SlideShare ist ein Scribd-Unternehmen logo

Lab 1Part 11. Review the security awareness training polic

Als DOCX, PDF herunterladen
T
TatianaMajor22

Lab 1: Part 1: 1. Review the security awareness training policies at the following websites: · Health care: State of North Carolina Department of Health and Human Services (https://policies.ncdhhs.gov/departmental/policies-manuals/section-viii-privacy-and-security/manuals/security-manual/@@display-file/policy_file/DHHS%20Security%20Manual.pdf) · Higher education: University of San Francisco (http://www.usfca.edu/its/security/seta/) 2. For each sample security awareness training policy that you reviewed in the step above, discuss the policy’s main components. You should focus on the need for a security awareness program and its key elements -------------------------------------------------------------------------------- Part 2: Create a Security Awareness Policy (0/6 completed) Note: A strong security awareness policy is a key component of a strong organizational security posture. The effectiveness of a security awareness training policy and program will directly influence how well employees will value and protect the organization’s security position. When writing a security awareness training policy, consider the following questions: · Is the policy statement as concise and readable as possible? For example, no more than one to three sentences. · Is the entire policy as concise and readable as possible? For example, no more than two to three pages. · Does the policy align well with other governing documents? · Does the policy speak directly to the target audience? · Does the policy state the “why” with only the minimal detail, and rely on standards or guidelines for the “how”? Policies should be written in such a way that they will not need frequent updates. · Does the policy adequately describe scope and responsibilities? · Are the policy’s revision, approval, and distribution documented? After the policy has been approved, its success relies on proper delivery and understanding. To simply give a new employee 5 minutes to read and sign a policy during orientation is not enough. Focused and interactive “policy understanding” sessions should guarantee every employee understands the policy’s reasoning and necessity. Customizing these sessions according to department or function can drastically increase how much employees retain of and apply the training during their work. Repeat sessions reinforce the policies and keep material fresh in their minds. 1. Review the following scenario for the fictional Bankwise Credit Union: · The organization is a local credit union that has several branches and locations throughout the region. · Online banking and use of the internet are the bank’s strengths, given its limited human resources. · The customer service department is the organization’s most critical business function. · The organization wants to be in compliance with the Gramm-Leach-Bliley Act (GLBA) and IT security best practices regarding its employees. · The organization wants to monitor and control use of the Internet by implementing conten ...

