Assume you are an Information Technology Director for a small, growing firm and are tasked with developing an electronic resource security policy to deploy within your organization. The policy needs to protect the organization’s valuable electronic assets, but be flexible enough to accommodate employees as they go about executing their jobs and getting business done. It also needs to address communication and data security aspects such as remote data access, smartphone access, and internal electronic communications such as IM (instant messaging) and email.
**(Note that a policy is different from a plan. Be sure you address primarily the policy aspects of this task.).
In a minimum five page APA formatted paper (excluding title and reference pages) using the lecture, supplemental resources, and your own research, discuss the following elements.
- Discuss the differences between ‘implementation’ and ‘policy’, and describe the importance of their separation.
- Using information from the course, including the lectures and weekly reading, develop an outline of your security policy which addresses the areas identified in the prompt. Be as specific as possible.
- Compare the policy differences between users who work remotely or use wireless hotspots to users who work on site in a traditional office environment.
- Discuss how you would implement your security policy within the organization, including how employees would be apprised of the new policies. Be sure to explain which elements are critical for a successful implementation of your policy
- Include a minimum of five sources, one of which may be the textbook. Of these sources, three must be from the Ashford Library or from IT industry standard periodicals.