Security Policy Document Project
Objectives

The purpose of this two-part project is to evaluate the student’s ability to analyze security requirements and develop a security policy that fully addresses them. By completing the two documents, the student will also gain practical knowledge of the security policy documentation process. The project will enable the student to see and understand the required standards in practice, as well as the details that should be covered within the security policy documentation.

Detailed Requirements

Optional & Ungraded Project Deliverable #1 (Due Week 3)
Using the GDI Case Study below, complete the Security Policy Document Outline.
Provide a one or two-page Security Policy Document Outline. The Outline should cover all aspects of the security policy document and convey the accurate and appropriate information for the stakeholders to make the appropriate decision.
Ungraded but instructor will provide feedback to make sure students are on-track. This outline can become major part of the “Executive Summary” of the final deliverable.
Project Deliverable #2 (Due Week 7)
Using the GDI Case Study, complete the Security Policy Document.
Provide a seven- to ten-page analysis summarizing the security policy to the executive management team of GDI. The student designs effective real-time security and continuous monitoring measures to mitigate any known vulnerabilities, prevent future attacks, and deter any real-time unknown threats; and also efficiently meets the organization’s objectives. The summary should effectively describe the security policy in a manner that will allow the Senior Management to understand the organizational security requirements and make the appropriate decisions to enforce.

Guidelines

Using the GDI Case Study, create the security policy document.
The security policy document must be 8 to 10 pages long, conforming to APA standards. See "Writing Guideline" in WebTycho where you'll find help on writing for research projects.
At least three authoritative, outside references are required (anonymous authors or web pages are not acceptable). These should be listed on the last page titled "References."
Appropriate citations are required. See the syllabus regarding plagiarism policies.
This will be graded on quality of research topic, quality of paper information, use of citations, grammar and sentence structure, and creativity.
The paper is due during Week 7 of this course.

Grading Rubrics

Final Deliverable
Category
Points
%
Description
Documentation and Formatting 10 10% Appropriate APA citations/referenced sources and formats of characters/content.
Case Study Security Policy Analysis 25 25% Accurate Completion of Security Policy.
Real-time Security
25
25
Real-time Security Protection against dynamically changing threats.
Continuous Monitoring
25
25
Continuous Monitoring for up-to-date Asset Management and Security Posture
Executive Summary 15 15% Provide an appropriate summary of the Security Policy Document.
Total
100
100%
A quality paper will meet or exceed all of the above requirements.

Criteria
Good
Fair
Poor
Documentation and formatting
7-10 points
At least 3 Appropriate APA citations/referenced sources and formats of characters/ content.

3-6 points
Included 3 references but incorrect formatting or referencing/ citation
0-2 points
Does not include at least 3 references
Security Policy analysis
17-25 points
Effectively describes the security policy in a manner that will allow the Senior Management to understand the organizational security requirements and make the appropriate decisions to enforce.
Analysis is supported with documentation and evidence.

8-16 points
Describes the security policy in a manner that allows the Senior Management to understand the organizational security requirements but not enough to make the appropriate decisions to enforce. And/or is not