Discusssion: Business Drivers for Information Security Policies
Scenario
• The organization is a regional XYZ Credit Union/Bank that has multiple branches and locations throughout the region.
• Online banking and use of the Internet are the bank's strengths, given limited its human resources.
• The customer service department is the organization's most critical business function.
• The organization wants to be in compliance with Gramm-Leach-Bliley Act (GLBA) and IT security best practices regarding its employees.
• The organization wants to monitor and control use of the Internet by implementing content filtering.
• The organization wants to eliminate personal use of organization-owned IT assets and systems.
• The organization wants to monitor and control use of the e-mail system by implementing e-mail security controls.
• The organization wants to implement this policy for all the IT assets it owns and to incorporate this policy review into an annual security awareness training program.
Discussion Requirements
• Using the scenario, identify four possible information technology (IT) security controls for the bank
• Provide rationale for your choices.
• Reference your work.