Assignment 1: Using Security Policies and Controls to Overcome Business

Challenges

Learning Objectives and Outcomes

Understand the importance of information security policies and the role they play in business

activities to ensure sound, secure information.

Identify four IT security controls for a given scenario.

Scenario

The organization is a regional XYZ Credit Union/Bank that has multiple branches and locations

throughout the region.

Online banking and use of the Internet are the banks strengths, given limited its human

resources.

The customer service department is the organizations most critical business function.

The organization wants to be in compliance with Gramm-Leach-Bliley Act (GLBA) and IT security

best practices regarding its employees.

The organization wants to monitor and control use of the Internet by implementing content

filtering.

The organization wants to eliminate personal use of organization-owned IT assets and systems.

The organization wants to monitor and control use of the e-mail system by implementing e-mail

security controls.

The organization wants to implement this policy for all the IT assets it owns and to incorporate

this policy review into an annual security awareness training program.

Assignment Requirements

Using the scenario, identify four possible information technology (IT) security controls for the bank and

provide rationale for your choices