Hi, can you please help me for this work. This is the first case study for the c

Question

Hi,

can you please help me for this work.

This is the first case study for the course and it will be based upon the case study text: Public Sector Case Study - Edward Snowden - pg. 226

In reading the excerpt from the textbook on what happened and how Snowden was able to access the data that he did, write a mini-security policy following the security template in Chapter 7 (pg. 185). Highlight at least three policies that you feel were violated in this case and address the policies that need to be in place to prevent those violations from occurring in the future. Make sure to include enough detail that it could be amended to an existing policy and clear enough that any/all employees know what the new policy addresses.

Part 1:

Write 2-3 paragraphs at the beginning of your paper explaining the three issues you want to address and why. Follow APA guidelines for paper format and make sure to check spelling/grammar prior to submitting.

Part 2:

Write your mini-security policy following the template in textbook addressing the three issues you identified.

2018_SUMMER_MAIN_Operations Security_20_21_COMBINED

Explanation / Answer

Part 1: - Write 2-3 paragraphs at the beginning of your paper explaining the three issues you want to address and why

1. Security software will have a target on its back - In 2018, cybercriminals will target and exploit more security software. By targeting trusted programs and the software and hardware supply chain, attackers can control devices and wholeheartedly manipulate users. Hackers will leverage and exploit security products, either directly subverting the agent on the endpoint, or intercepting and redirecting cloud traffic to achieve their means. As these events become more publicly known, the public and business perception of security software, particularly that of antivirus solutions, will further deteriorate

2. Ransomware Evolution - Ransomware is the bane of cybersecurity, IT, data professionals, and executives. Perhaps nothing is worse than a spreading virus that latches onto customer and business information that can only be removed if you meet the cybercriminal’s egregious demands. And usually, those demands land in the hundreds of thousands (if not millions) of dollars. Ransomware attacks are one of the areas of cybercrime growing the fastest, too. The number of attacks has risen 36 percent this year (and doubled in cost). Sadly, those attacks aren’t fading with time. If anything, they’re getting stronger. In 2013, there were 500,000 malicious applications. In 2015, that number increased to 2.5 million. Now in 2017, it sits at 3.5 million. And 77 percent of those applications are malware.

3. Blockchain Revolution - 2017 ended with a spectacular rise in the valuation and popularity of cryptocurrencies like Bitcoin and Ethereum. These cryptocurrencies are built upon blockchains, the technical innovation at the core of the revolution, a decentralized and secure record of transactions. While it's difficult to predict what other developments blockchain systems will offer in regards to cybersecurity, professionals can make some educated guesses. Companies are targeting a range of use cases which the blockchain helps enable from medical records management, to decentralized access control, to identity management. As the application and utility of blockchain in a cybersecurity context emerges, there will be a healthy tension but also complementary integrations with traditional, proven, cybersecurity approaches. You will undoubtedly see variations in approaches between public & private blockchains.

Part 2: - Write your mini-security policy following the template in textbook addressing the three issues you identified.

POLICY-1:- Acceptable Use Policy (AUP) - An AUP stipulates the constraints and practices that an employee using organizational IT assets must agree to in order to access to the corporate network or the internet. It is standard onboarding policy for new employees. They are given an AUP to read and sign before being granted a network ID. It is recommended that and organizations IT, security, legal and HR departments discuss what is included in this policy

POLICY-2:- Access Control Policy (ACP) - The ACP outlines the access available to employees in regards to an organization’s data and information systems. Some topics that are typically included in the policy are access control standards such as NIST’s Access Control and Implementation Guides. Other items covered in this policy are standards for user access, network access controls, operating system software controls and the complexity of corporate passwords. Additional supplementary items often outlined include methods for monitoring how corporate systems are accessed and used; how unattended workstations should be secured; and how access is removed when an employee leaves the organization.

POLICY-3:- Change Management Policy - A change management policy refers to a formal process for making changes to IT, software development and security services/operations. The goal of a change management program is to increase the awareness and understanding of proposed changes across an organization, and to ensure that all changes are conducted methodically to minimize any adverse impact on services and customers

POLICY-4:- Information Security Policy - An organization’s information security policies are typically high-level policies that can cover a large number of security controls. The primary information security policy is issued by the company to ensure that all employees who use information technology assets within the breadth of the organization, or its networks, comply with its stated rules and guidelines. I have seen organizations ask employees to sign this document to acknowledge that they have read it (which is generally done with the signing of the AUP policy). This policy is designed for employees to recognize that there are rules that they will be held accountable to with regard to the sensitivity of the corporate information and IT assets

POLICY-5:- Incident Response (IR) Policy - The incident response policy is an organized approach to how the company will manage an incident and remediate the impact to operations. It’s the one policy CISOs hope to never have to use. However, the goal of this policy is to describe the process of handling an incident with respect to limiting the damage to business operations, customers and reducing recovery time and costs.

POLICY-6:- Remote Access Policy:- The remote access policy is a document which outlines and defines acceptable methods of remotely connecting to an organization's internal networks. I have also seen this policy include addendums with rules for the use of BYOD assets. This policy is a requirement for organizations that have dispersed networks with the ability to extend into insecure network locations, such as the local coffee house or unmanaged home networks.

Please let me know in case of any clarifications required. Thanks!

Related Questions

Navigate

• Browse (All)
• Browse H
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.