You have been hired as the CSO (Chief Security Officer) for an organization. Your job is to develop a computer and internet security policy for the organization that covers the following areas: Make sure you are sufficiently specific in addressing each area. There are plenty of security policy and guideline templates available online for you to use as a reference or for guidance. Your plan should reflect the business model and corporate culture of a specific organization that you select. Include at least 3 scholarly references in addition to the course textbook.  The UC Library is a good place to find these references. At least two of the references cited need to be peer-reviewed scholarly journal articles from the library. Your paper should meet the following requirements: • Be approximately four pages in length, not including the required cover page and reference page. • Follow APA7 guidelines. Your paper should include an introduction, a body with fully developed content, and a conclusion. • Support your answers with the readings from the course and at least three scholarly journal articles to support your positions, claims, and observations, in addition to your textbook. The UC Library is a great place to find resources.


As the Chief Security Officer (CSO) for an organization, the development of a comprehensive computer and internet security policy is crucial. This policy will ensure the protection of the organization’s confidential data, safeguard its computer systems from unauthorized access, and establish guidelines for safe internet usage. The policy should be tailored to fit the specific business model and corporate culture of the organization, ensuring relevance and effectiveness. This paper will outline the key areas that need to be addressed in the security policy, providing specific recommendations and justifications based on scholarly research.

1. Access Control

One critical aspect of the security policy is access control. This involves determining who has access to the organization’s computer systems and the level of access granted. A comprehensive access control policy should establish guidelines for user authentication, password management, and privilege management. It is recommended that the organization implements multi-factor authentication, such as a combination of passwords and biometric systems, to enhance security. Additionally, regularly updating user passwords and limiting privileges based on job roles should be enforced.

Research by Chen, Ramamurthy, & Wen (2012) highlights the importance of access control policies in preventing unauthorized access to computer systems. They suggest that organizations should adopt a layered approach, combining physical, network, and application-level security measures, to ensure comprehensive protection.

2. Data Protection

Protecting the organization’s data is of utmost importance. The security policy should outline measures to safeguard sensitive information from unauthorized disclosure, alteration, or loss. Encryption, both at rest and in transit, should be implemented to protect data integrity and confidentiality. Regular data backups, preferably stored in an off-site location, should also be conducted to mitigate the risk of data loss.

According to research by Moghimi & Schultz (2016), data protection policies should extend beyond traditional perimeter-based defenses to address the increasing threats posed by advanced cyber-attacks. They recommend the use of granular data access controls and encryption mechanisms to protect sensitive data.

3. Internet Usage

A comprehensive security policy should address safe internet usage by employees. This includes guidelines for browsing, email usage, software downloads, and social media access. The policy should restrict access to potentially harmful websites, prohibit the download of unauthorized software, and educate employees on the risks associated with phishing emails and social engineering attacks.

Barrera, Dos Santos, & Preciado (2014) stress the value of user awareness and training programs in reducing the likelihood of successful cyber-attacks. They suggest regular employee training sessions that cover safe internet practices as an effective measure in enhancing overall security.


Developing a computer and internet security policy that addresses access control, data protection, and safe internet usage is critical in ensuring the security of an organization’s computer systems and confidential data. Implementation of such a policy will protect against unauthorized access, safeguard sensitive information, and mitigate the risk of cyber-attacks. By considering the recommendations outlined in this paper, the organization can establish a strong security policy that aligns with its business model and corporate culture. This will ultimately contribute to a secure and resilient computing environment.

Need your ASSIGNMENT done? Use our paper writing service to score better and meet your deadline.

Click Here to Make an Order Click Here to Hire a Writer