Bildung
1 von 8
Lab 1: Part 1: 1. Review the security awareness training policies at the following websites: · Health care: State of North Carolina Department of Health and Human Services (https://policies.ncdhhs.gov/departmental/policies- manuals/section-viii-privacy-and-security/manuals/security- manual/@@display- file/policy_file/DHHS%20Security%20Manual.pdf) · Higher education: University of San Francisco (http://www.usfca.edu/its/security/seta/) 2. For each sample security awareness training policy that you reviewed in the step above, discuss the policy’s main components. You should focus on the need for a security awareness program and its key elements --------------------------------------------------------------------------- ----- Part 2: Create a Security Awareness Policy (0/6 completed) Note: A strong security awareness policy is a key component of a strong organizational security posture. The effectiveness of a security awareness training policy and program will directly influence how well employees will value and protect the organization’s security position. When writing a security awareness training policy, consider the following questions: · Is the policy statement as concise and readable as possible? For example, no more than one to three sentences. · Is the entire policy as concise and readable as possible? For example, no more than two to three pages. · Does the policy align well with other governing documents?
· Does the policy speak directly to the target audience? · Does the policy state the “why” with only the minimal detail, and rely on standards or guidelines for the “how”? Policies should be written in such a way that they will not need frequent updates. · Does the policy adequately describe scope and responsibilities? · Are the policy’s revision, approval, and distribution documented? After the policy has been approved, its success relies on proper delivery and understanding. To simply give a new employee 5 minutes to read and sign a policy during orientation is not enough. Focused and interactive “policy understanding” sessions should guarantee every employee understands the policy’s reasoning and necessity. Customizing these sessions according to department or function can drastically increase how much employees retain of and apply the training during their work. Repeat sessions reinforce the policies and keep material fresh in their minds. 1. Review the following scenario for the fictional Bankwise Credit Union: · The organization is a local credit union that has several branches and locations throughout the region. · Online banking and use of the internet are the bank’s strengths, given its limited human resources. · The customer service department is the organization’s most critical business function. · The organization wants to be in compliance with the Gramm- Leach-Bliley Act (GLBA) and IT security best practices regarding its employees. · The organization wants to monitor and control use of the Internet by implementing content filtering. · The organization wants to eliminate personal use of organization-owned IT assets and systems. · The organization wants to monitor and control use of the e-
mail system by implementing e-mail security controls. · The organization wants to implement security awareness training policy mandates for all new hires and existing employees. Policy definitions are to include GLBA and customer privacy data requirements, in addition to a mandate for annual security awareness training for all employees. 2. Create a security management policy with defined separation of duties for the Bankwise Credit Union. Bankwise Credit Union Security Awareness Training Policy Policy Statement Define your policy verbiage. Purpose/Objectives Define the policy’s purpose as well as its objectives. Scope Define whom this policy covers and its scope. What elements, IT assets, or organization-owned assets are within this policy’s scope? Standards Does the policy statement point to any hardware, software, or configuration standards? If so, list them here and explain the relationship of this policy to these standards. Procedures Explain how you intend to implement this policy for the entire organization. Guidelines Explain any roadblocks or implementation issues that you must overcome in this section and how you will surmount them per
defined guidelines. Any disputes or gaps in the definition and separation of duties responsibility may need to be addressed in this section. Challenge Exercise (0/2 completed) Note: The following challenge exercise is provided to allow independent, unguided work - similar to what you will encounter in a real situation. There are many vendors that provide security awareness training software to organizations that do not have the time nor the resources to create their own. When selecting a software vendor, many organizations will issue a Request for Information (RFI) to potential vendors, outlining the details of what the organization would like to learn about the vendor’s solution. You can read more about RFIs here: https://www.smartsheet.com/free-request-for-information- templates. As a security manager at eChef, an online marketplace for high- end kitchenware, you have been tasked with selecting a security awareness training software provider. Use the internet to research real security awareness training software providers. Question 1: Identify three security awareness training software providers. Question 2: Identify 10 questions that you would include in your RFI. Lab 2: Part 1: Research Remote Access Policies (0/1 completed) Note: In this part of the lab, you will review internet resources
on remote access policies in order to form a basis for their purpose and usage. Understanding the reason behind a remote access policy is key to understanding the component policies and procedures. Please take the time to review the research thoroughly and think through the concepts of the policy itself. 1. In your browser, navigate to and read the “Remote Access Policy” template at https://www.sans.org/information-security- policy/. 2. Using your favorite search engine, locate a remote access policy for a higher education institution. 3. Using your favorite search engine, locate a remote access policy for a healthcare provider. 4. Write a brief summary of the information during your research. In your summary, focus on the key elements of the remote access policy. You should also identify any unique elements of remote access policies for higher education and healthcare institutions. Be sure to provide links to the remote access policies you identified in steps 2 and 3. Part 2: Create a Remote Access Policy (0/7 completed) Note: As you found in your research, different industries have similar but different policies. When using a policy template, i t is important to ensure that the template matches the needs of your specific industry and business. 1. Review the following risks and threats found in the Remote Access Domain: · The organization is a local credit union that has several branches and locations throughout the region. · Online banking and use of the internet are the bank’s strengths, given its limited human resources. · The customer service department is the organization’s most
critical business function. · The organization wants to be in compliance with the Gramm- Leach-Bliley Act (GLBA) and IT security best practices regarding its employees. · The organization wants to monitor and control use of the internet by implementing content filtering. · The organization wants to eliminate personal use of organization-owned IT assets and systems. · The organization wants to monitor and control use of the e- mail system by implementing e-mail security controls. · The organization wants to implement security awareness training policy mandates for all new hires and existing employees. Policy definitions are to include GLBA and customer privacy data requirements, in addition to a mandate for annual security awareness training for all employees. 2. Identify a security control or countermeasure to mitigate each risk and threat identified in the Remote Access Domain. These security controls or countermeasures will become the basis of the scope of the Remote Access Domain policy definition to help mitigate the risks and threats commonly found within the Remote Access Domain. 3. Review the following characteristics of the fictional Healthwise Health Care Provider: · Healthwise has several remote health care branches and locations throughout the region. · Online access to patients’ medical records through the public Internet is required for remote nurses and hospices providing in- home medical services. · Online access to patients’ medical records from remote clinics is facilitated through a virtual private network (VPN) and a secure web application front-end over the public Internet. · The organization wants to be in compliance with the Health Insurance Portability and Accountability Act (HIPAA) and IT security best practices regarding remote access through the
public internet. · The organization wants to monitor and control the use of remote access by implementing system logging. · The organization wants to implement a security awareness training policy mandating that all new hires and existing employees obtain remote access security training. Policy definition is to include HIPAA and electronic protected health information (ePHI) security requirements and a mandate for annual security awareness training for all remote or mobile employees. 4. Create an organization-wide remote access policy for Healthwise Health Care: Healthwise Health Care Remote Access Policy for Remote Workers and Medical Clinics Policy Statement Define your policy verbiage. Purpose/Objectives Define the policy’s purpose as well as its objectives and policy definitions Scope Define whom this policy covers and its scope. What elements, IT assets, or organization-owned assets are within this policy’s scope? Standards Does the policy statement point to any hardware, software, or configuration standards? If so, list them here and explain the relationship of this policy to these standards. In this case, Remote Access Domain standards should be referenced, such as encryption standards and VPN standards; make any necessary assumptions.
Procedures Explain how you intend to implement this policy for the entire organization. Challenge Exercise (0/1 completed) Note: The following challenge exercise is provided to allow independent, unguided work - similar to what you will encounter in a real situation. For this portion of the lab, you will create training documentation for remote employees of Healthwise Health Care. This training will provide remote employees with methods they can use to secure their home network before connecting a company computer, as well as guidance on how to access the corporate network while traveling. Use the internet to find information about remote access policies and home network protection, and then use this information to create a training document for remote employees. -----------------------------------------------

