Home » Lab 4 creating a security policy framework

Lab 4 creating a security policy framework

Part 1: Research Separation of Duties Policies (0/1 completed)

Note: In this part of the lab, you will review scholarly research on separation of duties policies in order to form a basis for their purpose and usage. Understanding the reason behind a SoD policy is key to understanding the component policies and procedures. Please take time to review the research thoroughly and think through the concepts of the policy itself.

1. Using your favorite search engine, locate and read the following scholarly, peer-reviewed research article referencing separation of duties policies.

Lu, J., Li, R., Lu, Z., & Jin, Y. (2009, December 31). Dynamic Enforcement of Separation-of-Duty Policies. Paper presented at the International Conference on Multimedia Information Networking and Security. http://dx.doi.org/10.1109/MINES.2009.102

2. Write a brief summary of the article. In your summary, focus on the need for a Separation of Duties policy and its key elements.                                                                                                    

Part 2: Create a Separation of Duties Policy (0/6 completed)Note: In Part 1 of this lab, you learned about the motivating factors that inform a separation of duties policy. In this part of the lab, you will create your own separation of duties policy for a given scenario. As you prepare your policy, remember that no one individual or team should have too much authority or power to perform a function in a business or organization and that understanding where responsibilities begin and end is critical to effective separation of duties. However, just because one individual or team has decidedly too much authority or power does not necessarily mean that management should apply separation of duties to mitigate the risk given that truly separated duties often means additional labor and/or costs. Instead, management might decide to accept the risk or address the risk by other means.

1. Review the following scenario for the fictional Bankwise Credit Union:

  • The organization is a local credit union that has multiple branches and locations throughout the region.
  • Online banking and use of the internet are the bank’s strengths, given its limited human resources.
  • The customer service department is the organization’s most critical business function.
  • The organization wants to be in compliance with the Gramm-Leach-Bliley Act (GLBA) and IT security best practices regarding its employees.
  • The organization wants to monitor and control use of the Internet by implementing content filtering.
  • The organization wants to eliminate personal use of organization-owned IT assets and systems.
  • The organization wants to monitor and control use of the e-mail system by implementing e-mail security controls.
  • The organization wants to implement this policy for all the IT assets it owns and to incorporate this policy review into its annual security awareness training.
  • The organization wants to define a policy framework, including a security management policy defining the separation of duties for information systems security.

2. Create a security management policy with defined separation of duties for the Bankwise Credit Union.

Bankwise Credit Union

Separation of Duties Policy

Policy Statement
(Define your policy verbiage.)

(Define the policy’s purpose as well as its objectives.)

(Define whom this policy covers and its scope. What elements, IT assets, or organization-owned assets are within this policy’s scope?)

(Does the policy statement point to any hardware, software, or configuration standards? If so, list them here and explain the relationship of this policy to these standards.)

(Explain how you intend to implement this policy for the entire organization.)

(Explain any roadblocks or implementation issues that you must overcome in this section and how you will surmount them per defined guidelines. Any disputes or gaps in the definition and separation of duties responsibility may need to be addressed in this section.)

Challenge Exercise (0/1 completed)Note: The following challenge exercise is provided to allow independent, unguided work – similar to what you will encounter in a real situation.

For this portion of the lab, you will complete additional research of a case study in separation of duties and provide your own overview of the problem and solution. 

Locate and read the following research article:

Ballesteros, S., Pan, L., Batten, L., & Li, G. (2015). Segregation-of-Duties Conflicts in the Insider Threat Landscape: An Overview and Case Study. Paper presented at the Second International Conference on Education Reform and Modern Management. https://doi.org/10.2991/ermm-15.2015.96

Discuss how a separation of duties policy would help to resolve the issues at Bankwise Credit Union, as discussed in this case study. Assume your audience is the CEO and Board of Bankwise Credit Union.

Calculate the price of your order

550 words
We'll send you the first draft for approval by September 11, 2018 at 10:52 AM
Total price:
The price is based on these factors:
Academic level
Number of pages
Basic features
  • Free title page and bibliography
  • Unlimited revisions
  • Plagiarism-free guarantee
  • Money-back guarantee
  • 24/7 support
On-demand options
  • Writer’s samples
  • Part-by-part delivery
  • Overnight delivery
  • Copies of used sources
  • Expert Proofreading
Paper format
  • 275 words per page
  • 12 pt Arial/Times New Roman
  • Double line spacing
  • Any citation style (APA, MLA, Chicago/Turabian, Harvard)

Our guarantees

Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.

Money-back guarantee

You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.

Read more

Zero-plagiarism guarantee

Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.

Read more

Free-revision policy

Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.

Read more

Privacy policy

Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.

Read more

Fair-cooperation guarantee

By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.

Read more