Corporate security policy, major security policies, and


Week 2 Assignment

NAME: __________________________

Fully answer the following questions using complete sentences and proper English.

Please include your name, class number, and assignment number on your paper. Follow APA formatting standards, especially for citations and references.

1. Policies

a) What are policies? 

b) Distinguish between the corporate security policy, major security policies, and behavioral-based (aka acceptable use) policies. 

c) What are the purposes of requiring users to sign an Acceptable Use Policy (AUP)? 

d) Why are policies for specific controls, countermeasures or resources needed? 

e) Provide an example of a Security Policy. 

2. Implementation Guidance

a) Distinguish between standards, guidelines and procedures. In your explanation, include when each should be used within an organization. 

b) For standards, what is mandatory? 

c) When are guidelines appropriate? 

d) Provide examples of security standards, guidelines and procedures you have personally seen.

3. Policy Document Example

You are tasked with creating the policies, standards, and guidelines for a small online retail business on the use of removable media (e.g., USB drives) and personal storage services. The intent is to (a) be compliance with regulations (e.g., PCI DSS) and (b) to ensure data isn’t compromised using personal storage (physical or online).
For this section, you need to create the policy, standards and guidelines statements and correlate applicable regulations. You should use the most recent version of the Payment Card Industry Data Security Standard (PCI DSS):

a) Policies: 

b) Standards: 

c) Guidelines:

d) Specific regulations and controls that apply: