Question

CC3D- If you were asked by your employer to develop a new Information Security Policy, where would you turn to find resources to build this policy? List the two most important items you would include in this new policy and explain why you felt these were most important.

Answer 1

`Hey,

Note: Brother if you have any queries related the answer please do comment. I would be very happy to resolve all your queries.

"Information security policies" form the cornerstone of an organization’s information security
program. Without formal information security policies and standards, an organization cannot
effectively secure its critical information assets.
The simple fact that policies and standards are the necessary foundation of effective
information protection is why?

• MasterCard and Visa require organizations that accept their credit and debit cards to have information security policies and standards
• Every information security effective practice contains a requirement for organizationwide information security policies and standards
• In the event of an information incident negatively affecting 3rd-parties, it may be argued that the absence of information security policies and standards is evidence of information negligence.

Information security policies and standards can significantly reduce the frequency, duration and
cost of information security incidents.
Information security policies and standards

1. establish management’s commitment to securing critical information assets
2. establish uniform organizational standards for securing critical information assets
3. provide guidance to managers and other employees as to their information security responsibilities, obligations and duties
4. provide standards for use by IT personnel in securely configuring and maintaining the IT Infrastructure
5. provide the foundation for complying with legal responsibilities associated with holding sensitive information of others, such as personal health or financial information, or proprietary information belonging to others

1. Identify the various classes of policy users
Different classes of users have different information security roles and responsibilities. Your
receptionist, your lead IT director, and a vendor all have different responsibilities. The
organization may very well need different information security policies and standards for each
of its different classes of users. These will, of course, have to be consistent across different
classes of users.
These different kinds of users may include:
1. Management, including Boards, executive management, and other management
2. End users, including employees, contractors, and consultants
3. Information system personnel, including employees, contractors, and consultants
4. Customers
5. Vendors, suppliers and other business partners
Seven Requirements for Successfully Implementing
Information Security Policies
Make sure you understand these different kinds of users and the different kinds of information
they are going to need to do their job.

2. Malware Protection
IT is to install ISM-approved anti-malware software on all workstations and servers to prevent,
detect, and eradicate malicious code (e.g., viruses, Trojan horses, spyware, key loggers, adware
etc.).
IT is to configure anti-malware software so that

• All files coming from external sources are checked before execution or usage
• Suspected malware is logged and IT is alerted.
• Full malware scans are conducted daily.
• Malware signature files are updated daily.
• Program updates are installed as soon as available.

Conculsion:

Mainly we need to aware from MalWare Protection.Currently we have hackers, those are hacking our accounts by making Fraud calls ,messages and hacking our accounts to earn money from our bank accounts.so that our government need to be strict for this protection to help for people in society.

Kindly revert for any queries

Thanks.