Swamped with your writing assignments? Take the weight off your shoulder!
Research and find answers to the below Part 1: Research Security Policy Frameworks
Navigate to https://www.sans.org/reading-room/whitepapers/policyissues/information-security-policy-development-guide-large-small-companies-1331 . Read Sections 1-5 of the SANS Policy Development Guide.
1. Summarize the Policy Development Guide’s recommendations for organizing a policy hierarchy and selecting policy topics.
2. Describe the core principles and objectives of COBIT 2019. (Navigate to https://www.cio.com/article/3243684/what-is-cobit-a-framework-for-alignment-and-governance.html.)
Part 2: Define a Security Policy Framework
Review the following list of risks, threats, and vulnerabilities at the fictional Healthwise Health Care Company
Unauthorized access from public Internet
Hacker penetrates IT infrastructure
Communication circuit outages
Workstation operating system (OS) has a known software vulnerability
Unauthorized access to organization-owned data
Denial of service attack on organization’s e-mail
Remote communications from home office
Workstation browser has software vulnerability
Weak ingress/egress traffic-filtering degrades performance
Wireless Local Area Network (WLAN) access points are needed for Local Area Network (LAN) connectivity within a warehouse
User destroys data in application, deletes all files, and gains access to internal network
Fire destroys primary data center
Intraoffice employee romance gone bad
Loss of production data
Need to prevent rogue users from unauthorized WLAN access
LAN server OS has a known software vulnerability
User downloads an unknown e-mail attachment
Service provider has a major network outage
User inserts a USB hard drive with personal photos, music, and videos on organization-owned computers
Virtual Private Network (VPN) tunneling between the remote computer and ingress/egress router
1. For each risk, threat, or vulnerability in the list above, select an appropriate security policy that might help mitigate it. You can select one of the SANS policies or choose one from the following list.
Acceptable Use Policy
Access Control Policy
Business Continuity—Business Impact Analysis (BIA) Policy
Business Continuity and Disaster Recovery Policy
Data Classification Standard and Encryption Policy
Internet Ingress/Egress Traffic Policy
Mandated Security Awareness Training Policy
Production Data Backup Policy
Remote Access Policy
Vulnerability Management and Vulnerability Window Policy
Wide Area Network (WAN) Service Availability Policy
2. Organize the security policies you selected so that they can be used as part of an overall framework for a layered security strategy.
A user at XXX has been using company network resources to download torrent files onto a USB drive and transfer those files to their home computer. IT tracked down the torrent traffic during a recent network audit. Unfortunately, the company does not have a current policy that restricts this type of activity.
1. Identify at least two appropriate policies that should be in place to define this type of behavior and the consequences thereof.
2. Write a brief overview for C-level executives explaining which policies should be added to the company’s overall security policy framework, why they should be added, and how those policies could protect the company.