Part 1: Research Security Policy Frameworks (0/2 completed)
Note: In this part of the lab, you will review internet resources on security policy frameworks in order to form a basis for their purpose and usage. Understanding the reason behind a security policy framework is key to understanding the component policies and procedures. Please take the time to review the research thoroughly and think through the concepts behind the framework itself.
1. In your browser, navigate to https://www.sans.org/reading-room/whitepapers/policyissues/information-security-policy-development-guide-large-small-companies-1331.
2. Read Sections 1-5 of the SANS Policy Development Guide.
3. Summarize the Policy Development Guide’s recommendations for organizing a policy hierarchy and selecting policy topics.
Note: It is important to understand how and why a policy differs from a standard, a procedure, and a guideline. From the top down, the policy should not change or need modification unless a major shift in corporate values or business process occurs. On the contrary, guidelines should be reviewed, and possibly changed, often.
Similarly, even though a policy should be written clearly and concisely, it is a high-level document answering the “why” questions. Standards are also high level, but they answer the “what” questions. Finally, the procedures and guidelines provide the “how.”
Examples of security policy and guideline templates are available from the SANS Institute at https://www.sans.org/information-security-policy/.
In the next steps, you will learn about COBIT 2019, a popular industry-standard policy framework.
4. In your browser, navigate to https://www.cio.com/article/3243684/what-is-cobit-a-framework-for-alignment-and-governance.html.
5. Describe the core principles and objectives of COBIT 2019.
Part 2: Define a Security Policy Framework (0/2 completed)
Note: Understanding both unique and universal risks to your organization’s IT infrastructure is essential to developing an appropriate IT security policy framework for your organization. In this part of the lab, you will review a list of risk, threats, and vulnerabilities and define appropriate policies to mitigate them. Next, you will organize your policies into a policy framework.
1. Review the following list of risks, threats, and vulnerabilities at the fictional Healthwise Health Care Company.
- Unauthorized access from public Internet
- Hacker penetrates IT infrastructure
- Communication circuit outages
- Workstation operating system (OS) has a known software vulnerability
- Unauthorized access to organization-owned data
- Denial of service attack on organization’s e-mail
- Remote communications from home office
- Workstation browser has software vulnerability
- Weak ingress/egress traffic-filtering degrades performance
- Wireless Local Area Network (WLAN) access points are needed for Local Area Network (LAN) connectivity within a warehouse
- User destroys data in application, deletes all files, and gains access to internal network
- Fire destroys primary data center
- Intraoffice employee romance gone bad
- Loss of production data
- Need to prevent rogue users from unauthorized WLAN access
- LAN server OS has a known software vulnerability
- User downloads an unknown e-mail attachment
- Service provider has a major network outage
- User inserts a USB hard drive with personal photos, music, and videos on organization-owned computers
- Virtual Private Network (VPN) tunneling between the remote computer and ingress/egress router
2. For each risk, threat, or vulnerability in the list above, select an appropriate security policy that might help mitigate it. You can select one of the SANS policies or choose one from the following list.
- Acceptable Use Policy
- Access Control Policy
- Business Continuity—Business Impact Analysis (BIA) Policy
- Business Continuity and Disaster Recovery Policy
- Data Classification Standard and Encryption Policy
- Internet Ingress/Egress Traffic Policy
- Mandated Security Awareness Training Policy
- Production Data Backup Policy
- Remote Access Policy
- Vulnerability Management and Vulnerability Window Policy
- Wide Area Network (WAN) Service Availability Policy
3. Organize the security policies you selected so that they can be used as part of an overall framework for a layered security strategy.
Challenge Exercise (0/2 completed)Note: The following challenge exercise is provided to allow independent, unguided work – similar to what you will encounter in a real situation.
A user at Digital Innovation Products has been using company network resources to download torrent files onto a USB drive and transfer those files to their home computer. IT tracked down the torrent traffic during a recent network audit. Unfortunately, the company does not have a current policy that restricts this type of activity.
Identify at least two appropriate policies that should be in place to define this type of behavior and the consequences thereof.
Write a brief overview for C-level executives explaining which policies should be added to the company’s overall security policy framework, why they should be added, and how those policies could protect the company.
SortMyEssay.com is an online academic writing platform that provides customers with high-quality papers, regardless of their academic level or the country they come from. Founded in 2012, SortMyEssay.com has quickly become one of the leading providers of quality academic writing services across the globe. It is well known for its exceptional customer service and its dedication to providing only top-notch content to its customers.
At SortMyEssay.com, we understand that not all students are on the same academic level – some may be just starting out, while others may have already completed a number of degrees in various disciplines – so our team strives to provide essays that meet each student’s individual needs. Our writers have been specially trained to write according to different levels of students and also customize each essay according to the client’s specific requirements and instructions given by their professor/teacher/lecturer etc., thus ensuring accuracy and quality at all times.
When it comes to undergraduate (UG) essays, our writers focus on topics such as Accounting, Biology, Computer Science, Economics, English Literature and Language Arts among many others; Masters’ (MA) essays usually require profound knowledge about a particular subject matter or topic with respect to which our experts are well versed; Doctoral (PhD) essays call for original research work based on primary sources; Postgraduate (PG certificate/diploma) essays are more focused on extensive secondary source review focusing on areas such as Business Administration or Human Resource Management; And finally Professional Certification courses requires up-to-date knowledge about current developments & trends within a particular field like Project Management or Quality Assurance etc.. Such broad range allows us to accommodate almost any request made by our esteemed customers who can rest assured knowing their essay will be written perfectly tailored towards their current educational goals & aspirations!
Our commitment towards excellence doesn’t stop at just meeting your individual needs but extends even further when it comes countries served – SortMyEssay covers nearly every country around the world including USA , UK , Canada , Australia , Germany , France among other countries making sure there’s nothing stopping you from achieving success! Our staff consists of professional writers committed towards delivering top notch content while keeping prices affordable enough so everyone can benefit from them no matter what part of world they live in !
Furthermore we ensure strict adherence towards deadlines set forth by clients so you don’t miss any important milestones along your way . We believe time is valuable & should not be wasted trying to figure out how produce high quality paper without breaking bank – which is exactly why we turn impossible into possible & always deliver ahead schedule !
All in all we strive hard everyday make sure none our clients ever disappointed with services provided here at sortmyessay . With expert assistance available round clock guarantees fast turnaround time helping them secure good grades . As one biggest players industry today you can rely us full confidence knowing your assignment safe hands . So go ahead contact now get started journey success !
At SortMyEssay.com, we understand that quality is the key to successful academic writing and this is why all of our papers are written by experienced professionals who have extensive knowledge in their respective fields. We also ensure that each paper goes through multiple levels of review before being delivered to the customer, which includes a rigorous plagiarism check as well as editing for grammar mistakes & typos. This guarantees that only the best-written papers make it into your hands!
Although essays are our specialty, we do not limit ourselves to just this service – our writers can assist with any type of academic writing you may require such as term papers, research papers, coursework assignments & even dissertations so don’t hesitate contact us if you need help completing more complex tasks!
We take pride in delivering quality services to all clients at an affordable price and believe that everyone deserves access to high-quality content regardless of their location or budget. Our commitment towards excellence has earned us accolades from customers around world making us one best online academic writing platforms available today !
So what are you waiting for ? Get started now and experience the power behind sortmyessay ! You won’t regret it