cybersecurity question

User Generated

QVNZBAQPW

Computer Science

SEC 402 Cyber Security

Description

1. "Managing Network Security Through Policies" Please respond to the following:

  • Analyze the importance of having acceptable use policies, remote access policies, and network security control policies. Choose one acceptable use policy, remote access policy, or network security control policy and give three reasons why you believe this policy is an effective way to manage network security.
  • Assess the risks and threats that may occur if these policies are underdeveloped or unavailable. Recommend three technical appliances that may be used to implement a network security function within your assessment and justify your recommendations.

2. "Developing Personnel Security" Please respond to the following:

  • Determine three reasons why an organization should define the boundaries of control, identify personnel security functions based on risks, and manage change within the work force. Select what you believe to be the most important reason and explain why.
  • Propose three activities that could be performed by the Human Resources Department to screen and hire personnel effectively. Choose one activity you proposed and justify how it would support personnel security functions.

3. "Designing Effective Physical Security" Please respond to the following:

  • Outline three parameters that should be considered when designing and implementing physical security into the information protection scheme. Suggest two activities that could be performed to address these parameters and explain how.
  • Suggest three activities that could be performed to ensure that physical security plans are adequate. Describe two measures that you could perform in order to evaluate the installed physical security.

4. "Planning Procurements Effectively" Please respond to the following:

  • Select what you believe to be the top-three benefits of making a business and assurance case prior to proceeding with a procurement plan. Support your response with a rationale. Describe potential challenges that the procurement process may experience by not having a proper business and assurance case.
  • Recommend two practices that should be performed when administering procurement contracts and explain why you recommend them. Determine how these practices will ensure that subcontractors fully comply with the requirements of the contract within your recommendation.

5. "Meeting Compliance Requirements" Please respond to the following:

  • Propose three factors that should be considered when designing policies for legal and regulatory compliance. Determine how each factor would minimize liability for the organization.
  • Outline the steps required in order to define what is needed to meet compliance requirements. Determine the most important step in this process and support your answer with a rationale.

6. "Developing Risk Management Best Practices" Please respond to the following:

  • Analyze a well-designed risk management plan to determine how it can prevent risk and control residual risk. Identify what you believe to be the most important step in the risk management process and explain why.
  • Construct two examples that demonstrate how qualitative and quantitative methods could be applied to measure risk and prioritize risk responses. Recommend two factors that should be considered when prioritizing risk responses.

User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Attached.

Running Head: SEC 402 CYBER SECURITY

1

Sec 402 Cyber Security
Institutional Affiliation
Date

.

SEC 402 CYBER SECURTY

2

1. An acceptance use policies give thorough details in regards to network security and
protection of sensitive data in the event of a breach. It defines the acceptable behavior
from users who work in or are connected to the network. User acceptance policy allows
the organization to protects resources by putting in controls the network and computer
usage, help control the users from misusing the network, help control network attacks
Importance of Having Remote Access Policies.


This policy defines the rules and procedures needed for connecting any host to the
network, these rules minimize the exposure and damages which may be caused by
unauthorized access, the damages may comprise of companies sensitive data, damage to
the public image intellectual property and any other liability that may be incurred due to
those losses.



Defines the standards for connecting to the organization network from any host or
network external to the organization.
Importance of Having Network Security Control Policies.
Network security control policy gives the rules for computer network access, it also

establishes how these policies are enforced, it also gives the basic blueprint of organizational
security and its security environment.

- Choose one acceptable use policy, remote access policy, or network security control policy and
give three reasons why you believe this policy is an effective way to manage network security.

SEC 402 CYBER SECURTY

I choose network security control policy because;


-It gives the basic architecture of organizational security and if well enforced the entire
network ought to be very secure.



-It gives the user rights to the users, only assigning the level of access to each user
according to the work he or she should finish.



-It directs on how the policies might be enforced.

Assess the risks and threats that may occur if these policies are underdeveloped or unavailable.


Both authorized and unauthorized users can take advantages of the organizational data,
deleting, corrupting or even important and sensitive information.



Hackers can eavesdrop on companies data.



Cooperate espionage by competitors who can even steal business secrets

Recommend three technical appliances that may be used to implement a network security
function within your assessment and justify your recommendations.


Firewall-this is a software or firmware that filters what will enter or leave an
organizational network. It filters any malicious data that is entering or leaving the
company premises



Anti-virus system- they detect and remove any virus that is entering the organizational
network.



Strong physical security which includes security guards, strong doors and windows,
strong padlocks.

3

SEC 402 CYBER SECURTY

4

2. Determine three reasons why an organization should define the boundaries of control, identify
personnel security functions based on risks, and manage change within the workforce. Select
what you believe to be the most important reason and explain why.


