Your CEO has become increasingly concerned with the cybersecurity and privacy issues and incidents over the past few years, including lost laptops, data leakage incidents, stolen PII from major...

1 answer below »

Your CEO has become increasingly concerned with the cybersecurity and privacy issues and incidents over the past few years, including lost laptops, data leakage incidents, stolen PII from major companies, such as Sony Playstation, wireless network vulnerabilities, remote access issues, and others. Though these incidents have not occurred in the organization, the CEO is concerned that employee and customer data is not properly protected. He needs a policy that addresses cybersecurity and privacy auditing and a plan for conducting the audits. Thus, as the Information Security Manager in this medium-sized organization, imagine you have been tasked with developing a cybersecurity and privacy policy as well as a list of IT audit tasks for cybersecurity and privacy.
Develop a 3 page paper Cybersecurity and Privacy Policy that will be presented to senior leadership for approval, which includes at a minimum:


1. Cybersecurity overview


2. Privacy overview


3. Scope


4. Goals and objectives


5. Compliance with applicable laws and regulations


6. Management oversight and responsibility


7. Areas covered in the IT audits


8. Frequency of the audits


9. Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.


Your assignment must follow these formatting requirements:


· Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.


· Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.


The specific course learning outcomes associated with this assignment are:


· Describe the process of performing effective information technology audits and general controls.


· Explain the role of cybersecurity privacy controls in the review of system processes.


· Discuss and develop strategies that detect and prevent fraudulent business practices.


· Use technology and information resources to research issues in information technology audit and control.


· Write clearly and concisely about topics related to information technology audit and control using proper writing mechanics and technical style conventions.

005_xycs9pk-2pfcbd0q.docx
Answered Same DayDec 24, 2021

Answer To: Your CEO has become increasingly concerned with the cybersecurity and privacy issues and incidents...

David answered on Dec 24 2021
120 Votes
Cyber Security
Running Head: Cyber Security 1
Cyber Security
Student name
6/24/2016
Cyber Security 2

Introduction:
The assessment of vulnerabilities as well as use of mainly the Internet cyber disturbances in
an Enterprise Network of an association an enterprise is an association formed for the reason
of industry. Businesses, government agencies as well as intellectual institutions similar to
school as well as colleges are instance of enterprises that need the enterprise system for
smooth management of their procedures. They rely on citizens, hardware as well as software
systems as well as need transmission media to attach all the devices. Mainly depending on the
organization, various company use “local area networks” and “wide area network” to attach
the complete asset jointly.
“Software assets” that are mainly installed in “hardware assets”; data assets are included in
hardware assets; and also “hardware assets” are included in subnets; with subnets are
controlled in a company. The complete enterprise networks are topic to the Internet as well as
cyber intrusion if correct protection measure is not sufficiently integrated into each layers of
growth. Therefore, recognition of threats as well as vulnerabilities is significant towards the
continued existence of the life sequence of the information systems.
The association is susceptible when there are falls that can open up the classifications to
attacks. The risks are forever available excluding the lapses might open up the association to
those risky threats. The simply way to make some form of risks impotent is to confirm those
gaps are sufficiently covered through successful protection policies. Susceptibility as a
limitation in an information arrangement that can give harmful results towards the system and
also its operation. (Nasser, 2014)
The particular most significant cyber protection vulnerability facing IT executives today is
citizens. Security lapses start with the worker and also staff of the association. The citizens
constitute the chief risk to the Information System of a company.
Cyber Security 3

The workers remain one of the maximum threats to information protection; they are the initial
line of protection and generally of them lack correct training towards keep the laptop system
protected. All these can negotiation information protection through the deeds of workers.
Such deeds range from person error or stoppage, compromises towards Intellectual
belongings, intentional acts of intelligence or trespass, and also Information extortion,
purposeful acts of sabotage as well as destruction and intentional theft.
The difficulty is no matter how greatly work is placed on the defence of information it simply
takes one disgruntled being to wholly defeat all the attempts.
A worker can infect the complete business system by applying a virus contaminated diskette
as well as flash drives. Inattention on the part of a worker may provide hacker access towards
the administrator code word that can allow serious disturbance that will have far success
unconstructive effect on the complete network of the business. A disgruntle worker can
sabotage the complete computer network arrangement that may direct to loss of information
and also complete tragedy. ; Person error can also show significant role in a circumstances
where workers incorrectly transfer significant folders throughout the p2p file sharing and also
delete very significant files from the arrangement. “Peer to peer” file sharing systems
provides chance for espionage as well as other illegal activity and extremely hard to detect
and also block. P2p allows users towards share files sorting from music towards video as well
as to the worksheets.
Many states in a study conducted that secret and potentially damaging papers have made their
mode onto networks as well as persist to do so. The study also demonstrates that illegal’s
trawl p2p networks as well as opportunistically use information that they discover.
Employees may be simply surfing the Internet towards hunt for jobs and also to join with
people on the “social network media” website throughout the break time devoid of knowing
Cyber Security 4

that his movement constitute the maximum internal risk to the association. The internet is
completely and chock among malware that could be rudely downloaded through
unsuspecting clients. (Krishna, 2014) Viruses can explode up from everywhere, counting the
information media websites and also travel sites of numerous of the chief “search engine
websites”. Mainly the worker may not intend to reason damage but his movement may invite
virus, and also worms, Trojan as well as other malware that can direct to the obliteration of
the complete information system of the association. There is various malware that imagines...
SOLUTION.PDF
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here
Have files?