develop corporate policies for system security monitoring, patch management, and updates that cover both wired and wireless components. A web search will provide multiple examples of policy documents. The following resources may also be helpful as you draft your policy documents:
SANS. No date. CIS Critical Security ControlsLinks to an external site.. https://www.sans.org/critical-security-controls/?msc=main-nav
This resource provides a list of case studies highlighting how security professionals have made improvements in their security controls.
SANS. No date. Security Policy TemplatesLinks to an external site.. https://www.sans.org/information-security-policy/
This resource provides a number of security policy templates that might be helpful in drafting your policy documents.
The specific course learning outcome associated with this assignment is:
Recommend best practices for monitoring, updating, and patching systems.
Instructions
Write a 6 page paper in which you:
Establish a system security monitoring policy addressing the need for monitoring, policy scope, and exceptions and supported by specific, credible sources.
Justify the need for monitoring.
Define the scope of the policy (the personnel, equipment, and processes to which the policy applies).
Provide guidelines for policy exceptions, if approved by the IT and Security departments.
Establish a system security patch management and updates policy addressing the need for patch management and updates, policy scope, and exceptions and supported by specific, credible sources.
Justify the need for patch management and updates, aligned with ISO/IEC 27002.
Define the scope of the policy (the personnel, equipment, and processes to which the policy applies).
Provide guidelines for policy exceptions, if approved by the IT and Security departments.
Support your main points, assertions, arguments, or conclusions with at least four specific and credible academic sources synthesized into a coherent analysis of the evidence.
Sample Answer
Corporate System Security Monitoring Policy
1. Policy Statement & Need for Monitoring It is the policy of this organization to implement comprehensive system security monitoring across all IT assets, including wired and wireless networks, endpoints, servers, and applications. The primary goal is to protect the confidentiality, integrity, and availability of all corporate information and IT resources. Monitoring is essential for proactively detecting and responding to security threats, identifying vulnerabilities, and ensuring compliance with regulatory requirements and internal security standards. Without continuous monitoring, an organization is blind to unauthorized access, malware infections, data exfiltration, and other malicious activities, making it impossible to respond in a timely and effective manner.
Scope of Policy
This policy applies to all employees, contractors, and third-party personnel who access or use the organization's IT systems. The policy's scope encompasses all corporate-owned and managed IT assets, including but not limited to:
Network Infrastructure: Routers, switches, firewalls, and wireless access points.
Wired and Wireless Endpoints: Laptops, desktops, smartphones, and tablets.
Servers: Both physical and virtual servers.
Applications: Web applications, databases, and enterprise software.
Cloud Services: SaaS, PaaS, and IaaS environments.
The policy mandates the use of specific monitoring tools and techniques, such as Intrusion Detection/Prevention Systems (IDPS), Security Information and Event Management (SIEM) systems, and network traffic analyzers.
3. Monitoring Procedures
Event Logging: All systems must be configured to generate and store security-relevant logs. These logs must be centrally collected and analyzed by a SIEM system.
Intrusion Detection: IDPS must be deployed on the network perimeter and at critical internal points to detect and alert on suspicious traffic patterns or signatures.
Vulnerability Scanning: Regular vulnerability scans will be performed on all network devices and systems to identify security weaknesses.
User Behavior Analytics (UBA): The SIEM system will be used to monitor user activities for anomalies, such as unusual login times, data access patterns, or excessive data transfers.
Wireless Security: All wireless networks must be monitored for unauthorized access points (rogue APs) and misconfigured devices. WPA3 or the latest secure wireless encryption protocols will be enforced.