Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Develop and list 10 high-level security policies for this company These should b

ID: 3911509 • Letter: D

Question

Develop and list 10 high-level security policies for this company These should be policies you think that any company would consider important. They should use basic language that is clear to all employees. Choose policies that will likely benefit from aving associated guidelines and/or standards. In order to reduce any ambiguity, develop standards or guidelines and list them under the policy they apply to. If any of these require input from other IT teams, state which teams. State how each of the security policies will be enforced. Note if . s enforcement is automated, manual, or left to the end user to interpret appropriately. Explain your reasoning briefly For each of these security policies, state what, if any, special training will be useful so that the policies are effective and followed by end users. Conclude, with suggestions and reasons, what tools "for example Web pages, databases, and Wiki" you might consider for delivering policies at a company

Explanation / Answer

The 10 high-level security policies for the company are -

Aim

The aim of this policy is to ensure the security of the organization's network. To do this the Trust will:

Ensure Availability

Ensure that the network is for users.

Preserve Integrity

Protect the network from unauthorized or accidental modification ensuring the accuracy and completeness of the organization's assets.

Preserve Confidentiality

Protect assets against unauthorized disclosure.

  One of the challenges facing IT departments today is securing both privately owned and corporate mobile devices, such as smartphones and tablet computers. This example policy is intended to act as a guideline for organizations who need to implement or update an existing mobile device security policy. Feel free to adapt this policy to suit your organization’s risk tolerance and user profile. Where required, adjust, remove or add information to customize the policy to meet your organization’s needs. This is not a comprehensive policy but rather a pragmatic template intended to serve as the basis for your own policy. Background to this policy Corporate IT departments faces two challenges when contemplating a BYOD policy: a mix of corporate and employee-owned devices accessing the organization’s network and data, and the use of those devices for both professional and personal purposes. With data flowing across public networks, to and from devices that are easily lost or stolen, protecting data becomes a paramount concern and the primary driving force for implementing Mobile Device Management systems and policies. Security must be central to an organization’s workforce mobility strategy in order to protect corporate data, maintain compliance, mitigate risk and ensure mobile security across all devices. This outline policy gives a framework for securing mobile devices and should be linked to other policies which support your organization’s posture on IT and data security. As a Bring Your Own Device program can only be successfully implemented if certain security policies are enforced, we would expect a Mobile Device Management solution to be a prerequisite for this policy.

Instant Messaging (IM) is a form of electronic communication enabling ad hoc and “live” collaboration through sending and receiving messages almost instantaneously across a network connection1. With the introduction of messaging tools such as ICQ2 and MSN Messenger3, more and more people are enjoying the convenience and ease provided by real-time messaging systems in their day-to-day life. IM has also found a place in business, for services such as communicating with customers and partners, offering customer support, receiving real-time alerts, as well as management and project coordination. IM tools support any process where quick response and rapid problem solving are needed, and where faster communication than emails or telephones is useful. In general, the user needs to download and install an IM client on his or her client device (which can be a desktop computer, smartphone or PDA) and set up a user account before he or she can communicate. An IM server acts as a database where contact points are located. For public IM services such as ICQ and MSN Messenger, the servers are hosted on the Internet. For corporate IM systems, IM servers might be hosted within the organization’s internal network.

Passwords are an important aspect of computer security. They are the front line of protection for user accounts. A poorly chosen password may result in a compromise of a company's entire network. As such, all a company's employees (including contractors and vendors with access to a company's systems) are responsible for taking the appropriate steps, as outlined below, to select and secure their password. Purpose The purpose of this policy is to establish a standard for the creation of strong passwords, the protection of those passwords, and the frequency of change. The scope of this policy includes all personnel who have or are responsible for an account (or any form of access that supports or requires a password) on any system that resides at any company's facility, has access to the company network and/or LEIN/NCIC network, or stores any non-public company LEIN-based Criminal Justice Information .

All Access Points must abide by all national regulations relating to Wireless Devices. All existing Access Points must conform to recommended specifications as defined by Information Services. All new Access Points must be purchased via Information Services, in-line with a company's current purchasing policy. All Access Points must follow the Information Services Standard Configuration settings for Access Points. Access Points will only support the 802.11b and 802.11g standards. Information Services prohibit the installation of any non-standard Access points. In line with the IT, Regulations Information Services has the right to disable any non-standard device which may cause interference with existing approved Access Points. The offending device may be removed without prior notice. Proactive monitoring of wireless networks is undertaken by Information Services on a regular basis and any unauthorized Access Point will be removed from the network. Any future request for installation of new Access Points must be directed through Information Services.

