This repo contains the assignment and provided resources for Project 1 of the Applied Network Security class.
- Gain experience with writing some common types of policy documents.
- Gain experience working in a group setting on collaboratively writing good policy.
- Gain experience in the process of iteratively writing policy and seeking approval, then incorporating feedback into the next draft.
Each group will be assigned both a general policy meant for all or most employees to read and sign, and a specific policy meant for a small team to implement and enforce. We will do multiple rounds of submittal and response until a final version of each policy is approved.
Each group will be expected to participate in the approval process. This means that alpha drafts must be provided for assessment by the first deadline, and beta drafts must be prepared and made available by the second deadline.
I will provide commentary on each draft, which should be addressed within the subsequent draft of each document. The documents will be downloaded in whatever form they exist upon arrival of the third deadline, and I will perform a final assessment from those versions. Teams which fail to submit an alpha document or make meaningful changes to the beta draft following feedback will lose ten points. Obviously, if no document is provided by the final deadline, fifty points will be deducted for each missing document.
Your final policy documents will be assessed along most of the attributes discussed in class, specifically:
- Structure
- Clarity and Consistency/Readability
- Specificity
- Relevance
- Comprehensiveness
- Enforceability
- Flexibility/Scalability
- Measurability
Your submitted documents should exhibit all of these qualities to a reasonable degree. Documents which fail to meet these requirements will have points deducted.
Each group will produce two policy documents. Examples of similar documents are usually between about ten and thirty pages in length, but there are no minimum or maximum length requirements within the context of this class. Instead, endeavor to follow the structural and stylistic guidelines to the best of your abilities.
The assignments of topics to each group are as follows:
- Remote Work
- Physical Security
- BYOD
- Incident Response
- Acceptable Use
- Network and Data Security
- The alpha drafts are due on March 7th at 23:59:59.
- The beta drafts are due on April 11th at 23:59:59.
- Final drafts will be downloaded from your github repos on May 9th at 23:59:59.