Special offer for new customers: 5% OFF your first order! Use coupon: GWRITERSclose

M6A2: Lab: Recommending IT Security Policies to Help Mitigate Risk

introduction

The purpose of security policies is to help mitigate identified risks. Writing these policies is easier once you have created an asset inventory list, prioritized that list, and identified the major risk exposures found in those assets.

The task of identifying your IT assets begins with recognizing that your IT infrastructure and supporting resources can be divided into the seven IT domains. The benefit of identifying the assets and prioritizing them across those domains is being able to document policies in a systematic and thorough manner.

Required Resource:

Search the term Family Educational Rights and Privacy Act (FERPA) using your favorite search engine

Instructions:

In this lab, you will create a high-level IT asset inventory list, you will prioritize those assets, you will identify the risk exposures, and you will make recommendations for policies that can mitigate the risk exposures.

Security policies mitigate risks in a wide variety of environments. Some risks are unique to different environments, and some environments produce highly significant risks. To counter these special environments, such as a hospital, school, or financial institution, the government legislates special acts to provide guidance and countermeasures. This lab uses the environment of a school and the guidance of the Family Educational Rights and Privacy Act (FERPA).

Case Study: Premier Collegiate School

You are the new director for Information Technology at Premier Collegiate School. The private school teaches grade 7 through grade 12 with 300 students and 30 staff members and faculty. Each of the 10 administrative staff members has a dedicated desktop computer. The schools principal has a notebook computer that she takes home and when traveling to conduct both school business and personal tasks. She maintains a Facebook account and has opened a MySpace account to monitor the activities of the students who also have such accounts. The teachers have 10 computers that they share in the teachers lounge to record grades and do all work associated with conducting their assigned classes (daily lesson plans, research, handouts, tests, quizzes, and final exams).

The school has two file servers. One is for administration business and the other serves student computing needs. The administration server has dedicated storage for each of the teachers and both hardwired access and wireless Local Area Network (LAN) access throughout the school. The student server has applications the students might need for their schoolwork, and provides wireless access for student-owned laptop computers. All students are required to have a laptop computer with wireless access. In addition, the school has a dedicated computer lab with 25 desktop computers for the students to use in computer science classes.

Deliverables:

Include the following in your Lab Report File:

    Download the attached document [MS-Word File Size 160 KB] to create a high-level IT asset inventory list and prioritize the IT assets in terms of importance to a schools operation and business.
    Identify the top five risk exposures found in the high-level IT asset assessment.
    Recommend IT security policies that can help mitigate the identified risk exposures.

Your Lab Report should be submitted in a Word document, typed in double space, in 10 or 12point Arial or Times New Roman font. The page margins on the top, bottom, left side, and right side should be 1 inch each. Your composition format must follow guidelines for the citation and reference style established by the American Psychological Association (APA).

You can leave a response, or trackback from your own site.
Powered by WordPress | Designed by: Premium WordPress Themes | Thanks to Themes Gallery, Bromoney and Wordpress Themes