Improving Organizational Security Policy

Improving Organizational Security Policy

For this deliverable, you are a newly appointed security officer (SO). The chief information security officer (CISO) has asked you to review the company security policy and provide your recommendations for improvement. Note: You may create or make all necessary assumptions needed for the completion of this assignment.

Research a security policy of an organization; you can use your employer, an organization you are associated with, or a company on the internet, as long as you have access to their security policy. A suggested resource is provided below. Make an initial assessment of the current security policy of the organization, including its strengths and weaknesses. Review the security policy’s objective that should be clearly defined to maintain the confidentiality and integrity of information. Determine whether the security policy covers software and hardware devices, physical parameters, human resource, information, or data and access control within its scope. Check that the security policy includes what must be done rather than how it should be done. Assess the password management, change management, and incident management aspects of the policy. Additionally, assess the effectiveness of the policy and provide recommendations for it.

• Describe the business needs of the organization that you have researched.
• Review the security policy of the organization and its objective.
• Compare the security policy with the business needs.
• Assess the aspects of the security policy noting essential inclusions and omissions.
• Assess the effectiveness of the policy and provide at least 2-3 recommendations for improvement.
• Use at least two quality ressource