Empfohlen

CompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxCompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxInfosectrain3
 
ISE 620 Final Project Guidelines and Rubric Overview .docx
ISE 620 Final Project Guidelines and Rubric Overview .docxISE 620 Final Project Guidelines and Rubric Overview .docx
ISE 620 Final Project Guidelines and Rubric Overview .docxchristiandean12115
 
IT 549 Final Project Guidelines and Rubric Overview .docx
IT 549 Final Project Guidelines and Rubric Overview .docxIT 549 Final Project Guidelines and Rubric Overview .docx
IT 549 Final Project Guidelines and Rubric Overview .docxchristiandean12115
 
Project 1Create an application that displays payroll informatio.docx
Project 1Create an application that displays payroll informatio.docxProject 1Create an application that displays payroll informatio.docx
Project 1Create an application that displays payroll informatio.docxbriancrawford30935
 
After reading chapter 10Watch.. httpswww.youtube.comwatc.docx
After reading chapter 10Watch.. httpswww.youtube.comwatc.docxAfter reading chapter 10Watch.. httpswww.youtube.comwatc.docx
After reading chapter 10Watch.. httpswww.youtube.comwatc.docxnettletondevon
 
Businesses involved in mergers and acquisitions must exercise due di.docx
Businesses involved in mergers and acquisitions must exercise due di.docxBusinesses involved in mergers and acquisitions must exercise due di.docx
Businesses involved in mergers and acquisitions must exercise due di.docxdewhirstichabod
 
4MANUAL OVERVIEW5SECTION 1Introduction Welcome.docx
4MANUAL OVERVIEW5SECTION 1Introduction Welcome.docx4MANUAL OVERVIEW5SECTION 1Introduction Welcome.docx
4MANUAL OVERVIEW5SECTION 1Introduction Welcome.docxalinainglis
 
COURSE PROJECT2Operating System and Application Security Str.docx
COURSE PROJECT2Operating System and Application Security Str.docxCOURSE PROJECT2Operating System and Application Security Str.docx
COURSE PROJECT2Operating System and Application Security Str.docxmarilucorr
 

Empfohlen

CompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxCompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxInfosectrain3
 
ISE 620 Final Project Guidelines and Rubric Overview .docx
ISE 620 Final Project Guidelines and Rubric Overview .docxISE 620 Final Project Guidelines and Rubric Overview .docx
ISE 620 Final Project Guidelines and Rubric Overview .docxchristiandean12115
 
IT 549 Final Project Guidelines and Rubric Overview .docx
IT 549 Final Project Guidelines and Rubric Overview .docxIT 549 Final Project Guidelines and Rubric Overview .docx
IT 549 Final Project Guidelines and Rubric Overview .docxchristiandean12115
 
Project 1Create an application that displays payroll informatio.docx
Project 1Create an application that displays payroll informatio.docxProject 1Create an application that displays payroll informatio.docx
Project 1Create an application that displays payroll informatio.docxbriancrawford30935
 
After reading chapter 10Watch.. httpswww.youtube.comwatc.docx
After reading chapter 10Watch.. httpswww.youtube.comwatc.docxAfter reading chapter 10Watch.. httpswww.youtube.comwatc.docx
After reading chapter 10Watch.. httpswww.youtube.comwatc.docxnettletondevon
 
Businesses involved in mergers and acquisitions must exercise due di.docx
Businesses involved in mergers and acquisitions must exercise due di.docxBusinesses involved in mergers and acquisitions must exercise due di.docx
Businesses involved in mergers and acquisitions must exercise due di.docxdewhirstichabod
 
4MANUAL OVERVIEW5SECTION 1Introduction Welcome.docx
4MANUAL OVERVIEW5SECTION 1Introduction Welcome.docx4MANUAL OVERVIEW5SECTION 1Introduction Welcome.docx
4MANUAL OVERVIEW5SECTION 1Introduction Welcome.docxalinainglis
 
COURSE PROJECT2Operating System and Application Security Str.docx
COURSE PROJECT2Operating System and Application Security Str.docxCOURSE PROJECT2Operating System and Application Security Str.docx
COURSE PROJECT2Operating System and Application Security Str.docxmarilucorr
 
Homework AssignmentShort Answer Responses.1. Describe the fiv.docx
Homework AssignmentShort Answer Responses.1. Describe the fiv.docxHomework AssignmentShort Answer Responses.1. Describe the fiv.docx
Homework AssignmentShort Answer Responses.1. Describe the fiv.docxadampcarr67227
 
There are two general types of data dictionaries a database manag
There are two general types of data dictionaries a database managThere are two general types of data dictionaries a database manag
There are two general types of data dictionaries a database managGrazynaBroyles24
 
Social media risks guide
Social media risks guideSocial media risks guide
Social media risks guideAstalapulosListestos
 
