The interns who appear to be violating numerous security rules are approached by the CISO and express their discontent. They don't encrypt their workstations, download illegal music, link their personal gadgets to company computers, spend too much time on social media, and download pornographic material on business systems, claims the corporation. The CISO advises you to develop a security document (Rules of Behavior) with at least 15 rules defining what employees are allowed and not allowed to do when connected to the company network.

The interns who appear to be violating numerous security rules are approached by the CISO and express their discontent. They don't encrypt their workstations, download illegal music, link their personal gadgets to company computers, spend too much time on social media, and download pornographic material on business systems, claims the corporation. The CISO advises you to develop a security document (Rules of Behavior) with at least 15 rules defining what employees are allowed and not allowed to do when connected to the company network.

Management Of Information Security

6th Edition

ISBN:9781337405713

Author:WHITMAN, Michael.

Publisher:WHITMAN, Michael.

Chapter8: Security Management Models

Section: Chapter Questions

Problem 4DQ

See similar textbooks

Similar questions

The CISO reaches out to complains about the interns who appear to be violating many security policies. They do not lock their workstations, download illegal music, connect their personal devices to the organization's computers, spend too much time on social media, and even download pornography to the organization's computers. The CISO asks you to address these violations by developing a security document (Rules of Behavior) stating at least 15 rules about what activities employees are not allowed to conduct on the network.
The CISO approaches the interns who seem to be breaking various security standards, who express their displeasure. According to the organization, they don't encrypt their workstations, download unlicensed music, connect personal devices to corporate computers, spend too much time on social media, and download pornographic content on workplace systems. The CISO recommends that you create a security document (Rules of Behavior) that has at least 15 rules limiting what employees may and may not do when connected to the corporate network.
Identity theft is a frequent kind of criminal activity that, regrettably, is on the rise owing to the widespread use of the internet. Please describe the many techniques that hackers may use to steal your identity as well as the precautionary steps that, in your view, ought to be taken to ensure that this doesn't happen.
A new security policy has been instituted at your organization, requiring all workers to utilize fingerprint readers in place of their login and password to access their personal computers. You unintentionally sliced your finger while trying to access your account over the weekend. So now your computer can't identify your fingerprint. Because of this issue, you can't use the computer at the moment. Just what are your long-term objectives?
Over the last three years, a security breach of personal information has resulted in certain instances of identity theft. What can you do to safeguard against identity theft? Give a concrete illustration of what you mean.
TO: All Staff FROM: Jake Ryan, Director, Product Development DATE: October 23, 2018 SUBJECT: Launch of Product XYZ Due to extensive customer feedback, and the results of current testing, I wanted to inform you that Product XYZ will be delayed from its original launch date of November 15th, until Q1 2019. We are confident that time for additional testing will serve to make XYZ more effective in fighting security breaches that customers are facing. For those customers that you believe will now consider a competitor's product, the marketing department is developing a promotional offering, which sales reps can share with their customers to help reduce those who will now go to our competitors. As disappointing as this news may be, we are confident in our employees, and know the additional time will serve this company well by creating a more successful product.
- A policy conundrum Your organization has the following statements regarding phishing/social engineering in the employee manual: All employees are required to complete annual security awareness training as provided by the Information Security team. Employees must successfully complete the training and achieve an established minimum score on any quizzes associated with the training. The organization will conduct routine evaluations of the effectiveness security awareness training through simulated phishing tests. Employees that incorrectly identify simulated phishing emails must complete additional security awareness training and their manager will be notified. If an employee incorrectly identifies 3 or more simulated phishing emails, additional action may be taken by the employee’s manager, up to and including termination. Employees are required to report any suspicious emails to the organization’s Information Security team using the Suspicious Mail button located in the…
The interns disapprove when the CISO approaches them. The firm says they don't secure their workstations, download unauthorized music, link personal gadgets to business computers, spend too much time on social media, and download pornographic stuff on office systems. The CISO suggests creating a security document (Rules of Conduct) with at least 15 rules governing employee behavior on the company network.
1. You've just been hired as a Chief Information Security Officer for a small startup. They've written four applications and just got funding to go live. Before they do so, they realized they've never had a cybersecurity professional, so they've hired you. While there are hundreds of things to do, you are asked to come up with a list of your top TEN (10) items, in a bulleted list, to focus on in the first day or two. These can be questions to ask or actions to take, and aren't meant to be the full solution, but the initial things you'll do to get control of the situation. Provide a NUMBERED LIST of TEN (10) items that is your initial list of priority areas to focus on and potential actions to take. Do not use more than one line per item. Many aswers are correct, so credit is given for coming up with ten good and comprehensive focus areas based on what we've covered in class, in the labs, and in our readings.
As an additional security measure, employees at your company are now required to sign in using a fingerprint scanner rather than a username and password. Your computer cannot read your unique fingerprint since you accidently cut your finger while attempting to sign in over the weekend. It seems that you are unable to use your computer. What are your long-range objectives?
Create a timeline that will detail how the week of pen testing will be conducted, the frequency of reporting, and the form of documentation of results that will be submitted. This should include a 1-page explanation of daily, weekly, and monthly security steps that the company should implement along with an explanation of how they will be implemented and what they will achieve
just listing isn’t enough. We need to know the purpose and technical details of each security technique List the names, purposes and characteristics of a range of security techniques. Justify the use of a range of security techniques in typical situations. Describe the security techniques used for the following situations and justify their uses: a) Separating files of one user from another b) Making data secure and hard to read by unauthorised users c) Detecting malicious files received from the Internet d) Blocking unwanted traffic trying to access a network