An internet usage policy provides employees with rules and guidelines about the appropriate use of company equipment, network, and Internet access. Having such a policy in place helps to protect both the business and the employee will be aware that browsing certain sites or downloading files is prohibited and that the policy must be adhered to or there could be serious repercussions, thus leading to fewer security risks for the business as a result of employee negligence. The Internet Usage Policy is an important document that must be signed by all employees upon starting work. Below is a Sample Internet Usage Policy that covers the main points of contention dealing with Internet and computer usage. The policy can then be tailored to the requirements of the specific organization.

The policy ensures that individuals who have a legitimate right to use, store and access a company's whilst ensuring that information is protected at all unauthorized or malicious access. This policy helps all staff of the company to ensure that assets are used, transmitted and stored correctly using appropriate methods -

Purpose The purpose of this policy is to define web application security assessments within. Web application assessments are performed to identify potential or realized weaknesses as a result of inadvertent misconfiguration, weak authentication, insufficient error handling, sensitive information leakage, etc. Discovery and subsequent mitigation of these issues will limit the attack surface of services available both internally and externally as well as satisfy compliance with any relevant policies in place. This policy covers all web application security assessments requested by any individual, group or department for the purposes of maintaining the security posture, compliance, risk management, and change control of technologies in use at. All web application security assessments will be performed by delegated security personnel either employed or contracted by. All findings are considered confidential and are to be distributed to persons on a “need to know” basis. Distribution of any findings outside of is strictly prohibited unless approved by the Chief Information Officer. Any relationships within multi-tiered applications found during the scoping phase will be included in the assessment unless explicitly limited. Limitations and subsequent justification will be documented prior to the start of the assessment.

Installation of unauthorized computer programs and software, including files downloaded and accessed on the Internet, can easily and quickly introduce serious, fast-spreading security vulnerabilities. Unauthorized software programs, even those seemingly provided by reputable vendors and trusted companies, can introduce viruses and Trojan programs that aid hackers' attempts to illegally obtain sensitive, proprietary, and confidential data. Protecting the organization's computers, systems, data, and communications from unauthorized access and guarding against data loss is of paramount importance; adherence to the following Software Installation Policy serves a critical role in the process.

This policy's purpose is to ensure that every employee, contractor, temporary worker, and volunteer understands and agrees to abide by specific guidelines for software, program, and application installation and use on organization-provided computers, systems, and networks. Also included is a risk assessment spreadsheet that helps you determine the importance of a software restriction policy for your network.

The purpose of this policy is to outline the acceptable use of computer systems, voice, video and data networks, information and data, and other information technology resources at the Community College of Rhode Island. These rules are in place to protect students, faculty, staff and the College. Inappropriate use exposes the College to a number of risks, including but not limited to virus attacks, the compromise of network systems and services, theft of Personally Identifiable Information, and legal liability.

DEFINITIONS:

Information technology includes but is not limited to desktop computers, workstations, network servers, mainframe computers, software, digital information and voice, video and data networks, including official College pages on social networking sites.

Guidelines for General Use

All These policies enforcement should be done by taking the sign of employee on user agreement so that he will get to know about the policy.

Related Questions

Develop an actual program for finding the most frequently occuriring value in an
Question #3547805
Develop an alarm clock that is a graphical user interface that allows the user t
Question #3807273
Develop an algorithm and implement in C++ to simulate a single elevator in a 10-
Question #3578631
Develop an algorithm and implement in C++ to simulate a single elevator in a 10-
Question #3578809
Develop an algorithm and implement in C++ to simulate a single elevator in a 10-
Question #3580631
Develop an algorithm and implement in C++ to simulate a single elevator in a 10-
Question #3580809
Develop an algorithm and write the JavaScript that allows a student to enter two
Question #3543753
Develop an algorithm and write the JavaScript that creates a web page that enabl
Question #3543739
Dr Jack
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Chat Now And Get Quote

Navigate

Previous
Develop and implement a program that checks if an integer input is in the range
Next
Develop and save the stored procedure usp_Insert_Customer to insert one customer

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.