Question

Your group is working for a global organization that handles highly classified intellectual property. In many situations and scenarios, the implementation and operations teams have been creating and setting up environments that violate your vision for security. After discussing the situation with various parties, they all admit they do not fully know or understand what is expected from them as they set up and configure the environment. To solve this situation, your group has been asked to create a network security policy for the organization.

Each group member will choose an element of the policy to design and the group will collaborate on what the overall design and outline should look like and include components from end user behavior and training plan, file and folder access, social engineering safeguards, bring your own device policies, use of external drives on company assets, security hardware, penetration testing, and affiliation of the information security department with law enforcement agencies.

Answer 1

Some of the network security policies are as follows:

1) To identify the risk

2) To learn the threat from others

3) Making sure that the policy conforms for the legal required informations

4) The level of security should be qual to that of the level of risk

5) During policy development staff should be included

6) Giving proper training to the employees

7) Making things legal

8) To setting up the penanlty and trying to enforce those

9) Properly installing the tools that is needed.