ITS 4910 - Information Trends/Research and Design Project


Module 6

This lesson presents some background on the sixth week. Objectives important to this lesson:

  1. What is this week about?
  2. Current assignments

Concepts:

Let's clarify a couple of things:

  • The downloadable document titled "ITS4910_SecurityProceduresforServersandGeneralAccessControl_F2F" is the assignment document for this week.
  • The downloadable document titled "General Procedure Template" is actually a template for a comprehensive enterprise security policy.
  • The downloadable document titled "Security Procedure Template" is the same template you should have downloaded last week. It is an example written for routers.

This week we have to revisit the concept of a Security Policy, since the course now provides you with a template for a comprehensive one. It outlines the structure, duties, and authority of the Information Security officers and staff in the organization. It also contains sections about security procedures that apply to and must be followed in all areas.

As your first assignment this week, for a additional 40 points, revise your submission from week 3 to include elements of this template that relate to your client/company. Some of it is "boilerplate", lawyer language to establish the authority of the IT Security staff, and to empower them to tell everyone else what to do. This will be a strange idea for people who have not worked in an environment that is run this way. Employees who do not understand risk and security may rebel against this new concept, which is why it must be endorsed by recognized authority, who will also be subject to the same security rules.

For the 40 points that were intended for this week, you are assigned to create two security procedures. The first is for creating, configuring, and maintaining servers. The second is for creating and configuring access controls.

This assignment is now longer than originally written, so it is due in two weeks instead of one.

There is a rubric specific to this assignment, but it is a bit confusing. It is shown on the assignment page in Canvas.

rubric for this week

In the image above, I am showing you all five grading elements for the assignment. The rubric uses a more general definition of the word "procedure". In this context, it means that you need to include all necessary parts in each document:

  • servers - who has access, creating default server settings, default setting approvals, default setting reviews, revisions, and patch updates
  • general user access controls – ID requests, ID configuration, password configuration and constraints, access approvals (both requester’s management and data owner)

Assignments

  1. Complete the assignment and class discussion made in this module.
  2. Review notes from previous classes related to the topics in the bulleted list above.