Computer Science Homework Help

My organization is the University of Missouri https://www.umsystem.edu/ums/is/infosec

PART 2: Security Framework and Policy Assessment (2-3 pages)

1. Assess the overall completeness, maturity, and structure of the organization’s security governance and policies.
2. Provide your overall assessment of the security governance and policies, including any concerns, risks, and/or recommendations you have.

The goal of this effort is to actually get you to think about how difficult policy assessment/compliance is.  The two parts (listed above), along with the guide (listed below) for your documentation/analysis will provide you the ability to list any concerns, risks, and recommendations you have.

1. Purpose: Does the organization’s policies meet the purpose of the organization and its risk appetite? Is the policy flexible, rigid, or a mix of both? Do you think it is a good security policy? Provide your reasoning, citing examples and reference to course material.
2. Scope:  Does the scope of the policies provide the right level of coverage for the organization?
3. Consequences / Policy Enforcement: Identify sections of the security policy that provide consequences for a violating security policy. Are the consequences well defined and appropriate?
4. Policy Improvement Observations: Provide three (3) recommendations for improving their security governance and policies. Are there components, policies, or standards missing? Do you have any concerns with their approach?
5. Policy Change Management, Communication, and Awareness: Does the policy require training, education, and/or awareness? If so, assess the completeness of their training requirements.