Question

In: Computer Science

CC3D- If you were asked by your employer to develop a new Information Security Policy, where...

CC3D- If you were asked by your employer to develop a new Information Security Policy, where would you turn to find resources to build this policy? List the two most important items you would include in this new policy and explain why you felt these were most important.

Solutions

Expert Solution

`Hey,

Note: Brother if you have any queries related the answer please do comment. I would be very happy to resolve all your queries.

"Information security policies" form the cornerstone of an organization’s information security
program. Without formal information security policies and standards, an organization cannot
effectively secure its critical information assets.
The simple fact that policies and standards are the necessary foundation of effective
information protection is why?

  • MasterCard and Visa require organizations that accept their credit and debit cards to have information security policies and standards
  • Every information security effective practice contains a requirement for organizationwide information security policies and standards
  • In the event of an information incident negatively affecting 3rd-parties, it may be argued that the absence of information security policies and standards is evidence of information negligence.

Information security policies and standards can significantly reduce the frequency, duration and
cost of information security incidents.
Information security policies and standards

  1. establish management’s commitment to securing critical information assets
  2. establish uniform organizational standards for securing critical information assets
  3. provide guidance to managers and other employees as to their information security responsibilities, obligations and duties
  4. provide standards for use by IT personnel in securely configuring and maintaining the IT Infrastructure
  5. provide the foundation for complying with legal responsibilities associated with holding sensitive information of others, such as personal health or financial information, or proprietary information belonging to others


1. Identify the various classes of policy users
Different classes of users have different information security roles and responsibilities. Your
receptionist, your lead IT director, and a vendor all have different responsibilities. The
organization may very well need different information security policies and standards for each
of its different classes of users. These will, of course, have to be consistent across different
classes of users.
These different kinds of users may include:
1. Management, including Boards, executive management, and other management
2. End users, including employees, contractors, and consultants
3. Information system personnel, including employees, contractors, and consultants
4. Customers
5. Vendors, suppliers and other business partners
Seven Requirements for Successfully Implementing
Information Security Policies
Make sure you understand these different kinds of users and the different kinds of information
they are going to need to do their job.

2. Malware Protection
IT is to install ISM-approved anti-malware software on all workstations and servers to prevent,
detect, and eradicate malicious code (e.g., viruses, Trojan horses, spyware, key loggers, adware
etc.).
IT is to configure anti-malware software so that

  • All files coming from external sources are checked before execution or usage
  • Suspected malware is logged and IT is alerted.
  • Full malware scans are conducted daily.
  • Malware signature files are updated daily.
  • Program updates are installed as soon as available.

Conculsion:

Mainly we need to aware from MalWare Protection.Currently we have hackers, those are hacking our accounts by making Fraud calls ,messages and hacking our accounts to earn money from our bank accounts.so that our government need to be strict for this protection to help for people in society.

Kindly revert for any queries

Thanks.


Related Solutions

Your new employer has asked you to develop three new ads for Google Ads: The produce...
Your new employer has asked you to develop three new ads for Google Ads: The produce or service must be a local small business of your choosing Use the resource material in this week’s folder to guide you – especially the PPC template Include the headlines, descriptions, URL paths and final URL for each ad
1. You have been asked to develop a manual for your provider-employer. The manual is to...
1. You have been asked to develop a manual for your provider-employer. The manual is to detail a chemical hvgiene plan (CHP) for all employees in the office. How would you proceed? What should be included In the plan? In the CHP, include three major goals that will ensure the provider-employer's conmpliance with the hazard standard. 2. you have been asked to compile a manual of the SDSS for chemicals used in your workplace. What must be included in the...
Assume that you are planning to develop a policy for your company where you want to...
Assume that you are planning to develop a policy for your company where you want to introduce drug testing. Based on the reading, develop a policy which is non-discriminatory and legitimate.
Define, discuss and develop information security policy with all its elements.
Define, discuss and develop information security policy with all its elements.
Imagine that you are the Information Security Officer (ISO) of your organization. Develop a plan to...
Imagine that you are the Information Security Officer (ISO) of your organization. Develop a plan to conduct a Web application penetration test on your network. Identify and explain all steps necessary to successfully complete the test.
If your Director asked you to develop a new performance appraisal process for your staff, describe...
If your Director asked you to develop a new performance appraisal process for your staff, describe what type it would be, how often you would conduct it (be realistic), and at least four employee behaviors you would want to assess.
You have recently joined Royal Security Services as an information security intern. Your supervisor has asked...
You have recently joined Royal Security Services as an information security intern. Your supervisor has asked you to research two network firewalls. In this regard, you have to create a table by comparing features of firewalls in terms of filtering methods (stateless or stateful filtering), additional features these firewalls support (IDS, content filtering, etc.), and the cost of each firewall. Which one you would recommend to your supervisor? Justify your answer. please give answer in tabular form
Your company asked you to develop a new software. Explain the following : 1. What software...
Your company asked you to develop a new software. Explain the following : 1. What software development methodology you will use and why? 2. List two models, tools, and techniques you will use and explain why you used each one?
IHE Profiles If you are working in the IS department and were asked to develop interoperability...
IHE Profiles If you are working in the IS department and were asked to develop interoperability between two applications, why might you want to use IHE profiles? Have you had any situations where you had been asked to help with an interoperability initiative and wondered how you would start - this can be a situation in healthcare or not, IT or not. How did you get started?
Using your client's information and what you have learned in this course, develop an investment policy...
Using your client's information and what you have learned in this course, develop an investment policy statement for your client, offer recommendations for the client's portfolio, and provide a justification for the recommendations presented. The policy statement should be 500-750 words and must include the following information: A detailed explanation of the investment policy statement, including the investment objectives for the portfolio, based on the unique needs and preferences of the client. Description of any investment constraints, liquidity needs, and...
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT