the questions raised).
- As part of the information security you must describe your own role as Chief Security Officer of the Faculty of Science. If you think you need staff (Security Officers) yourself then describe their role in the information security policy.
- Introduction Describe what kind of ‘business processes’ take place in the Faculty of Science and how it is organized; use an organization chart. Make a difference between core departments and supporting departments.
- Management approval Describe the management layers within the Faculty of Science and make a choice who or what committee should approve the policy.
- Definition of information security Provide for a definition of information security (e.g. from ISO 27001) and relate that with the core processes of the Faculty of Science as described in the Introduction.
- Basic principles to follow What is important for the Faculty of Science from the perspective of information security?
- Objective and scope What is the scope of the policy (i.e. what falls under it). What are the minimal requirements to be met, explicitly mention the relevant laws that are applicable?
- Organization of information security – Describe all information security roles within the Faculty of Science, do not forget your own role of Chief Security officer (cf. subsection 6.5 below) the role of line management and those of the service departments (99assignmen thelp.com.ru.nl/science/about_the_faculty/service_departments). – Make sure that you have allocated responsibilities for all the plan, do, check and act phases! – Make sure that it described how this policy is periodically reviewed; specify how often. – Make sure you have allocated handling of information security incidents.
See the hinted subsections below.
6.2 Management Review
6.3 Implementation of the policy
6.4 Internal Audits
6.5 Operational Security Management
6.6 Information Security Awareness
- Approach Provide guidance to ensure: – that all information systems are inventoried (Plan) – that all information systems get an owner (Plan) – that risk assessments are conducted (Plan) – that additional controls are implemented (Do) – that information security is reviewed (Check) – that management review of information security is performed (Act)