You have been hired by the Board of Directors of RollinOn, Inc as the new IT Security Manager. RollinOn is a designer of premade and custom designed skates and skateboards. RollinOn has had some extreme growth in the area of e-Commerce over the past couple of years due to the addition of their custom design tools on their website. However, RollinOnhas had some internal security issues. RollinOn hs had some very lax policies allowing employees to bring their own tablets and laptops, also known as bring your own device or BYOD, and access social media on the intranet. The Web application development team has increased in size and is also in need of sound security practices. There have been several instances of downloaded malware and the company website has been hacked on at least one (1) occasion.
Your main objective is to create an outline of a new IT security policy regarding the companyâ€™s web presence and lack of access control. Note: You may create and / or make all necessary assumptions needed for the completion of this assignment.
Part I: Written Section
Write a three to five (3-5) page paper in which you:
- Briefly explain the current state of Web application security to the Board of Directors.
- Describe the major potential security risks associated with maintaining the organizationâ€™s Web presence, protecting its assets, and promoting e-Commerce.
- Assess any techniques and technologies that you may need to use to mitigate those potential security risks.
- Create an outline of your new IT security policies for RollinOn. Be sure to relate your policies to the potential risks.
- Speculate on the most common types of resistance that you might encounter from employees when implementing your new IT policy.
- Use at least four (4) quality references in this assignment. Note: Wikipedia and similar Websites do not qualify as quality references.
Part II: PowerPoint Presentation
Create an eight to ten (8-10) slide PowerPoint presentation for the Board of Directors in which you:
8, Outline the major components of your new IT security Policy. Be sure to associate each policy with specific risks.