Question

In: Computer Science

You are the Information Security Officer of Mahtmarg Manufacturing a small manufacturing company worth approximately $5...

You are the Information Security Officer of Mahtmarg Manufacturing a small manufacturing company worth approximately $5 Million who provides fiber cable to local businesses, individual customers and to government organizations. In the course of the next eight weeks you will be creating your Information Security Plan (Issue-Specific Security Policy in Table 4-3 of the textbook) step by step using this scenario..

Your Task


Step 2: Develop the Authorized Uses section of your ISP

In this week’s Lab you will develop the Authorized Use section of your ISP to include:

Who can use the technology?

Define fair and responsible use.

Explain how the company will protect personal as well as proprietary information.

Include access to company systems from ‘outside connections’ (e.g. – public hotspot)

Solutions

Expert Solution

ANSWER:

Authorized Uses section of your ISP

All employees including the third party contractors, vendors and users with guest access to the network should comply with this Policy.

Access

A user may not attempt an unauthorized access to interfere with the normal functioning or operation or security of the network, system, computing facility, equipment, data or information. A user may not use the service to engage in any activities that may interfere with the ability of other users to access the services on the network.

User will be solely responsible to educate them with the banner mails sent time to time regarding securing your system and network and adhere their system with all the basic securities measures required to be taken.

No user should intentionally or negligently inject malicious data from the internet or other sources in form of incorrect routing or DNS information.

Users agree to use Mahtmarg Manufacturing and service for lawful purposes only. Users will be solely responsible in case of violation of any applicable law or regulation.

Usage Policy & Protecting Information

Transmission, distribution or storage of any material not limited to copyright, trademark, trade secret or other intellectual property right used without proper authorization is prohibited.

Subscribing to mailing list without permission of the email owner is prohibited.

Advertising, transmitting or providing any software or program which violates the Acceptable Usage Policy of any the Mahtmarg Manufacturing or any other service provider is prohibited.

Being involved in activities causing denial of service will result in legal implications

Operating on someone else’s behalf and using his/her credentials will stand the violation of the Policy

Computers and other equipment’s used to access the facilities inside the company should not be left unattended, should always be locked or logged off in not currently used.

Each individual should take care to ensure physical security; no outside equipment’s should be carried inside the company.

Any irresponsible handling of company’s asset or any use which brings disrepute to company is unacceptable.

Any suspectable access or breach should be immediately reported, only licensed software’s should be used and no breach of software licensing agreement is acceptable.

Great care needs to be taken while disposing information, confidential paper waste must be disposed of in accordance with formal company procedures and any electronic information must be securely erased or otherwise rendered inaccessible prior to leaving.

If not sure about the authenticity and validity of request, no request should be acted upon by emails or any other means.


Related Solutions

You have recently joined Star Technical Solutions as an information security officer. The company has been...
You have recently joined Star Technical Solutions as an information security officer. The company has been using SSL in a business-to-business environment for a number of years. Despite the fact that there have been no compromises in security, you want to use another protocol which offers stronger security than SSL. Which protocol is similar to SSL but offers stronger security? Justify your answer by comparing the features of SSL and your proposed protocol in a tabular form. b) One of...
You have recently joined Star Technical Solutions as an information security officer. The company has been...
You have recently joined Star Technical Solutions as an information security officer. The company has been using SSL in a business-to-business environment for a number of years. Despite the fact that there have been no compromises in security, you want to use another protocol which offers stronger security than SSL. Which protocol is similar to SSL but offers stronger security? Justify your answer by comparing the features of SSL and your proposed protocol in a tabular form.
Imagine that you are the Information Security Officer (ISO) of your organization. Develop a plan to...
Imagine that you are the Information Security Officer (ISO) of your organization. Develop a plan to conduct a Web application penetration test on your network. Identify and explain all steps necessary to successfully complete the test.
Imagine this is your first day as Senior Chief Information Security Officer (CISO) of Company A....
Imagine this is your first day as Senior Chief Information Security Officer (CISO) of Company A. The Chief Financial Officer (CFO) calls you wondering what should have been done differently during a recent incident involving your predecessor. The following incidents recently occurred and were closed out without any alert to senior staff or the CFO. The Chief Financial Officer’s admin reported that their laptops were performing erratically and many popup screens kept appearing while browsing the Internet. Upon inspection, it...
A chief information security officer is creating a security committee involving multiple business units of a...
A chief information security officer is creating a security committee involving multiple business units of a corporation. Which of the following is the best justification to ensure collaboration across business units? A risk to business unit is a risk avoided by all business units, and liberal BYOD policies create new unexpected avenues for attackers to exploit Enterprises single point of coordination is required to ensure cyber-security issues are addressed in protected, compartmentalize groups without business unit collaboration, introduced by one...
You have been employed by Challenger Constructions as their first Chief Information Security Officer (CISO). You...
You have been employed by Challenger Constructions as their first Chief Information Security Officer (CISO). You have been tasked by the Board to conduct a review of the company’s risks and start to deploy security policies to protect their data and resources. You are concerned that the company has no existing contingency plans in case of a disaster. The Board indicated that some of their basic requirements for contingency planning include: A Recovery Time Objective (RTO) of 4 hours A...
You have been employed by Challenger Constructions as their first Chief Information Security Officer (CISO). You...
You have been employed by Challenger Constructions as their first Chief Information Security Officer (CISO). You have been tasked by the Board to conduct a review of the company’s risks and start to deploy security policies to protect their data and resources. You are concerned that the company has no existing contingency plans in case of a disaster. The Board indicated that some of their basic requirements for contingency planning include: A Recovery Time Objective (RTO) of 4 hours A...
During an onsite visit with the Chief Information Security Officer (CISO), he tells you how upset...
During an onsite visit with the Chief Information Security Officer (CISO), he tells you how upset he is that they found Telnet in use by their network administrators. The reason was that the version of the router and switch operating system currently in use does not support security protocols. You assure the CISO that the upgrade will resolve that problem among other weaknesses he might be unaware of. you will act as the network administrator. Suggest some other network security...
A company secretary works for a small company and is also the financial officer for the...
A company secretary works for a small company and is also the financial officer for the company who generally advises the directors on the day-to-day operations of the company. The company has a constitution, which limits the ability of the company secretary from borrowing any amounts over $5,000 without the matter being referred to a meeting of the board of directors. The company specifically created a constitution because the shares are all held by family members and the company secretary...
My friend owns a small old house that is worth approximately $1.1 million. Given the improved...
My friend owns a small old house that is worth approximately $1.1 million. Given the improved real estate market, my friend is considering that over the next three years, she would have the option of tearing down this small old house and build a more expensive house. Her research suggests that the current cost of tearing down the old house and building a new more expensive will be approximately $800,000 and that she should assume that the expected cost would...
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT