Assignment

User Generated

ertlnz

Writing

MSIS

Description

Write an answer for the following question in 500+ words and use the below slides to answer the question

Plagarism should be zero percent

Initial Post


Chapter 13 introduces us to topics regarding Implementing and Maintaining an IT Security Policy Framework. Please review Chapter 13 and outside references and complete the two questions listed below.

1)There are different ways to describe IT Security policy goals and objectives. With regards to IT Security policy goals and objectives, describe what is meant by each of the following:

a) business risk
b) compliance
c) threat vectors

2) Employees who have accepted security training and policies help create a culture that is focused on security awareness. Do you believe that wide acceptance of security policies can result in less security incidents? Why or Why not? Please provide support for your position.

Unformatted Attachment Preview

Security Policies and Implementation Issues Lesson 13 IT Security Policy Implementations © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Learning Objective Describe issues related to implementing information systems security (ISS) policies Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 2 Key Concepts ▪ Organizational implementation issues for ISS policies ▪ Differences between public and private IT security policy implementations ▪ Hindrances to the dissemination of policies ▪ Development and implementation strategies for security awareness policies Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 3 Simplified Implementation Process Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 4 Ways to Describe Goals and Objectives Security Policies and Implementation Issues Business Risk • Describes how the policy will reduce risk to the business Compliance • Describes how the policy will ensure the business is compliant with laws and regulations Threat Vectors • Describes how the policy will prevent or detect IT security threats © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 5 Overcoming Technical Hindrances to Policies Distributed infrastructure Outdated technology Lack of standardization throughout the IT infrastructure Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 6 Executive Buy-In Executives want to know: ▪ Level of commitment asked of their team ▪ How the policies impact the current environment ▪ What value the policy brings to them; i.e., what risks does the policy address ▪ How success will be measured Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 7 Executive Management Sponsorship Users more likely to participate in security awareness training and support policy implementation with executive support Funding required to implement policies Communication from management supporting the program Multiple executive supporters Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 8 Overcoming Non-Technical Hindrances to Policies Distributed environment User types Organizational challenges Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 9 Policy Implementation Strategies Effective communication Executive support Expected results Security Policies and Implementation Issues Realistic expectations Flexibility © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 10 Organizational Challenges for Small Companies ▪ Accountability ▪ Lack of budget ▪ Lack of priority ▪ Tight schedules Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 11 Policy Language ▪ Ensure clear agreement on the target state ▪ Use clear and concise language that is easily understood ▪ Avoid imprecise language such as “should” ▪ Assign clear accountability to specific roles ▪ State the specific resources covered by the policy ▪ Avoid requiring use of specific products Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 12 Benefits of Employee Awareness and Training Opportunity for employees to acquire new skills leading to improved job satisfaction Re-enforcing core organizational values Opportunity for management to demonstrate support Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 13 Developing a Security Awareness Policy New employee and contractor • At time of hire before access to data is granted Promotion • As individuals are promoted into significantly different roles All users Postincident Security Policies and Implementation Issues • Annual refresher training • After major security incidents when lack of education was noted © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 14 Disseminating Information Formal vs. Informal Learning methods Culture Audience Communication plan Hard copy E-mail Brown bag lunch and learning sessions Intranet Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 15 Implementation Issues ▪ Implementation is as much about changing attitudes as it is about implementing controls ▪ Overcoming perception and changing culture is one goal of security policies ▪ In other words, it is about implementing in a way that wins hearts and minds Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 16 Implementation Issues (continued) Personal accountability Directive and enforcement Being a valuable tool Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 17 Public vs. Private Implementation ▪ Public organizations • Often bound by compliance requirements such as HIPAA ▪ Private organizations • Implement policies to counter risks affecting them • Usually smaller in size than public; can implement changes more quickly Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 18 Summary ▪ Policy implementation issues and overcoming hindrances to implementing policies ▪ Policy implementation strategies ▪ Difference between public and private security policy implementation Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 19 OPTIONAL SLIDES Security Policies and Implementation Issues © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 20 Roles and Responsibilities Senior Management HR Security Management Security Policies and Implementation Issues IT Management Users/ Employees © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 21
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Hello, i finished your paper. Attached is the answer.

Sur Name 1

Student’s Name
Professor’s Name
Date
IT Security policy goals and objectives
A business risk is in broad definition is anything that threatens the business ability to create
profits at its target levels. Businesses are exposed to many risks and the success or failure of these
businesses are determined by the efficiency with which the business managers respond to the risks.
In IT, a risk is any possibility for technology failures to disrupt the business such as service outrage
or information security incidents. Examples of IT risks may include malware, human errors,
hardware and software failure, viruses, scam, spam and phishing. In addition to these IT risks,
natural calamities such as fire,...


Anonymous
Really useful study material!

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Related Tags