Week 8 Assignment – System Security Monitoring, Patch Management, and Update Policies


 

Week 8 Assignment – System Security Monitoring, Patch Management, and Update Policies

Introduction

In this assignment, you will develop  corporate policies for system security monitoring, patch management, and  updates that cover both wired and wireless components. A web search  will provide multiple examples of policy documents. The following  resources may also be helpful as you draft your policy documents: 

  • SANS. No date. CIS Critical Security Controls. https://www.sans.org/critical-security-controls/?msc=main-nav     
    • This resource provides a list of case studies highlighting how  security professionals have made improvements in their security  controls.
  • SANS. No date. Security Policy Templates. https://www.sans.org/information-security-policy/     
    • This resource provides a number of security policy templates that might be helpful in drafting your policy documents.

The specific course learning outcome associated with this assignment is: 

  • Recommend best practices for monitoring, updating, and patching systems.

Instructions

Write a 6–10 page paper in which you: 

  • Establish a system security monitoring policy addressing the need  for monitoring, policy scope, and exceptions and supported by specific,  credible sources.     
    • Justify the need for monitoring.
    • Define the scope of the policy (the personnel, equipment, and processes to which the policy applies).
    • Provide guidelines for policy exceptions, if approved by the IT and Security departments.
  • Establish a system security patch management and updates policy  addressing the need for patch management and updates, policy scope, and  exceptions and supported by specific, credible sources.     
    • Justify the need for patch management and updates, aligned with ISO/IEC 27002.
    • Define the scope of the policy (the personnel, equipment, and processes to which the policy applies).
    • Provide guidelines for policy exceptions, if approved by the IT and Security departments.
  • Support your main points, assertions, arguments, or conclusions  with at least four specific and credible academic sources synthesized  into a coherent analysis of the evidence.     
    • Cite each source listed on your source page at least one time within your assignment.