Organizations rely heavily on the use of information technology (IT) products and services to run their day-to-day activities. Ensuring the security of these products and services is of the utmost importance for the success of the organization. Having a security policy that address acceptable use of these resources is an essential aspect of IT governance and management.


Follow guidelines in the (NIST.SP.800-12r1) document to develop a mock Computer/Internet Security Policy. Your policy document must be a 3 page stand-alone document that can be reviewed, maintained and distributed to employees, staff or other stakeholders when necessary. Your policy document must contain at least the following sections:

1.  A “Preamble” – it describes

  • 1) the scope and applicability of the policy (who is affected by the policy, when and under what conditions);
  • 2) a definition of technology covered;
  • 3) a confidentiality of data statement;
  • 4) Incident response handling procedures;
  • 5) Responsibilities (monitoring, reporting violations, penalties for violations, etc.)
  • 6) a policy review schedule

2. Physical security

  • Acceptable use
  • Un-acceptable use
  • Back-up and storage strategies

3. Access security

  • Device
  • passwords
  • web access
  • network access
  • remote access
  • mobile
  • wireless
  • Email security

5. Virus protection

Remember to follow APA6 guidelines in citing all sources used. Then also include an APA style reference list as the last page of your Computer/Internet Security Policy.  When you have finished writing your Computer/Internet Security Policy document, click the Write Submission link and submit your paper for grading.  OR, just paste your entire document as a Word doc attachment.