Explanation of the most common types of technical risks
Explanation of the most common types of technical risksExplanation of the most common types of technical risks
Explanation of the most common types of technical riskskevinmass30
 
Meaningful Use Core Measure 15 Webinar
Meaningful Use Core Measure 15 WebinarMeaningful Use Core Measure 15 Webinar
Meaningful Use Core Measure 15 WebinarCompliancy Group
 
main project doument
main project doumentmain project doument
main project doumentSunil Kotthakota
 
Affirmative position outsourcing is the practice of using outside
Affirmative position outsourcing is the practice of using outsideAffirmative position outsourcing is the practice of using outside
Affirmative position outsourcing is the practice of using outsideAASTHA76
 
E’s Data Security Company Strategic Security Plan – 2015.docx
E’s Data Security Company Strategic Security Plan – 2015.docxE’s Data Security Company Strategic Security Plan – 2015.docx
E’s Data Security Company Strategic Security Plan – 2015.docxmydrynan
 
File000169
File000169File000169
File000169Desmond Devendran
 
Ch06 Policy
Ch06 PolicyCh06 Policy
Ch06 Policyphanleson
 
To meet the requirements for lab 10 you were to perform Part 1, S
To meet the requirements for lab 10 you were to perform Part 1, STo meet the requirements for lab 10 you were to perform Part 1, S
To meet the requirements for lab 10 you were to perform Part 1, STakishaPeck109
 
Security policy.pdf
Security policy.pdfSecurity policy.pdf
Security policy.pdfMd. Sajjat Hossain
 
RiskWatch for Credit Unions™
RiskWatch for Credit Unions™RiskWatch for Credit Unions™
RiskWatch for Credit Unions™CPaschal
 
ENHANCING INFRASTRUCTURE SECURITY IN REAL ESTATE
ENHANCING INFRASTRUCTURE SECURITY IN REAL ESTATEENHANCING INFRASTRUCTURE SECURITY IN REAL ESTATE
ENHANCING INFRASTRUCTURE SECURITY IN REAL ESTATEIJNSA Journal
 
(CDC IT Security Staff BCP Policy) ([CSIA 413,).docx
(CDC IT Security Staff BCP Policy) ([CSIA 413,).docx (CDC IT Security Staff BCP Policy) ([CSIA 413,).docx
(CDC IT Security Staff BCP Policy) ([CSIA 413,).docxjoyjonna282
 
Module 1 / Unit 5 Digital Cybersecurity
Module 1 / Unit 5 Digital Cybersecurity Module 1 / Unit 5 Digital Cybersecurity
Module 1 / Unit 5 Digital Cybersecurity SMKCreations
 
Running Head CYBER SECURITY IMPROVEMENT AREASCYBER SECURITY.docx
Running Head CYBER SECURITY IMPROVEMENT AREASCYBER SECURITY.docxRunning Head CYBER SECURITY IMPROVEMENT AREASCYBER SECURITY.docx
Running Head CYBER SECURITY IMPROVEMENT AREASCYBER SECURITY.docxsusanschei
 
Trustwave Cybersecurity Education Catalog
Trustwave Cybersecurity Education CatalogTrustwave Cybersecurity Education Catalog
Trustwave Cybersecurity Education CatalogTrustwave
 
Cmgt 400 cmgt400
Cmgt 400 cmgt400Cmgt 400 cmgt400
Cmgt 400 cmgt400GOODCourseHelp
 
CHAPTER 5 Security Policies, Standards, Procedures, a
CHAPTER 5 Security Policies, Standards, Procedures, aCHAPTER 5 Security Policies, Standards, Procedures, a
CHAPTER 5 Security Policies, Standards, Procedures, aMaximaSheffield592
 
Please readRobert Geraci, Russia Minorities and Empire,” in .docx
Please readRobert Geraci, Russia Minorities and Empire,” in .docxPlease readRobert Geraci, Russia Minorities and Empire,” in .docx
Please readRobert Geraci, Russia Minorities and Empire,” in .docxTatianaMajor22
 
Ford VS ChevroletThere are many reasons that make the Chevy.docx
Ford VS ChevroletThere are many reasons that make the Chevy.docxFord VS ChevroletThere are many reasons that make the Chevy.docx
Ford VS ChevroletThere are many reasons that make the Chevy.docxTatianaMajor22
 

Weitere ähnliche Inhalte

Ähnlich wie Lab 1Part 11. Review the security awareness training polic

Homework AssignmentShort Answer Responses.1. Describe the fiv.docx
Homework AssignmentShort Answer Responses.1. Describe the fiv.docxHomework AssignmentShort Answer Responses.1. Describe the fiv.docx
Homework AssignmentShort Answer Responses.1. Describe the fiv.docxadampcarr67227
 
There are two general types of data dictionaries a database manag
There are two general types of data dictionaries a database managThere are two general types of data dictionaries a database manag
There are two general types of data dictionaries a database managGrazynaBroyles24
 
