Lab Exercise 6:

A security policy contains pre-approved organizational procedures that tell you exactly what you need to do in order to prevent security problems and next steps if you are ever faced with a data breach. Security problems can include: Confidentiality people obtaining or disclosing information inappropriately Data Integrity information being altered or erroneously validated, whether deliberate or accidental Availability information not being available when it is required or being available to more users than is appropriate

Working as an Information Security manager for Younestech LLC in Dubai, your task is to create a document/report for your organization security policy ; you should cover the items listed below to complete the task. Support your report document with process diagrams and methodologies.

1. Why Do You Need a Security Policy?

2. How to Develop Policy

3. What to Include An organization's risk assessment, and not this document or any other source, informs policy-makers of their system's specific security needs. But regardless of those findings, the following general questions should be addressed clearly and concisely in any security policy:9

What is the reason for the policy?

Who developed the policy?

Who approved the policy?

Whose authority sustains the policy?

Which laws or regulations, if any, are the policy based on?

Who will enforce the policy?

How will the policy be enforced?

Whom does the policy affect?

What information assets must be protected?

What are users actually required to do?

How should security breaches and violations be reported?

What is the effective date and expiration date of the policy?