You are working for a global organization that handles highly classified intellectual property. In...

Question

You are working for a global organization that handles highly classified intellectual property. In many situations and scenarios, the implementation and operations teams have been creating and setting up environments that violate your vision for security. After discussing the situation with various parties, they all admit they do not fully know or understand what is expected from them as they set up and configure the environment. To solve this situation, you have been asked to create a network security policy for the organization.

you will choose an element of the policy to design and outline the look to include components from end user behavior and training plan, file and folder access, social engineering safeguards, bring your own device policies, use of external drives on company assets, security hardware, penetration testing, and affiliation of the information security department with law enforcement agencies. You may either interview someone in the local FBI field office or research the FBI and DHS Web sites related to information sharing programs that the government offers, as this could be advantageous to the organization’s information security program.

To keep the scope narrow, you should first describe what should be included and what should not be included in the policy (remember that a policy should clearly set management's expectations).

After the scope has been defined, research the various components, and create an appropriate policy.

Prepare a Word document of 7-10 pages (excluding title page, abstract and references page) that includes the network security policy for an organization that addresses all of the stated design requirements. It should be in APA format, including an introduction and conclusion.

David · Accepted Answer

PURPOSE : 
The purpose of this document is to establish guidance on how network systems must be 
designed to be protected from hackers and whom must be provided access to it. 
SCOPE : 
This policy is applies to all networks concerned with the organisation.It is mainly applicable 
to the networks that come under control of the organisation 
SECURITY POLICY : 
The network security policy approach , related with reported data about associations get to 
parts and goes about as a scaffold between the particular association's security prerequisites 
and administration set destinations. (A. Wool,2009) The system security arrangement of an 
association involves association set destinations, overseers and clients conduct rules 
,framework and administration necessities that all things considered upgrade PC frameworks 
and systems security of an association . (A. Wool,2009) 
In any case, the system security strategy of an association ought not involve Confidential 
security information, since the arrangement involves data guarding on how a to guarantee the 
wellbeing of an association. (W. Avishai,2010) Also, the strategy ought not contain data that 
can be utilized to bargain security as it's intended to enhance associations wellbeing. 
Segments of the system security approach incorporate; The end client strategy, the 
representing arrangement, and specialized strategies .The overseeing arrangement involves 
vital organization security ideas for specialized caretakers and administrators .The end client 
arrangements worry with all data/points that the end client ought to know about . At long last, 
the specialized strategies which involves what security ought to do and are as handbooks.
ROLES OF EACH TEAM : 
It is the responsibility of the  Chief Security or Information Security Officer to provide 
information how the data communication networks should be implemented and designed in 
order to prevent threats being directed to the organisation. Though the responsibility of 
Security of an organisation as a whole is responsibility of each and individual employee 
working in the organisation it is the primary responsibility of the  Chief Security or 
Information Security Officer to protect the date communication systems that come under the 
control of the organisation. (E. Al-Shaer and H. Hamed,2003) The responsibility to perform 
the task of assessing a risk on how it would affect the organisation, the outcomes and results 
it would have an organisation are the sole responsibility of the IT Security team of an 
organisation each individual should take individual to protect the organisation from security 
attacks that harm the organisation ,since ultimately the employees are the ones who would be 
ones affected. 
The head of the IT Security team must efficiently coordinate with the Solution Architect and 
Security Architect of the organisation to determine whom should be given what kinds of 
system to access and how they would access them. They are responsible to place policies that 
would protect the organisation and its employees from the security attacks of the hackers who 
try to use the flaws in the security systems. (E. Al-Shaer and H. Hamed,2003) The 
Infrastructure team lead should also take care of the fact that all the systems must  be patched 
and update in a timely manner to avoid security attacks on the communication data networks 
of the organisation. In the event that one of the layers or any of the layers of the security is 
being breached by any unknown source than the issue must be immediately be escalated and 
taken to the notice of both the Information Security team as well as the Infrastructure team so 
that sufficient measures can be taken to prevent the other layers of security from being 
breached. The role of the Infrastructure and IT Security team doesn’t end here ,It is also their 
responsibility to make note of who and when the systems of the organisations are being 
accessed.

You are working for a global organization that handles highly classified intellectual property. In many situations and scenarios, the implementation and operations teams have been creating and setting...

Answer To: You are working for a global organization that handles highly classified intellectual property. In...

Answer To This Question Is Available To Download

Related Questions & Answers

Submit New Assignment