Explanation of the most common types of technical risks
Explanation of the most common types of technical risksExplanation of the most common types of technical risks
Explanation of the most common types of technical riskskevinmass30
 
Meaningful Use Core Measure 15 Webinar
Meaningful Use Core Measure 15 WebinarMeaningful Use Core Measure 15 Webinar
Meaningful Use Core Measure 15 WebinarCompliancy Group
 
Affirmative position outsourcing is the practice of using outside
Affirmative position outsourcing is the practice of using outsideAffirmative position outsourcing is the practice of using outside
Affirmative position outsourcing is the practice of using outsideAASTHA76
 
E’s Data Security Company Strategic Security Plan – 2015.docx
E’s Data Security Company Strategic Security Plan – 2015.docxE’s Data Security Company Strategic Security Plan – 2015.docx
E’s Data Security Company Strategic Security Plan – 2015.docxmydrynan
 
To meet the requirements for lab 10 you were to perform Part 1, S
To meet the requirements for lab 10 you were to perform Part 1, STo meet the requirements for lab 10 you were to perform Part 1, S
To meet the requirements for lab 10 you were to perform Part 1, STakishaPeck109
 
RiskWatch for Credit Unions™
RiskWatch for Credit Unions™RiskWatch for Credit Unions™
RiskWatch for Credit Unions™CPaschal
 
ENHANCING INFRASTRUCTURE SECURITY IN REAL ESTATE
ENHANCING INFRASTRUCTURE SECURITY IN REAL ESTATEENHANCING INFRASTRUCTURE SECURITY IN REAL ESTATE
ENHANCING INFRASTRUCTURE SECURITY IN REAL ESTATEIJNSA Journal
 
(CDC IT Security Staff BCP Policy) ([CSIA 413,).docx
(CDC IT Security Staff BCP Policy) ([CSIA 413,).docx (CDC IT Security Staff BCP Policy) ([CSIA 413,).docx
(CDC IT Security Staff BCP Policy) ([CSIA 413,).docxjoyjonna282
 
Module 1 / Unit 5 Digital Cybersecurity
Module 1 / Unit 5 Digital Cybersecurity Module 1 / Unit 5 Digital Cybersecurity
Module 1 / Unit 5 Digital Cybersecurity SMKCreations
 
Running Head CYBER SECURITY IMPROVEMENT AREASCYBER SECURITY.docx
Running Head CYBER SECURITY IMPROVEMENT AREASCYBER SECURITY.docxRunning Head CYBER SECURITY IMPROVEMENT AREASCYBER SECURITY.docx
Running Head CYBER SECURITY IMPROVEMENT AREASCYBER SECURITY.docxsusanschei
 
Trustwave Cybersecurity Education Catalog
Trustwave Cybersecurity Education CatalogTrustwave Cybersecurity Education Catalog
Trustwave Cybersecurity Education CatalogTrustwave
 
CHAPTER 5 Security Policies, Standards, Procedures, a
CHAPTER 5 Security Policies, Standards, Procedures, aCHAPTER 5 Security Policies, Standards, Procedures, a
CHAPTER 5 Security Policies, Standards, Procedures, aMaximaSheffield592
 

Ähnlich wie Lab 1Part 11. Review the security awareness training polic (20)

Homework AssignmentShort Answer Responses.1. Describe the fiv.docx
Homework AssignmentShort Answer Responses.1. Describe the fiv.docxHomework AssignmentShort Answer Responses.1. Describe the fiv.docx
Homework AssignmentShort Answer Responses.1. Describe the fiv.docx
 
There are two general types of data dictionaries a database manag
There are two general types of data dictionaries a database managThere are two general types of data dictionaries a database manag
There are two general types of data dictionaries a database manag
 
Social media risks guide
Social media risks guideSocial media risks guide
Social media risks guide
 
Explanation of the most common types of technical risks
Explanation of the most common types of technical risksExplanation of the most common types of technical risks
Explanation of the most common types of technical risks
 
Meaningful Use Core Measure 15 Webinar
Meaningful Use Core Measure 15 WebinarMeaningful Use Core Measure 15 Webinar
Meaningful Use Core Measure 15 Webinar
 
main project doument
main project doumentmain project doument
main project doument
 
Affirmative position outsourcing is the practice of using outside
Affirmative position outsourcing is the practice of using outsideAffirmative position outsourcing is the practice of using outside
Affirmative position outsourcing is the practice of using outside
 
E’s Data Security Company Strategic Security Plan – 2015.docx
E’s Data Security Company Strategic Security Plan – 2015.docxE’s Data Security Company Strategic Security Plan – 2015.docx
E’s Data Security Company Strategic Security Plan – 2015.docx
 
File000169
File000169File000169
File000169
 
Ch06 Policy
Ch06 PolicyCh06 Policy
Ch06 Policy
 
To meet the requirements for lab 10 you were to perform Part 1, S
To meet the requirements for lab 10 you were to perform Part 1, STo meet the requirements for lab 10 you were to perform Part 1, S
To meet the requirements for lab 10 you were to perform Part 1, S
 
