First, read all the questions to get an idea of the overall work, then read the Assignment Formatting Requirements for how to present your work. Next, research and choose a medium to large business organization and locate its website. Then, working with the principles and practices of security policy formation outlined in Chapter 4 of the textbook, develop your response to the assignment questions using your chosen organization as a reference point. Submit your assignment online by the due date using the assignment submission in the course website. Assignment 1 Requirements and Report structure Important note: Respond to the three questions in your own words. If you use quotations or paraphrase from literature, these must be correctly referenced using the Harvard referencing system. 1. Locate the Information or IT Security Policy at any organization of your own choosing, e.g. universities or large companies. Search the organisation's website for its information security policies. Outline or summarise the organization's security policies. Explain how Information Security management fits into general business management. (5 marks) 2. Using the security framework outlined in Chapter 4 of Whitman and Mattord, evaluate the comprehensiveness of each policy you found in the previous step. For example, which areas are missing? Are the policies adequate, and how do you determine adequacy? (10 marks) 3. Many organisations find it appropriate to create an issue-specific security policy (ISSP) to cover specific areas of concern. Frequently this may happen due to the swift rise of disruptive technologies, or to emerging trends in work practices, such as the trend to teleworking (allowing staff to work from home) or BYOD (allowing staff to bring their own computing devices for work use). (20 marks) For this question, consider an imaginary medium to large Government or semigovernment organization with up to 1,500 employees working across multiple business functional units with many external partners and connections, both physical and web-based. Assume that this organization has called you in as a consultant in Information Security Management to draft a security policy for them in either Teleworking, or in BYOD. Choose ONE of those two issues (Teleworking or BYOD), and then, using the principles of security policy formation, draft a comprehensive issue-specific security policy covering that issue, including a broad title for your policy. As 3 v.020315 part of drafting a set of policies under this broad policy heading, you will need to fully justify each policy, that is, explain your reasoning for its inclusion and its benefits, and taking care to explain any assumptions you have made about the organisation. If you have deliberately excluded any policy aspect, then clearly explain the reason for the exclusion of that aspect. To help you with this question, you should research and refer to existing literature on these issues and policies in real organisations. Remember to properly acknowledge all such sources in your list of References