Assignment: Using Security Policies and Controls to Overcome Business Challenges. Understand the importance of information security policies and the role they play in business activities to ensure sound, secure information. Identify four IT security controls for a given scenario. Scenario The organization is a regional XYZ Credit Union/Bank that has multiple branches and locations throughout the region. Online banking and use of the Internet are the banks strengths, given limited its human resources. The customer service department is the organizations most critical business function. The organization wants to be in compliance with Gramm-Leach-Bliley Act (GLBA) and IT security best practices regarding its employees. The organization wants to monitor and control use of the Internet by implementing content filtering. The organization wants to eliminate personal use of organization-owned IT assets and systems. The organization wants to monitor and control use of the e-mail system by implementing e-mail security controls. The organization wants to implement this policy for all the IT assets it owns and to incorporate this policy review into an annual security awareness training program.

Lab Assignment Requirements 1. Discuss this lab assignment with your group. 2. Using the scenario, identify four possible information technology (IT) security controls for the bank and provide rationale for your choices. 3. Develop a PowerPoint presentation to present upper management (CIO and/or CISO). a. Introduce the project b. Describe elements of GLBA and the importance of being compliant with GLBA c. Describe the policy and controls d. Identify the purpose and rationale for the recommendation e. Estimate the costs and benefits of each control f. Estimate the timeline to implement the controls g. Describe how you will inform user of the policy and controls as part of a security awareness program.