1. Identify, select and devise the top 5 security policies that are essential for Norman Joe’s. Hint: You may refer to security policies from the external sources such as the SANS policy library....

1 answer below »
1. Identify, select and devise the top 5 security policies that are essential for Norman Joe’s. Hint: You may refer to security policies from the external sources such as the SANS policy library. However, you are required to draft these policies on your own, i.e., to be written in your own words (10%). 2. Risk Management Framework (10%) a. Outline what is meant by Risk Assessment, Risk Appetite and Risk Treatment. i. Use this information when developing a Risk Management Framework for Norman Joe. Be sure to include: 1. Risk Treatment Cycle 2. Cost Benefit analysis 3. Establishing feasibility – (all that are appropriate) Page 2 ISYS1003 Assignment 1 b. What Risk Management Framework would be most appropriate for Norman Joe moving forward? Considering what you now know about the direction of Norman Joe, explain your decision based on the requirements that you believe Norman Joe would need to address. 3. Update the company’s Risk Management Plan (10%). You must address: a. Based on the information given for Norman Joe and based on the preliminary threat modelling exercise in Assignment 1, develop an appropriate access control policy for this company. What types of access controls do you recommend protecting the assets of the company? Justify your choices. You should have physical and logical access controls, which do not let unauthorized access to the assets (assets include information, software, and hardware). b. Determine and recommend data security solutions for three different data states in the company: data in use, data in motion, and data at rest. c. What authentication method do you recommend for Norman Joe for effective and efficient management of user identify verification, especially for remote users. d. Explain how a single sign-on service (SSO) can help Norman Joe to manage authentication. Which protocol will be used to implement this SSO service and why? Explain the protocol. e. Describe six phases of developing an incident response plan. For this question, you should explain each phase and propose at least two activities for each phase in Norman Joe. In addition to analysing the case study materials carefu
Answered 23 days AfterApr 28, 2021ISYS1003

Answer To: 1. Identify, select and devise the top 5 security policies that are essential for Norman Joe’s....

Preeta answered on Apr 30 2021
149 Votes
Contents
Introduction:    2
1. Update security policy library    2
a. Security policies Norman Joe needs to have    2
c. Explanation of each policy    3
2. Security Program Update Part 1: Risk Management Framework    4
a. Risk Assessment, Risk Appetite and Risk Treatment for Norman Joe    4
b. Risk Management Framework most appropriate for Norman Joe    5
3. Security Program Update Part 2: Risk Manag
ement Plan    5
a. Access control policy    5
b. Data security solutions for three different data states    6
c. Authentication method    6
d. Use of SSO in Norman Joe to manage authentication    7
e. Six phases of developing an incident response plan for the company    7
References:    8
Introduction:
Norman Joe has to implement proper cybersecurity that network and system remains protected from digital attacks. Strong infrastructure through multiple networks and program layers will be a useful tool for the management in providing defense for the sensitive information of the entity. A package of various tools can be helpful for the entity to handle the malware.
1. Update security policy library
a. Security policies Norman Joe needs to have
Normal Joe should implement such security policy so that the efficiency of the entity can be enhanced. The main aim should be protection of the vital information. The security policy should be in line with the overall organizational policy so that disciplinary action can be taken if required.
· Virus and Spyware Protection policy: Such policies are required to detect the virus and then either repair it or permanently remove it (Almunia 2012). Suspicious behaviours can be easily identified using this policy and insight can be obtained on download.
· Firewall Policy: Such policy will actually provide protection to the network and system of the entity while it gets connected to the Internet. it is very important in order to detect external attacks from cybercriminals. Unwanted traffic network sources can be easily removed.
· Intrusion Prevention Policy: Such policy will help in detecting attacks to the network from external sources and then block such source. The content of the data packages and malware can be checked using this policy.
b. Comprehensively justified for inclusion
The policy of cyber security is to be included in the organizational policy of Norman Joe so that data can be saved from any kind of damage or theft. The data can be the sensitive information of the entity as well as about the consumers and employees of the entity (Tikkinen-Piri et al. 2018). The reason for such damage can be cloud service configuration, which needs to be reduced so that the network and system can be protected. The security needs to be implemented throughout the whole organization and for that if needed all the employees need to be educated. Required amount of investment is to be made and regular monitoring is necessary. Even though the initial investment is high yet the overall cost of cybersecurity risk assessment will decrease.
c. Explanation of each policy
Virus and Spyware Protection policy: Norman Joe needs this policy to protect its computers against riskware, file virus, spyware as well as from other type of viruses so that web traffic cannot breach the security of the entity. User security should be the top priority of any entity and this should be manual scanning and automatic updates to ensure absolute protection (Bennett 2011). as they write us types gets updated, it is important that virus protection measures also updates. It would management is absolutely important in Norman due so that the results of information transaction between managed host and policy manager can be scanned and monitored.
Firewall Policy: This policy is necessary to ensure that network traffic types are specified so that the firewall features are defined as per the policy of multiple profiles in firewall software. For specific...
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here