The project is to prepare a company Security Policy Document for an untrue company called Global Distribution, Inc. (GDI). A Security Policy Document is a completely necessary item for any organization that is subjected to a security audit. Lack of such a document will result in an automatic failed audit. A Security Policy Document in an organization offers a high-level report of the various security controls the organization will use to protect its information and assets. A characteristic Security Policy Document contains a large set of specific policies and can run several hundred pages. Though, for this project, you will prepare a concise document with a maximum of 20 specific policies for GDI Company. Thus, you should carefully consider and choose only the most significant policies from hundreds of probable specific policies. A brief description of the GDI Company is given below.
These are only recommendations on the general approach you may take for this project.
1. Determine the most significant assets of company, which should be protected
2. Determine general security architecture for company
3. Determine real-time security measures which should be put in place
4. Determine the monitoring and preventative measures which should be put in place
5. Create a list of 15 to 20 specific policies which could be applied along with details and rationale for each policy
6. Integrate and prepare up final version of Security Policy Document for submittal
The GDI company explanation is deliberately concise. In all real life projects, you typically add intricacy as you become smarter as you go along. State the assumptions/rationale you make to justify the selection of the specific security policies you select. Attach the assumptions/rationale to each specific security policy.