You have been hired as the CSO (Chief Security Officer) for an organization. Your job is to develop a very brief?computer and internet security policy for the organizati
You have been hired as the CSO (Chief Security Officer) for an organization. Your job is to develop a very brief computer and internet security policy for the organization that covers the following areas:
- Computer and email acceptable use policy
- Internet acceptable use policy
Make sure you are sufficiently specific in addressing each area. There are plenty of security policy and guideline templates available online for you to use as a reference or for guidance. Your plan should reflect the business model and corporate culture of a specific organization that you select. Include at least 3 scholarly references in addition to the course textbook. The UC Library is a good place to find these references. At least two of the references cited need to be peer-reviewed scholarly journal articles from the library. Your paper should meet the following requirements:
- Be approximately 3-4 pages in length, not including the required cover page and reference page.
- Follow APA7 guidelines. Your paper should include an introduction, a body with fully developed content, and a conclusion.
- Support your answers with the readings from the course and at least three scholarly journal articles to support your positions, claims, and observations, in addition to your textbook. The UC Library is a great place to find resources.
- Be clearly and well-written, concise, and logical, using excellent grammar and style techniques. You are being graded in part on the quality of your writing.
Read the following learning materials.
Eric Buhrendorf. (2019). Outsourcing IT is a money-saving cyber safety net for company data. Fairfield County Business Journal, 55(20), 12–12.
Transforming Business Through Security
Supplemental Lecture
Who are the victims ?
Government
Corporations
Banks
Schools
Defense Contractors
Private Individuals
Cyberattack Proliferation
2
Who are the perpetrators?
Foreign Governments
Domestic and foreign businesses
Individual Hackers/Hacking societies
Insiders
2
INSIDER THREATS
3
Some malicious/some not malicious
Insider threats can be more costly than outside threats
Nearly 70% of employees have engaged in IP theft
Nearly 33% have taken customer contact information, databases and customer data
Most employees send e-documents to their personal email accounts
Nearly 60% of employees believe this is acceptable behavior
Thieves who are insiders feel they are somewhat entitled as partial ownership because they created the documents or data
58% say the would take data from their company if terminated and believe they could get away with it
3
Security
Risk Education
Employee Use Policy
Training and Education
Enforcement and Prosecution – Make an example!
Monitoring
4
Solution?
4
Privacy Laws
Federal Wire Tapping Act
Prohibits the unauthorized interception and/or disclosure of wire, oral or electronic communications
Electronic Communications Privacy Act of 1986
Amended Federal Wire Tapping Act
Included specifics on email privacy
Stored Communications and Transactional Records Act
Part of ECPA
Sometimes can be used to protect email and other internal communications from discovery
Computer Fraud and Abuse Act
Crime to intentionally breach a “protected computer”
Used extensively in the banking industry for interstate commerce
Freedom of Information Act
Citizens ability to request government documents – sometimes redacted
5
5
LIMITATIONS ON SECURITY
“Traditional Security Techniques”
Perimeter Security
Firewalls
Passwords
Two-factor authentication
Identity verification
Limitations to traditional techniques
Limited effectiveness
Haphazard protections
Complexity
No direct protections
Security requires a change in thinking about security
Secure the document itself, in addition to traditional techniques that secure “access” to the document
6
6
DEFENSE IN DEPTH TECHNIQUES TO SECURITY
Use Multiple Layers of Security Mechanisms
Firewall
Antivirus/antispyware software
Identity and Access Management (IAM)
Hierarchical passwords
Intrusion Detection
Biometric Verification
Physical Security
What is IAM?
Goal is to prevent unauthorized people from accessing a system
Effective IAM included:
Auditing
Constant updating
Evolving roles
Risk reduction
7
7
LIMITATIONS OF REPOSITORY-BASED APPROACHES TO SECURITY
Traditionally, we have applied “repository-based” solutions which have not been effective. We have document repositories that reside in databases and email servers behind a firewall.
Once Intruder breaches firewall and is inside the network, they can legitimately access data
Knowledge workers tend to keep a copy of the documents on their desktop, tablet, etc.
We operate in an Extended Enterprise of mobile and global computing comprising sensitive and confidential information
8
8
SOLUTION?
Better technology for better enforcement in the extended enterprise
Basic security for the Microsoft Windows Office Desktop-protection of e-documents through password protection for Microsoft Office files
Good idea but passwords can’t be retrieved if lost
Consider that “deleted” files actually aren’t.
Wipe the drive clean and completely erased to ensure that confidential information is completely removed
Lock Down: Stop all external access to confidential documents.
Take computer off network and block use to ports
Secure Printing
Use software to delay printing to network printers until ready to retrieve print
Erase sensitive print files once they have been utilized
9
9
SOLUTION (continued)
E-mail encryption
Encryption of desktop folders and e-docs
Use Stream messages when appropriate
Use of Digital Signatures —not the same thing as an electronic signature
Use Data Loss Prevention (DLP) software to ensure that sensitive data does not exit through the firewall
(Three techniques for DLP-Scanning traffic for keywords or regular expressions, classifying documents and content based upon predefined set, and tainting) This method has weaknesses!
IRM Software/ERM Software-provides security to e-documents in any state (persistent security)
10
10
SOLUTION (Continued)
Device Control Methods –example blocking ports
Use of “thin clients”
Compliance requirements by different organizations
Hybrid Approach: Combining DLP and IRM technologies
11
11
SECURING DATA ONCE IT
LEAVES THE ORGANIZATION
REMEMBER – CONTROL DOES NOT REQUIRE OWNERSHIP!
Consider new architecture where security is built into the DNA of the network using 5 data security design patterns
Thin Client
Thin Device-remotely wipe them
Protected Process
Protected Data
Eye in the Sky
Document Labeling
Document Analytics
Confidential Stream Messaging
12
12
This Photo by Unknown Author is licensed under CC BY-SA
Collepals.com Plagiarism Free Papers
Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.
Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS
Why Hire Collepals.com writers to do your paper?
Quality- We are experienced and have access to ample research materials.
We write plagiarism Free Content
Confidential- We never share or sell your personal information to third parties.
Support-Chat with us today! We are always waiting to answer all your questions.
