Define the scope of the policy (the personnel, equipment, and processes to which the policy applies). Provide guidelines for policy exceptions, if approved by the IT and Security departments.

SANS. No date. CIS Critical Security Controls. https://www.sans.org/critical-security-controls/?msc=main-nav This resource provides a list of case studies highlighting how security professionals have made improvements in their security controls. SANS. No date. Security Policy Templates. https://www.sans.org/information-security-policy/ This resource provides a number of security policy templates that might be helpful in drafting your policy documents. Write a 6–10 page paper in which you: Establish a system security monitoring policy addressing the need for monitoring, policy scope, and exceptions and supported by specific, credible sources. Justify the need for monitoring. Define the scope of the policy (the personnel, equipment, and processes to which the policy applies). Provide guidelines for policy exceptions, if approved by the IT and Security departments. Establish a system security patch management and updates policy addressing the need for patch management and updates, policy scope, and exceptions and supported by specific, credible sources. Justify the need for patch management and updates, aligned with ISO/IEC 27002. Define the scope of the policy (the personnel, equipment, and processes to which the policy applies). Provide guidelines for policy exceptions, if approved by the IT and Security departments.