MSIT 458 Homework 21. Introduction1.1 Document Definition1.2 Scope and Objective1.2.1 Applicability to Staff1.2.2 Applicability to External Parties1.3 Related Documents / References2. Policy Statements2.1 Network Control2.2 Device Information Protection2.3 External Connection Points2.4 Device Approval2.5 Firewall Protection2.6 Traffic Denial and Segregation2.7 Non-Essential Services2.8 Routing Updates2.9 Documentation2.10 Wireless Access Points2.11 Wireless Access and Encryption2.12 Wireless Coverage2.13 Network Device Logging2.14 Configuration Review2.15 Penetration Testing2.16 Network Monitoring2.17 Intrusion Prevention / Intrusion Detection2.18 Connection Removal3. Policy Compliance3.1 Compliance Measures3.2 Enforcement4. Appendix4.1 Variance / Exception Process4.2 Glossary / Acronyms4.3 Document Management4.3.1 Document Revision Log4.3.2 Ownership4.3.3 Document Approvers4.3.4 Effective Date4.3.5 Compliance DateIT SecurityPolicy, Standards, and GuidelinesMSIT 458 Homework 2Due back: Feb. 3, 11:59pm, 2010 (by submission timestamp).Submission: Electronic submission to [email protected] Qn 1. Security PolicyPurpose: The purpose of this homework is develop skills in understanding the difference between a Security Policy, Standard, and Guideline. This exercise will focus on developing IT Security Policies.Assignment:Your assignment is to act as an outside consultant developing policies for a Fortune 100 company. The company business is food retailing with a global presence. You will be presented with a partially completed IT Security Policy that you are to complete. Please fill the missing policy statements in Section 2. Please just send me the missing part instead of the whole security policy file.Note:A hint for this exercise is that policies must be:- General enough that standards can be developed from them. - Specific enough for them to be targeted, practical, and useful. - In plain English so that management, non-technical staff, and audit teams can understand and enforcethem.Page 1 of 10 Network Configuration & Communication PolicyIT SecurityPolicy, Standards, and GuidelinesNetwork Configuration & Communication PolicyDocument Number: XXXX-XXXXFinal Draft VersionCopyright NoticePage 2 of 10 Network Configuration & Communication PolicyIT SecurityPolicy, Standards, and GuidelinesTable of Contents1. INTRODUCTION...............................................................................................................................................................................31.1 DOCUMENT DEFINITION...................................................................................................................................................... 31.2 SCOPE AND OBJECTIVE....................................................................................................................................................... 31.2.1 Applicability to Staff...........................................................................................................................................................31.2.2 Applicability to External Parties........................................................................................................................................31.3 RELATED DOCUMENTS / REFERENCES.................................................................................................................................. 32. POLICY STATEMENTS..................................................................................................................................................................42.1 NETWORK CONTROL........................................................................................................................................................... 42.2 DEVICE INFORMATION PROTECTION..................................................................................................................................... 42.3 EXTERNAL CONNECTION POINTS......................................................................................................................................... 42.4 DEVICE APPROVAL.............................................................................................................................................................. 42.5 FIREWALL PROTECTION....................................................................................................................................................... 42.6 TRAFFIC DENIAL AND SEGREGATION................................................................................................................................... 42.7 NON-ESSENTIAL SERVICES.................................................................................................................................................. 42.8 ROUTING UPDATES.............................................................................................................................................................. 42.9 DOCUMENTATION................................................................................................................................................................ 42.10 WIRELESS ACCESS POINTS.................................................................................................................................................. 52.11 WIRELESS ACCESS AND ENCRYPTION................................................................................................................................... 52.12 WIRELESS COVERAGE......................................................................................................................................................... 52.13 NETWORK DEVICE LOGGING............................................................................................................................................... 52.14 CONFIGURATION REVIEW.................................................................................................................................................... 52.15 PENETRATION TESTING....................................................................................................................................................... 52.16 NETWORK MONITORING...................................................................................................................................................... 52.17 INTRUSION PREVENTION / INTRUSION
View Full Document
Unlocking...