Unit Outcomes:

Articulate the basic purpose of a security policy.

Define common data protection terminology.

Describe the components of a security policy.

Analyze a security policy to identify omissions and errors.

Develop a security policy for a business.

IT$540-1$: Implement a network security policy.

Purpose

Read the following mini$-$security policy. Assess this security policy in the following four major areas. What is missing, incomplete, inaccurate, or ill$-$advised? Provide a rationale for your concerns.

R&D Financial Services, LLC Security Policy

Each document should have a footer or header identifying the level of sensitivity$.$ Suggested sensitivity levels are unrestricted and client sensitive$.$

Email clients should enable SSL encryption for ActiveSync, POP$3$ and SMTP$.$ SSL should also be used for web$-$based email. That way, regardless of where people work, their email traffic will not expose any data to network eavesdropping techniques. If client confidential data must be emailed amongst any third$-$party firms and$/$or consultants, the file should be encrypted, perhaps using a cross$-$platform product such as PGP or S$/$MIME$,$ so that data cannot be read from email servers along the way.