Security policy.pdf
Security policy.pdfSecurity policy.pdf
Security policy.pdf
 
RiskWatch for Credit Unions™
RiskWatch for Credit Unions™RiskWatch for Credit Unions™
RiskWatch for Credit Unions™
 
ENHANCING INFRASTRUCTURE SECURITY IN REAL ESTATE
ENHANCING INFRASTRUCTURE SECURITY IN REAL ESTATEENHANCING INFRASTRUCTURE SECURITY IN REAL ESTATE
ENHANCING INFRASTRUCTURE SECURITY IN REAL ESTATE
 
(CDC IT Security Staff BCP Policy) ([CSIA 413,).docx
(CDC IT Security Staff BCP Policy) ([CSIA 413,).docx (CDC IT Security Staff BCP Policy) ([CSIA 413,).docx
(CDC IT Security Staff BCP Policy) ([CSIA 413,).docx
 
Module 1 / Unit 5 Digital Cybersecurity
Module 1 / Unit 5 Digital Cybersecurity Module 1 / Unit 5 Digital Cybersecurity
Module 1 / Unit 5 Digital Cybersecurity
 
Running Head CYBER SECURITY IMPROVEMENT AREASCYBER SECURITY.docx
Running Head CYBER SECURITY IMPROVEMENT AREASCYBER SECURITY.docxRunning Head CYBER SECURITY IMPROVEMENT AREASCYBER SECURITY.docx
Running Head CYBER SECURITY IMPROVEMENT AREASCYBER SECURITY.docx
 
Trustwave Cybersecurity Education Catalog
Trustwave Cybersecurity Education CatalogTrustwave Cybersecurity Education Catalog
Trustwave Cybersecurity Education Catalog
 
Cmgt 400 cmgt400
Cmgt 400 cmgt400Cmgt 400 cmgt400
Cmgt 400 cmgt400
 
CHAPTER 5 Security Policies, Standards, Procedures, a
CHAPTER 5 Security Policies, Standards, Procedures, aCHAPTER 5 Security Policies, Standards, Procedures, a
CHAPTER 5 Security Policies, Standards, Procedures, a
 

Mehr von TatianaMajor22

Please readRobert Geraci, Russia Minorities and Empire,” in .docx
Please readRobert Geraci, Russia Minorities and Empire,” in .docxPlease readRobert Geraci, Russia Minorities and Empire,” in .docx
Please readRobert Geraci, Russia Minorities and Empire,” in .docxTatianaMajor22
 
Ford VS ChevroletThere are many reasons that make the Chevy.docx
Ford VS ChevroletThere are many reasons that make the Chevy.docxFord VS ChevroletThere are many reasons that make the Chevy.docx
Ford VS ChevroletThere are many reasons that make the Chevy.docxTatianaMajor22
 
Fairness and Discipline     Weve all been disciplined at one.docx
Fairness and Discipline     Weve all been disciplined at one.docxFairness and Discipline     Weve all been disciplined at one.docx
Fairness and Discipline     Weve all been disciplined at one.docxTatianaMajor22
 
Appendix 12A Statement of Cash Flows—Direct MethodLEARNING .docx
Appendix 12A Statement of Cash Flows—Direct MethodLEARNING .docxAppendix 12A Statement of Cash Flows—Direct MethodLEARNING .docx
Appendix 12A Statement of Cash Flows—Direct MethodLEARNING .docxTatianaMajor22
 
Effects of StressProvide a 1-page description of a stressful .docx
Effects of StressProvide a 1-page description of a stressful .docxEffects of StressProvide a 1-page description of a stressful .docx
Effects of StressProvide a 1-page description of a stressful .docxTatianaMajor22
 
Design Factors NotesCIO’s Office 5 People IT Chief’s Offi.docx
Design Factors NotesCIO’s Office 5 People IT Chief’s Offi.docxDesign Factors NotesCIO’s Office 5 People IT Chief’s Offi.docx
Design Factors NotesCIO’s Office 5 People IT Chief’s Offi.docxTatianaMajor22
 
Question 12.5 pointsSaveThe OSU studies concluded that le.docx
Question 12.5 pointsSaveThe OSU studies concluded that le.docxQuestion 12.5 pointsSaveThe OSU studies concluded that le.docx
Question 12.5 pointsSaveThe OSU studies concluded that le.docxTatianaMajor22
 
Case Study 1 Questions1.     What is the allocated budget .docx
Case Study 1 Questions1.     What is the allocated budget .docxCase Study 1 Questions1.     What is the allocated budget .docx
Case Study 1 Questions1.     What is the allocated budget .docxTatianaMajor22
 
Behavior in OrganizationsIntercultural Communications Exercise .docx
Behavior in OrganizationsIntercultural Communications Exercise .docxBehavior in OrganizationsIntercultural Communications Exercise .docx
Behavior in OrganizationsIntercultural Communications Exercise .docxTatianaMajor22
 
Discussion Question Comparison of Theories on Anxiety Disord.docx
Discussion Question Comparison of Theories on Anxiety Disord.docxDiscussion Question Comparison of Theories on Anxiety Disord.docx
Discussion Question Comparison of Theories on Anxiety Disord.docxTatianaMajor22
 
