Question

This assignment is designed to develop your analytical and managerial skills. In this assignment, you will imagine that you are the CTO (Chief Technology Officer) of a 25 employees consultancy company of your choice. As CTO, you must create and disseminate a policy to enforce information security in your company. Write a 2 pages report that summarizes the new policy of protecting the company’s information assets with at least 10 (ten) fundamental rules to be followed by the employees.

Be creative and use of best judgment on creating the policy.

Answer 1

An information security policy is created to set rules according to which the employees of the company should work when they are handling the company's information assets. The information security policy should handle the vulnerabilities of the employees as well as technical vulnerabilities.

Some of the essential rules which should be present in an Information security Policy are -

1. Employees should use strong passwords and multi-factor authentications when possible.
2. Employees should not connect to insecure and public Wifi networks, which might steal their data.
3. Employees should be aware of cyber threats and risks and proper education on cybersecurity should be there.
4. Employees should install the critical security patches on their machines, and keep their systems updated. This prevents any cyberattack.
5. Employees should use firewalls to protect their work and home networks.
6. Employees should avoid clicking on links in email and opening suspicious emails.
7. employees should report any case of a data breach or if they know that someone might be stealing the company's data from the IT department of the company.
8. Employees should not share their personal information such as usernames, RSA Token, Passwords with anyone including colleagues.
9. Employees should be vigilant when they browse the Internet, and try not to go to phishing websites, or download any files from the Interent from unknown websites.