Order from us for quality, customized work in due time of your choice.
Please Seperate Each Response
Discussion 1: (205 Words)
Every cybersecurity program requires policies. They must be consistent, and optimally flow from an established standard. Policies are often reviewed and audited, so they all must contain not only key elements that are designed to secure data, but high level things like purpose, scope, etc.
Create a policy template. What elements should it contain? Here are a few items that it must contain. For each section, provide guidance on what a person would need to do to successfully create a policy based on the template. To be clear – this is a template that is to be used for all policies that would be created for an organization. This is to be delivered as an MS Word document, and attach it to the DB post. Summarize your key elements in the body of your DB post.
Sections that would always need to be required include:
Purpose
Scope
Roles and Responsibilities (who does it apply to and their general responsibilities)
Policy Statements (this is a list of multiple policy clauses)
Enforcement/Exceptions (how it will be enforced, and how exceptions are granted)
Discussion 2: (110 Words)
Agree or Disagree? Why? (Use attached Word Document)
It contains the purpose and scope of this policy. The roles and responsibilities include the CISO, IT security manager, IT security team, Employees, and contractors and third-party associates. The policy statements (thus far) include secure network and system maintenance and development, data protection, incident response, access controls, physical security, cloud integration, and audits/compliance. It also contains enforcement and exceptions. For someone to be successful in implementing a policy based on this template one would most likely need to review and update the policy as time goes on to ensure changes are made over time. One would also need to find a way to implement training throughout the organization to ensure there is an understanding of this policy.
One would need to find out the purpose for the policy they are creating and why it is important and what it adheres to. One would then need to find out who or what should be abiding by the policy within the organization. One would then need to find out who the policy applies to and create some definition on what they should do or need to do. There should be policy statements to ensure the policy is addressing all the correct material. There should also be ways to enforce the new policy AS WELL AS there being exceptions to the rule due to unconventional circumstances.
Discussion 3: (205 Words)
When an organizational asset is handed to an employee, it is important that they know the rules of use of that asset – hence, the Acceptable Use Policy.
Create a draft of a user Acceptable Use Policy. For this DB – just the components are necessary to be placed into the DB itself – don’t attach anything just yet. What actions are acceptable? What are actions that are expressly prohibited? (Note – generally policies are written where all statements should be positive – but this is a draft, we are getting all ideas on the table. We will turn those into positive statements when we create the final version).
Create at least 10 policy clauses
Discussion 4: (110 Words)
Agree or Disagree? Why?
The acceptable use policy (AUP) is a policy that governs how a user can access the network and the internet. It applies restrictions on what the user should and should not be able to do and ensures the user is aware of safe practices. The acceptable use policy does not stop the user from engaging in malicious activity, but it will state what is acceptable and unacceptable employee behavior while utilizing resources. The AUP will also state that if employees do violate the AUP, the employee will be subject to disciplinary actions which include and are not limited to verbal warning, written warning, being downgraded in access privileges, and even termination (Kirvan, 2022).
1) Clean Desk
This ensures that there is to be no sensitive data on your desk as paperwork may pile up. Your desk should be tidy with sensitive data out of reach from other individuals and/or locked in a file or cabinet that only certain individuals have access to
2) Internet Use
The use of the internet should only be applicable for the purposes of the organization. Employees should be using the internet to conduct work, send e-mails, collaborate with other teams, and aid in the organization.
3) Email Use
Email usage should be used for primarily business-related purposes.
Employees should avoid sending unnecessary emails in communication.
Please remain professional in your emails and refrain from using offensive or inappropriate language.
4) Network Security
Employees must not attempt to deactivate, evade, or tamper with any security mechanism that has been put in place on the network. This includes but is not limited to firewalls, intrusion detection/prevention systems, anti-virus software, etc.
5)Device Security
If a device is lost or stolen, please notify the IT department immediately. IT will need to ensure data is secure on the device and quick response time is impeccable.
Devices must be enrolled in multi-factor authentication (if possible).
Devices must be locked after a certain period of use/inactivity.
Devices must be secured with strong passwords.
6) Physical Security
Employees must lock their device to prevent unauthorized access.
Employees must ensure their devices are out of reach and use of other individuals if not being used by themselves. Devices can be stored or locked in a cabinet at a desk.
7) Incident Reporting
Employees must report any suspicious activity to the IT security department. The quicker an employee is to report something, the faster it can have actions taken against the incident.
Employees are required to co-operate with investigation for security related incidents.
8) Personal Devices
Employees will not use their own personal devices to access organizational data UNLESS usage of organizational data has been approved for usage on the specified device.
The device must adhere to the organizations policies on password complexity, encryption, and the appropriate security stack.
9) Social Media Usage
(For purposes of this AUP, I will say the use of social media is prohibited on organizational devices ALTHOUGH some organizations allow social media access) Employees will not be allowed to access social media platforms on organizational devices.
Any employee who uses social media on their device will be subject to disciplinary actions.
10) Audit and Monitoring
Employees will be informed that the organization has the right to monitor and report anything the user uses the device for. The organization has the right to monitor email use, internet use, all logs on the user’s machine, and anything else that might jeopardize the safety of the organization.
FRSecure (2021) <- The outline of my work was sourced and referenced from here.
References:
FRSecure. (2021, July 29). Acceptable Use Policy Template | FRSecure. Frsecure.com. https://frsecure.com/acceptable-use-policy-template/
Kirvan, P. (2022, June). What is acceptable use policy (AUP)? - Definition from WhatIs.com. WhatIs.com. https://www.techtarget.com/whatis/definition/acceptable-use-policy-AUP
Order from us for quality, customized work in due time of your choice.