Imagine that you have just been appointed as a management security consultant for a firm of independent security Management advisers, with an international base.
You have been tasked with compiling a report that investigates the current security management principles and methodologies for an Private Cloud provider company, that researches, designs, implements and manages (at client quest) its products and systems. The focus is against SMEs that are often start-up enterprise’s that want to protect their development software technologies and data thus keeping it in house. The company aspirations are of having a global presents particularly all major cities in the world. You need to develop a generic top-level security policy document which will be supplemented by 5 key security policies based on a variety of constraints and requirements, which could be used by the company, its clients and any franchisees outlets it undertakes.
Against the policy document you must critically evaluate security risks and mitigation techniques that could be applied. Additionally awareness of human factors, laws, regulation and best practice in security management need to be demonstrated.
The document must be logically structured to ensure quick and easy retrieval of specific information and guidance. You must also encourage internal standards for ‘good practice’ with these being clearly related to relevant external [United Kingdom, European and International] laws and standards.