Application-creating a security policy

Assignment Help Business Management
Reference no: EM131213583

Application: Creating a Security Policy

You have just purchased a used car at a fantastic price. You are so excited that you decide to take an extended drive. Unfortunately, you experience a flat tire and discover that you do not have a spare. Now, your vehicle is disabled because you are missing a critical component. You are in a potentially bad situation.

One aspect of security policies that is often neglected is what assets staff members are permitted to use and how they may use those assets. Failure to address staff members in security policies might weaken an organization's legal position. An incomplete security policy, like a missing spare tire, may not be realized until an incident has occurred. Consequently, the organization could find itself in a potentially bad situation.


The U.S. Army has hired your firm, Token Tiger Consulting (TTC), to provide IT services to one of their new civilian contractors. Although the exact nature of this contractor is not known to TTC, the Army has indicated that this contractor will be gathering and storing "sensitive" data, and communicating with the Army via the Internet and communications security (COMSEC) equipment. Furthermore, some contractor staff travel often and are required to use their own personal devices for work. 

The Colonel that hired TTC has asked you to begin drafting a security policy for the contractor. You decide to begin with the separation of duties (SoD), staff legal obligations (e.g., bring your own device [BYOD], social media, and acceptable use), and the COMSEC equipment.

For this Assignment, write a 4- to 5-page security policy that:

  • Specifies SoD requirements for contractor staff who handle sensitive data
  • Addresses the legal obligations that pertain to contractor staff
  • Specifies  procedures for COMSEC equipment 

Required ResourcesReadings

  • Coleman, K. (2008). Separation of duties and IT security. Retrieved from
    This article details separation of duties (SoD) as a key concept of internal controls, and describes strategies for successful achievement.
  • Gregg, J., Nam, M., Northcutt, S., & Pokladnik, M. (2012). Separation of duties in information technology. Retrieved from
    This article discusses the necessity for classic security methods to manage conflict of interest, the appearance of conflict of interest, and fraud.
  • Goodwin, J. (2011). Mobile devices spawn new B.Y.O.D. security policies. Retrieved from
    This article discusses the growing interest in B.Y.O.D. (Bring Your Own Device) and a variety of technical issues related to the security of the devices within the IT network system.
  • Kim, K. (n.d.). Organizational level (O-Level) production divisions fundamentals. Retrieved from
    • Section .6, "Discuss the Security/Accountability Procedures for COMSEC Equipment [Ref. E]" (pp. 6-7)
      This section describes procedures for COMSEC equipment.
  • Simek, J. W., & Nelson, S. D. (2012). Essential law firm technologies and plans. Law Practice, 38(2). Retrieved from

Reference no: EM131213583

Substantive and demonstrated advanced understanding concepts

Based on your analysis of the scenario, the module readings, online library resources, and the Internet, develop a scenario, including dialogue, for the conversation between

Drug utilize is information that is rightfully private

Drug utilize is information that is rightfully private and only in exceptional cases can an employer claim a right to know about such use. Guard or oppose this statement.

Work ethic cases

Your supplier in Latin America sends you two airline tickets as a token of appreciation for doing business with them. Your company does not allow employees to accept gifts o

What are specific people risks for a manufacturing company

What are specific people risks for a manufacturing company? What are specific financial risks for a manufacturing company? What are specific operational risks for a manufactur

Employee management and business ethics

How is "just cause" and "due process' relevant to employee management and business ethics? Demonstrate your knowledge of these legal terms and justify your answer.  -Busines

Why diversity is important to an organizations success

Investigate two to three reasons why diversity is important to an organization's success. Speculate on the major potential ramifications to an organization if said organizat

Healthcare mergers and acquisitions

Explain in detail the limits that the Stark Amendment applies to doctors in healthcare mergers and acquisitions involving their medical practice. List the possible legal act

How can a company like ca resist such pressure?

In her Seven Signs of Ethical Collapse that were discussed in Chapter 3 Marianne Jennings listed pressure to maintain the numbers as the number one sign How can a company li


Write a Review

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd