Week 8 Assignment – System Security Monitoring, Patch Management, and Update Policies
Introduction
In this assignment, you will develop corporate policies for system security monitoring, patch management, and updates that cover both wired and wireless components. A web search will provide multiple examples of policy documents. The following resources may also be helpful as you draft your policy documents:
- SANS. No date. CIS Critical Security Controls. https://www.sans.org/critical-security-controls/?msc=main-nav
- This resource provides a list of case studies highlighting how security professionals have made improvements in their security controls.
- SANS. No date. Security Policy Templates. https://www.sans.org/information-security-policy/
- This resource provides a number of security policy templates that might be helpful in drafting your policy documents.
The specific course learning outcome associated with this assignment is:
- Recommend best practices for monitoring, updating, and patching systems.
Instructions
Write a 6–10 page paper in which you:
- Establish a system security monitoring policy addressing the need for monitoring, policy scope, and exceptions and supported by specific, credible sources.
- Justify the need for monitoring.
- Define the scope of the policy (the personnel, equipment, and processes to which the policy applies).
- Provide guidelines for policy exceptions, if approved by the IT and Security departments.
- Establish a system security patch management and updates policy addressing the need for patch management and updates, policy scope, and exceptions and supported by specific, credible sources.
- Justify the need for patch management and updates, aligned with ISO/IEC 27002.
- Define the scope of the policy (the personnel, equipment, and processes to which the policy applies).
- Provide guidelines for policy exceptions, if approved by the IT and Security departments.
- Support your main points, assertions, arguments, or conclusions with at least four specific and credible academic sources synthesized into a coherent analysis of the evidence.
- Cite each source listed on your source page at least one time within your assignment.