I have always liked Dustin Hoffmans style of acting, in this mov.docx
I have always liked Dustin Hoffmans style of acting, in this mov.docxI have always liked Dustin Hoffmans style of acting, in this mov.docx
I have always liked Dustin Hoffmans style of acting, in this mov.docxTatianaMajor22
 
Is obedience to the law sufficient to ensure ethical behavior Wh.docx
Is obedience to the law sufficient to ensure ethical behavior Wh.docxIs obedience to the law sufficient to ensure ethical behavior Wh.docx
Is obedience to the law sufficient to ensure ethical behavior Wh.docxTatianaMajor22
 
If you are using the Blackboard Mobile Learn IOS App, please clic.docx
If you are using the Blackboard Mobile Learn IOS App, please clic.docxIf you are using the Blackboard Mobile Learn IOS App, please clic.docx
If you are using the Blackboard Mobile Learn IOS App, please clic.docxTatianaMajor22
 
Is the proliferation of social media and communication devices a .docx
Is the proliferation of social media and communication devices a .docxIs the proliferation of social media and communication devices a .docx
Is the proliferation of social media and communication devices a .docxTatianaMajor22
 
MATH 107 FINAL EXAMINATIONMULTIPLE CHOICE1. Deter.docx
MATH 107 FINAL EXAMINATIONMULTIPLE CHOICE1. Deter.docxMATH 107 FINAL EXAMINATIONMULTIPLE CHOICE1. Deter.docx
MATH 107 FINAL EXAMINATIONMULTIPLE CHOICE1. Deter.docxTatianaMajor22
 
If the CIO is to be valued as a strategic actor, how can he bring.docx
If the CIO is to be valued as a strategic actor, how can he bring.docxIf the CIO is to be valued as a strategic actor, how can he bring.docx
If the CIO is to be valued as a strategic actor, how can he bring.docxTatianaMajor22
 
I am showing below the proof of breakeven, which is fixed costs .docx
I am showing below the proof of breakeven, which is fixed costs .docxI am showing below the proof of breakeven, which is fixed costs .docx
I am showing below the proof of breakeven, which is fixed costs .docxTatianaMajor22
 
Examine the way in which death and dying are viewed at different .docx
Examine the way in which death and dying are viewed at different .docxExamine the way in which death and dying are viewed at different .docx
Examine the way in which death and dying are viewed at different .docxTatianaMajor22
 
Karimi 1 Big Picture Blog Post ​ First Draft College .docx
Karimi 1 Big Picture Blog Post ​ First Draft College .docxKarimi 1 Big Picture Blog Post ​ First Draft College .docx
Karimi 1 Big Picture Blog Post ​ First Draft College .docxTatianaMajor22
 
Please try not to use hard words Thank youWeek 3Individual.docx
Please try not to use hard words Thank youWeek 3Individual.docxPlease try not to use hard words Thank youWeek 3Individual.docx
Please try not to use hard words Thank youWeek 3Individual.docxTatianaMajor22
 

Mehr von TatianaMajor22 (20)

Please readRobert Geraci, Russia Minorities and Empire,” in .docx
Please readRobert Geraci, Russia Minorities and Empire,” in .docxPlease readRobert Geraci, Russia Minorities and Empire,” in .docx
Please readRobert Geraci, Russia Minorities and Empire,” in .docx
 
Ford VS ChevroletThere are many reasons that make the Chevy.docx
Ford VS ChevroletThere are many reasons that make the Chevy.docxFord VS ChevroletThere are many reasons that make the Chevy.docx
Ford VS ChevroletThere are many reasons that make the Chevy.docx
 
Fairness and Discipline     Weve all been disciplined at one.docx
Fairness and Discipline     Weve all been disciplined at one.docxFairness and Discipline     Weve all been disciplined at one.docx
Fairness and Discipline     Weve all been disciplined at one.docx
 
Appendix 12A Statement of Cash Flows—Direct MethodLEARNING .docx
Appendix 12A Statement of Cash Flows—Direct MethodLEARNING .docxAppendix 12A Statement of Cash Flows—Direct MethodLEARNING .docx
Appendix 12A Statement of Cash Flows—Direct MethodLEARNING .docx
 
Effects of StressProvide a 1-page description of a stressful .docx
Effects of StressProvide a 1-page description of a stressful .docxEffects of StressProvide a 1-page description of a stressful .docx
Effects of StressProvide a 1-page description of a stressful .docx
 
Design Factors NotesCIO’s Office 5 People IT Chief’s Offi.docx
Design Factors NotesCIO’s Office 5 People IT Chief’s Offi.docxDesign Factors NotesCIO’s Office 5 People IT Chief’s Offi.docx
Design Factors NotesCIO’s Office 5 People IT Chief’s Offi.docx
 
