Scenario
The organization is a regional XYZ Credit Union/Bank that has multiple branches and locations
throughout the region.
Online banking and use of the Internet are the bank’s strengths, given limited its human
resources.
The customer service department is the organization’s most critical business function.
The organization wants to be in compliance with Gramm-Leach- Bliley Act (GLBA) and IT security
best practices regarding its employees.
The organization wants to monitor and control use of the Internet by implementing content
filtering.
The organization wants to eliminate personal use of organization-owned IT assets and systems.
The organization wants to monitor and control use of the e-mail system by implementing e-mail
security controls.
The organization wants to implement this policy for all the IT assets it owns and to incorporate
this policy review into an annual security awareness training program.
Assignment Requirements
1. Summarize potential risks and liabilities with this scenario.
2. Discuss the following IT policies and the level of protection each policy provides in the context of
your assigned scenario:
Internet use policy
External device use policy
Employee identity (ID) policy
Computer use policy
How would each policy help the situation described in your assigned scenario? How might each
policy hinder the situation described in your assigned scenario?
3. Summarize your policy recommendations for this organization. This should not include any
technical guidelines; only the policies you recommend they implement. Include their potential
benefits and costs.