CYBR3600

This repo contains a digitized version of the course content for CYBR3600 (Information Security Policy) at the University of Nebraska at Omaha.

This project is maintained by MLHale

CYBR3600 Homework 3: Policy Review and Analysis

Due Date: Friday 9/21/17 by 11:59PM

Tasks

Identify Policies

  1. Identify at least 3 Information Security Policies on particular topics. Policies can be for any company or organization. If you do not want to analyze a policy from a company, you may use the UNO policies here: https://www.unomaha.edu/campus-policies/index.php.

You can generally find policies for a company listed online by searching for "<company name>" + "information security policy" replacing <company name> with the name of the company you are searching for (example: ford).

Analyze the Policies

  1. Once you’ve found 3 policies, answer the following questions for each one.
  2. Include a link to the policy where it can be found online.
  3. What is the scope of the policy? I.e. what does it cover and to whom does it apply?
  4. Does the policy conform to good practices for specifying policy? In other words, does it have definitions, scope, responsible entities, statements, procedures, etc appropriate to its purpose?
  5. Is the policy S.M.A.R.T.? Support your answer with evidence from the policy. For instance, what measurable metrics exist?
  6. Does the policy feel flexible or rigid? Do you think it is a good policy? Why or why not?
  7. Overall, do the three policies you found conform to the same style guide?

Submission

Prepare a report, of type .md, .pdf, .doc, .docx only, that answers each question above. Clearly follow the 1,2,3,4,5 format for each policy. Submit your report to Canvas by the due date.