Discussion

profileeko

  

1. Step 1, Identify 3 "referenced" breaches in the last 5 years where policy failure was a major contributor. Just the name of Company or Agency, date, suspected or known cause of the breach.  

Step 2, Analyze just one breach, with a short explanation of the policy failure and what policy changes might have prevented the breach. 

2. Your company a BYOD policy for the network. Management has asked you to review the initial BYOD security policy. First, consider what should be included as part of this policy?  Some considerations include support ownership, application white-listing and black-listing, data ownership, and patch management.  Other options may exist.

Secondly, a Framework standard that addresses BYOD is NIST Special Publication 800-114 (you can download it here https://www.nist.gov/publications/users-guide-telework-and-bring-your-own-device-byod-security?pub_id=921407 or look below in the course web site, Week 2, Additional Material).  Based on this framework, find an item your co. does not apply as the BYOD framework standard. 

3. Acceptable Use Policy (AUP) is sometimes referred to by other names, e.g., Acceptable Use of Technology (AUT).  How do we define an acceptable use policy?  Would it include the sensitivity of company data, or a method administrators should use to back up network data, or a discussion of which users require access to certain company data, or perhaps how users are allowed to employ company hardware.  Other AUP topics could include training, enforcement, format or items to include in the AUP document.  

4. 

Your company has recently started adopting formal security policies to comply with several state regulations. One of the security policies states that certain hardware is vital to the organization. As part of this security policy, you must ensure that you have the required number of components plus one extra to plug into any system in case of failure. Which strategy is this policy demonstrating?  Some considerations, not all of which apply to good policy in this instance, include fault tolerance, cold site, server redundancy, clustering.  Do additional research as required to address this prompt.  

    • 3 years ago
    • 10
    Answer(1)

    Purchase the answer to view it

    blurred-text
    NOT RATED
    • attachment
      PoliciesOfInternetSecurity.docx
    • attachment
      PoliciesofInternetSecurity-PlagReport.pdf