IS Security Policy Analysis, Unit III Case Study
Instructions
Policy Writing Approach
Refer to Case Study: Policy Writing Approach found on page 102 of your textbook and copied below.
Regional Bank has been growing rapidly. In the past two years, it has acquired six smaller financial institutions. The long-term strategic plan is for the bank to keep growing and to go public within the next three to five years. FDIC regulators have told management that they will not approve any additional acquisitions until the bank strengthens its information security program. The regulators commented that Regional Banks information security policy is confusing, lacking in structure, and filled with discrepancies.
You have been tasked with fixing the problems with the policy document. Write a two-page case study that includes the following sections.
Introduction: Current Problem
Discussion
Where do you begin this project?
Would you use any material from the original document?
What other materials should you request?
Would you want to interview the author of the original policy?
Who else would you interview? Should the bank work toward ISO certification?
Which ISO 27002:2013 domains and sections would you include?
Should you use NISTs Cybersecurity Framework (CIA security model) and related tools? If yes, explain why the tools selected are important to IS policy writing.
Which methods of communication should you use to send the policy?
What other criteria should you consider?
Conclusion
References
Your paper should include a title page and a reference page, which do not count toward the two-page minimum. Use APA formatting. At a minimum, use your textbook as a resource for this assignment and include it on your reference page.