effective Information Technology Security Policy Framework is critical in the
development of a comprehensive security program. Additionally, there are many
security frameworks that organizations commonly reference when developing their
security programs. Review the security frameworks provided by NIST (SP 800-53),
ISO / IEC 27000 series, and COBIT. Assume that you have been hired as a
consultant by a medium-sized insurance organization and have been asked to
draft an IT Security Policy Framework.
You may create and /
or assume all necessary assumptions needed for the completion of this
Write a three (3) page paper in which you:
Select a security
framework, describe the framework selected, and design an IT Security Policy
Framework for the organization.
importance of and method of establishing compliance of IT security controls
with U.S. laws and regulations, and how organizations can align their policies
and controls with the applicable regulations.
Analyze the business
challenges within each of the seven (7) domains in developing an effective IT
Security Policy Framework.
Describe your IT
Security Policy Framework implementation issues and challenges and provide
recommendations for overcoming these implementation issues and challenges.
Use at least three (3)
quality resources in this assignment. Note: Wikipedia and similar Websites do
not qualify as quality resources.
Your assignment must follow these formatting
Be typed, double
spaced, using Times New Roman font (size 12), with one-inch margins on all
sides; citations and references must follow APA or school-specific format.
Check with your professor for any additional instructions.
Include a cover page
containing the title of the assignment, the student’s name, the professor’s
name, the course title, and the date. The cover page and the reference page are
not included in the required assignment page length.
The specific course learning outcomes
associated with this assignment are:
Identify the role of
an information systems security (ISS) policy framework in overcoming business
Design a security
Use technology and
information resources to research issues in security strategy and policy
Write clearly and concisely about Information
Systems Security Policy topics using proper writing mechanics and technical