This assignment consists of cataloging your security policies. For the catalog, navigate to the Instant Security Policy custom security policies website to get started with building your catalog.
Scenario
An information security team’s designated role is to implement an information security policy, standards, baselines, procedures, and guidelines.
The Chief Information Security Officer (CISO) decided that your team must develop a security policy catalog to cover all the hospital policies and procedures to keep the networks secure, maintain secure data transmission, and protect patients’ confidential records. Take into consideration the following information about the hospital infrastructure:
The hospital headquarters is home to 750 staff members with offices in Washington, DC; San Antonio, Texas; and New York City, New York. The hospital in Washington DC, will also maintain networking to their local satellite office.
The headquarters store the primary data and the main internet backbone to include LAN services, wireless LAN, wide area network (WAN), and virtual private network (VPN) tunnels. The San Antonio hospital and the New York hospital host about 200 staff at each facility and half of these employees are traveling more than 80% of the time.
The New York office focuses on Computed Axial Tomography Scans (CAT) and maintains media and web servers.
The satellite office has approximately 100 staff and is connected to the main WAN with a wireless point-to-point bridge to the Washington, DC headquarters data center.
The hospital allows doctors to do telehealth telecommunications. Remote and mobile staff are provided access to the hospital VPN client.
The VPN client required staff to access reliable internet services to communicate across teams and patients effectively. The Information Technology team manages all hospital-owned laptops.
As the lead for your IT Security Team, prepare a security catalog related to protecting personal hospital devices, securing confidential data, managing passwords, data transfer policy, managing remote access, email policy, backup policy, VPN policy, acceptable use policy, incident response policy, physical security, periodical review of security standards, and disciplinary actions against employees for breaching security standards.
As part of the catalog, you will include a policy statement. You will also select a security policy testing methodology to facilitate the assessment for technical errors.
Submission Requirements
Write a 3–5 page paper in Word in which you:
Create a security policy catalog comprising a set of security policies for a hospital organization.
Explain each security policy in detail with supporting justification for the policy.
Explain the proposed cybersecurity policy statement and reasons why the policy statement may be controversial.
Provide a justification for the determined security testing methodology you would use to facilitate the assessment of technical errors.