can anyone create a security policy for this. Human errors, negligence, and gree
ID: 3722700 • Letter: C
Question
can anyone create a security policy for this.
Human errors, negligence, and greed are responsible for most thefts, frauds, or misuse of facilities. Organizati ons need to implement controls for security in the hiring, employing, and termination of staff, management, and directors. Controls include personnel screening, acceptable use, confidentiality agreements, and terms and conditions of employment. This domain al so addresses training employees in the correct (secure) use of information systems and how they can minimize the likelihood of security breaches. Lastly, the domain addresses the way an organization should respond to incidents affecting security and incident reporting mechanisms. Human nature is to be trusting. This domain reminds us that there are both good and bad people and that we need to keep our eyes wide open. The Human Resources Department should be involved in this area. Note what is commonly overlooked are the procedures for dismi ssal or someone leaving Using what you have learned and read for this Unit, write a policy based on the above information. Research the web for laws and policies to back-up your policy. This should be at least a page or more in length.Explanation / Answer
Business owners have legal obligations to secure data and protect the privacy of their customers' information. Learn more about your legal obligations to protect privacy and information.
To safeguard your online customers you need policies that comply with the laws on privacy, spam and electronic transfers. Policies can cover:
A privacy policy should outline how your business collects and stores data, how the information can and cannot be used, and restrictions on sharing data with a third party.
Unsolicited commercial emails are illegal, so develop a policy to ensure you have permission to send messages to contacts.
Encourage staff to read and understand your business policies and code of conduct. Learn more about staff training and codes of conduct.
Electronic transaction laws
Legally there is no difference between electronic financial transactions and cash transactions, and your online security must comply with national and state laws.
Procedures for using IT systems
You must have defined procedures about using and accessing IT data and systems, backing up data and data protection. Such procedures define how employees and contractors behave. For example, IT procedures could instruct staff to always delete spam without opening attachments, which can contain viruses.
IT risk management and business continuity planning
You need to identify risks to your IT data and systems and put in place measures, such as SSL certificates, firewalls, passwords and anti-virus software, to protect you and your customers. A risk management plan can help you identify and manage risks to IT data and systems.
A business continuity plan can minimise the damage, interruption and loss of business, and identify which critical business functions, equipment and data need to be restored first. This practical strategy:
1. The Scope of the Policy
The Website Security Policy is applicable to the collection, utilization, and protection of personal data when you are browsing the Website; however, it is not applicable to the other websites that are linked therefrom. When one follows links to other websites, the website security policies of that website apply.
2. The Control of Data Access
System data access and authorization requirements shall be implemented; written, electronic, or other means of notification shall be established to inform the staff and the users of the permissions and responsibilities of the site.
The authorization privileges for various data resources shall be immediately cancelled for staff who have resigned or have been terminated; this shall be regarded as the mandatory procedure for employment termination and resignation. For any adjustment or alteration of staff duty, authorization shall be adjusted within a certain period time according to the data access privileges of the new position.
A user registration management system shall be established to strengthen user password management. User passwords, in principle, shall not be used for a period longer than six months.
When system service vendors remotely log into the system for maintenance, security control measures shall be enhanced. A relevant roster shall be created for personnel with such responsibility.
An auditing system for data security shall be established to periodically or randomly execute data security audits.
The Website Security Procedures and Rules
4. The security management of the firewall
5. The principles of data backup operation
6. Data recovery operation principles
Related Questions
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.