Eveloping security policy (Security, Ethics and Electronic Commerce Systems)

Enabling objectives
1. Develop an issue-specific security policy.
2. Write a justification for each component in the security policy.


You are expected to develop an issue-specific security policy. Policy is generally a plan or course of action, intended to influence and determine decisions, actions and other matters. Security policy represents the formal statement of the organisationas information security philosophy. Issue-specific security policy provides detailed, targeted guidance to instruct all members of the organisation in the use of a process, technology, or system that is used by the organisation. As you will be provided with the basic information of the organisation, you are required to provide additional justification for each component in the security policy.


1. Gain the knowledge of developing security policy from the textbook and relevant articles. You should know the framework of issue-specific security policies.
2. Search the Internet for security policies in different organisations. In particular, find the issue-specific security policies addressing different issues such as the use of email policy, anti-virus process policy, and risk assessment policy.
3. Using the above policies you found as examples and the framework of issue-specific security policies, draft the components in a security policy in use of a new transaction management system in a company, based on the following scenario:
Company A is a superannuation company which provides various financial services to its partners and clients. Its mission is to use cutting edge technology to make money for its partners and clients. It has just launched a trial web-based transaction management system which connects to its partners and clients. Its partners include some large financial and insurance institutions in the nation. It also has about twenty thousand individual clients. The purpose of this transaction management system is to provide new but secure distribution channels for partner products and services. As a financial institution, it must provide its partners and clients with an extremely high standard of security in terms of confidentiality, integrity and availability. The new system must guarantee security and privacy for partnersa and clientsa data and ensure the highest degree of protection from hostile attacks.
4. Elaborate on the details in each component of the policy. When you are developing the components, make notes on how you justify them. Remember that this security policy explains how the organisation expects the technology in question to be used. It documents how the technology is controlled and identifies the process and who has the authority to provide that control. It also documents how to protect the organisation against misuse of the technology.
5. Ask your peer students for feedback. Revise the policy document according to the feedback and finish the final document.
6. Collect your justifications and assemble them into a 500-word section. You must include the security policy and the justification in one file.