An organization should define the boundaries of control so as to define how users
communicate and interact with the company system and resources



To protect and monitor and restrict resources availability, integrity and availability



To maintain competitive advantages by protecting trade secrets through industrial
espionage from competitors.

Propose three activities that could be performed by the Human Resources Department to screen
and hire personnel effectively. Choose one activity you proposed and justify how it would
support personnel security functions.


Proper background checks to know the history of employees before hiring them.



investigate to know why they left their previous employment



Digging in personal life with throbbing questions to fully understand the person before
hiring



Need to screen on drugs in order to identify who is prone to dangerous or illegal behavior

3. Three activities that could be performed to ensure that physical security plans are Adequate.

SEC 402 CYBER SECURTY



5

set up policy to ensure the server room is always locked when not occupied, the person
who should be carrying the key is identified and full responsibility taken if the policy is
not adhered to



Set up surveillance cameras placed in areas where tampering is difficult, this will give a
good view of the person who entered in to the server room, this could also be configured
to set an email or call to notify of any intrusion.



Rack mounters can be used, they are easier to secure than tower systems, and they can be
bolted to the floor making it hard for the intruders to steal.

Describe two measures that you could perform in order to evaluate the installed physical security


-Drilling can be performed to assume what will happen when would happen if the actual
event materializes, security guards assessed and a decision made.



CCTV cameras can be evaluated to check whether they can capture all events in case
they materialize

4. Select what you believe to be the top-three benefits of making a business and assurance case
prior to proceeding with a procurement plan. Support your response with a rationale.


To visibly outline the present situation and how the future looks like



Gives clarity in the procurement process rather than just saying "we need that, I think
that". It omits that ambiguity.



Gives the management a clear outline of all the requirements, especially the budgetary
requirement.

SEC 402 CYBER SECURTY

6

Describe potential challenges that the procurement process may experience by not having a
proper business and assurance case.


Organizations that lack business and assurance case tend to purchase aimlessly, omitting
essential and making unnecessary purchases which can lead to loss of resources.



Business and assurance cases gear up suppliers by supplying the necessary information
which speeds up the procurement process, lack of such derails the procurement process.



Proper budgetary allocation not set aside by the management this can derail the
procurement process.

Recommend two practices that should be performed when administering procurement contracts
and explain why you recommend them.


Proper planning and choosing a sound procurement practice give the owner a better value
for his money, reduces the risks involved. I, therefore, recommend that practice to be
followed throughout the procurement process.



Proper records should be kept about the contract. This can be used as a legal document in
case one partner does not honor the contract.

Determine how these practices will ensure that subcontractors fully comply with the
requirements of the contract within your recommendation.


During the planning period, the documents kept will ensure the subcontractor adheres to
the contract requirement. Again, when properly signed document are kept, they act as
security that will ensure the subcontractor has to stick by it o, otherwise legal action is
taken against him.

SEC 402 CYBER SECURTY

Determine how each factor would minimize liability for the organization.



The scope- policies should be well understood and should align with organizational
responsibility. If the scope aligns well with the organizational responsibility it will fit
well thus minimizing organizational liability.



The objective of the organizational standpoints. If the objective of the organization
matches with the policy, they will marry with no hitch thus reducing organizational
liability.



The cultural support- Do the policies of the compliance program align with the
organizational culture? If yes the program will be successful thus reducing the liability.

5. Propose three factors that should be considered when designing policies for legal and
regulatory compliance.


The scope- policies should be well understood and should align with organizational
responsibility.



The objective from the organizational standpoints



The cultural support- Do the policies of the compliance program align with the
organizational culture?

Outline the steps required in order to define what is needed to meet compliance requirements.

7

SEC 402 CYBER SECURTY



8

Meeting with each departmental head to ensure that the policies created are viable to each
department.



Determine the best format of the policies to different audiences



Ensuring the policies and procedures are accessible to the employees



Deadlines are set for each policy to be acknowledged.



. Look for the best ways to measure how the employees have understood the policy.

Determine the most important step in this process and support your answer with a rationale.


In my own opinion meeting, all the departmental head is the most important step as you
are able to get views and concern reflecting the entire organization and adjust
accordingly.

6. A analyze a well-designed risk management plan to determine how it can prevent risk and
control residual risk.


A risk management plan is a document that describes how risk management process will
be controlled, the phases it will have, how it will be carried out and who will do what,
usually gives the roadmap for managing identified risks. Risks cannot be totally
eliminated but the management plan help in managing the risks by reducing the impact of
unplanned incidents through identification of potential risks before they materialize. Risk
management plan identifies, prioritizes, analyses and help plan a risk response this helps
in preventing risks. Residual risks are the risks left over after organizations apply
security; a well-designed management plan can help control t...


Anonymous
Nice! Really impressed with the quality.

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Related Tags