3

.docx

School

Butler University *

*We aren’t endorsed by this school

Course

451

Subject

Information Systems

Date

Apr 3, 2024

Type

docx

Pages

8

Uploaded by ElderStingrayMaster51

Report
3.8 Project Part Three Task -1: 1. You are tasked with explaining what goes into a Security Policy and providing examples of items that should be included. Ans. A Security Policy is a document that outlines the rules and guidelines for the secure operation of an organization's IT systems and networks. It is a comprehensive document that defines the organization's security objectives, scope of coverage, asset classification, asset management, access controls, password management, data classification, acceptable use, antivirus and patch management, physical security, and more. Here are some examples of items that should be included in a Security Policy: Purpose: The purpose of the policy should be clearly stated. Scope: The scope of the policy should be defined. Roles and Responsibilities: The roles and responsibilities of all stakeholders should be defined. Risk Management: The policy should outline the organization's risk management strategy. Access Control: The policy should define access control procedures. Password Management: The policy should define password management procedures. Data Classification: The policy should define data classification procedures. Acceptable Use: The policy should define acceptable use procedures.
Incident Response: The policy should define incident response procedures. Physical Security: The policy should define physical security procedures. 2. You are also tasked with creating a general AUP for all staff members to adhere to. Ans. An Acceptable Use Policy (AUP) is a document that outlines the appropriate use of access to a corporate network or the Internet. It is a set of rules applied by the owner, creator or administrator of a network, website, or service, that restrict the ways in which the network, website or system may be used and sets guidelines as to how it should be used. An AUP clearly states what the user is and is not allowed to do with these resources. Here are some general guidelines for creating an AUP: a. Purpose: Define the purpose of the AUP. b. Scope: Define the scope of the AUP. c. Acceptable Use: Define acceptable use of company resources. d. Unacceptable Use: Define unacceptable use of company resources. e. Ownership: Define ownership of company resources. f. Privacy: Define privacy expectations for employees using company resources. g. Security: Define security expectations for employees using company resources. Consequences: Define consequences for violating the AUP Task- 2:
While in a meeting, some staff members asked you about different types of active phase controls and how implementing them could better secure the stores and the overall business. You are tasked with explaining the six main types of active phase controls. You also need to explain what each type of control does. You will need to provide an example of each type of control, a description of the control, and when it might take place using the store scenario (a general example may be found on page 665). Ans. Active phase controls are a set of security measures that are implemented during the execution of a process or activity. These controls are designed to detect and prevent security breaches in real time. Here are the six main types of active phase controls: a. Boundary Protection: This control is used to protect the perimeter of a network or system. It involves the use of firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS) to monitor and filter traffic entering and leaving the network. For example, a store might use a firewall to block unauthorized access to its point-of-sale (POS) system. b. Secure Configuration: This control involves configuring systems and applications securely to reduce the risk of exploitation. It includes measures such as disabling unnecessary services, changing default passwords, and applying security patches. For example, a store might disable USB ports on its POS terminals to prevent unauthorized data transfers. c. Continuous Vulnerability Management: This control involves identifying and remediating vulnerabilities in real-time. It includes measures such as vulnerability scanning, patch management, and penetration testing. For example, a store might use vulnerability scanning software to identify vulnerabilities in its network and applications.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help