IT SECURITY POLICY $(30$ marks$)$

Internet and network technologies increasingly play an important role at the institutes of higher learning education. Many University and college units, groups and individuals have already begun to leverage wired and wireless networking technologies. As head of Information Technology Services $($ITS$)$ of your institution, you have been given the primary responsibility for the design, installation and operation of your institution's network infrastructure and services deployment.

Purpose of the Policy: The purpose of this policy is to establish the intent, direction and expectations with respect to the deployment $($including installation, operation and maintenance$)$ of the network infrastructure technology of your selected institution.

Expected Institutional Outcome: It is expected that this policy will result in a coordinated, centralized and secured delivery of wired and wireless networking services that will provide a quality user experience across the institution without restricting or constraining the growth of the institution's network infrastructure and services.

Applicability of the Policy: This policy shall apply to all users of the institution's technological resources.

Task Required:

You have been approached by one of your company's directors who wishes to know more

about IT Security Policy: Development, Implementation and management. You may assume that he$/$she has limited knowledge of IT Security Policy and that any technical terms need to be explained.

A$.$ Why Do You Need a Security Policy?

B$.$ Policy Statement

C$.$ How to Develop Policy

What is the reason for the policy?

Who developed the policy?

Who approved the policy?

Whose authority sustains the policy?

Which laws or regulations, if any, are the policy based on$?$

Who will enforce the policy?

How will the policy be enforced?

Who does the policy affect?

What information assets must be protected?

What are users actually required to do$?$

How should security breaches and violations be reported?

What is the effective date and expiration date of the policy?

D$.$ Responsibilities:

E$.$ Business Continuity & Disaster Recovery, Information Technology

F$.$ Security Awareness Training, Information Technology