Question 12.5 pointsSaveThe OSU studies concluded that le.docx
Question 12.5 pointsSaveThe OSU studies concluded that le.docxQuestion 12.5 pointsSaveThe OSU studies concluded that le.docx
Question 12.5 pointsSaveThe OSU studies concluded that le.docx
 
Case Study 1 Questions1.     What is the allocated budget .docx
Case Study 1 Questions1.     What is the allocated budget .docxCase Study 1 Questions1.     What is the allocated budget .docx
Case Study 1 Questions1.     What is the allocated budget .docx
 
Behavior in OrganizationsIntercultural Communications Exercise .docx
Behavior in OrganizationsIntercultural Communications Exercise .docxBehavior in OrganizationsIntercultural Communications Exercise .docx
Behavior in OrganizationsIntercultural Communications Exercise .docx
 
Discussion Question Comparison of Theories on Anxiety Disord.docx
Discussion Question Comparison of Theories on Anxiety Disord.docxDiscussion Question Comparison of Theories on Anxiety Disord.docx
Discussion Question Comparison of Theories on Anxiety Disord.docx
 
I have always liked Dustin Hoffmans style of acting, in this mov.docx
I have always liked Dustin Hoffmans style of acting, in this mov.docxI have always liked Dustin Hoffmans style of acting, in this mov.docx
I have always liked Dustin Hoffmans style of acting, in this mov.docx
 
Is obedience to the law sufficient to ensure ethical behavior Wh.docx
Is obedience to the law sufficient to ensure ethical behavior Wh.docxIs obedience to the law sufficient to ensure ethical behavior Wh.docx
Is obedience to the law sufficient to ensure ethical behavior Wh.docx
 
If you are using the Blackboard Mobile Learn IOS App, please clic.docx
If you are using the Blackboard Mobile Learn IOS App, please clic.docxIf you are using the Blackboard Mobile Learn IOS App, please clic.docx
If you are using the Blackboard Mobile Learn IOS App, please clic.docx
 
Is the proliferation of social media and communication devices a .docx
Is the proliferation of social media and communication devices a .docxIs the proliferation of social media and communication devices a .docx
Is the proliferation of social media and communication devices a .docx
 
MATH 107 FINAL EXAMINATIONMULTIPLE CHOICE1. Deter.docx
MATH 107 FINAL EXAMINATIONMULTIPLE CHOICE1. Deter.docxMATH 107 FINAL EXAMINATIONMULTIPLE CHOICE1. Deter.docx
MATH 107 FINAL EXAMINATIONMULTIPLE CHOICE1. Deter.docx
 
If the CIO is to be valued as a strategic actor, how can he bring.docx
If the CIO is to be valued as a strategic actor, how can he bring.docxIf the CIO is to be valued as a strategic actor, how can he bring.docx
If the CIO is to be valued as a strategic actor, how can he bring.docx
 
I am showing below the proof of breakeven, which is fixed costs .docx
I am showing below the proof of breakeven, which is fixed costs .docxI am showing below the proof of breakeven, which is fixed costs .docx
I am showing below the proof of breakeven, which is fixed costs .docx
 
Examine the way in which death and dying are viewed at different .docx
Examine the way in which death and dying are viewed at different .docxExamine the way in which death and dying are viewed at different .docx
Examine the way in which death and dying are viewed at different .docx
 
Karimi 1 Big Picture Blog Post ​ First Draft College .docx
Karimi 1 Big Picture Blog Post ​ First Draft College .docxKarimi 1 Big Picture Blog Post ​ First Draft College .docx
Karimi 1 Big Picture Blog Post ​ First Draft College .docx
 
Please try not to use hard words Thank youWeek 3Individual.docx
Please try not to use hard words Thank youWeek 3Individual.docxPlease try not to use hard words Thank youWeek 3Individual.docx
Please try not to use hard words Thank youWeek 3Individual.docx
 

Kürzlich hochgeladen

Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Pooja Bhuva
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17Celine George
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxVishalSingh1417
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseAnaAcapella
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and ModificationsMJDuyan
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.pptRamjanShidvankar
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...pradhanghanshyam7136
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentationcamerronhm
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxEsquimalt MFRC
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...Poonam Aher Patil
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jisc
 
Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...Association for Project Management
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfNirmal Dwivedi
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibitjbellavia9
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfPoh-Sun Goh
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Jisc
 

Kürzlich hochgeladen (20)

Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentation
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)
 
Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 

Lab 1Part 11. Review the security awareness training polic

  • 1. Lab 1: Part 1: 1. Review the security awareness training policies at the following websites: · Health care: State of North Carolina Department of Health and Human Services (https://policies.ncdhhs.gov/departmental/policies- manuals/section-viii-privacy-and-security/manuals/security- manual/@@display- file/policy_file/DHHS%20Security%20Manual.pdf) · Higher education: University of San Francisco (http://www.usfca.edu/its/security/seta/) 2. For each sample security awareness training policy that you reviewed in the step above, discuss the policy’s main components. You should focus on the need for a security awareness program and its key elements --------------------------------------------------------------------------- ----- Part 2: Create a Security Awareness Policy (0/6 completed) Note: A strong security awareness policy is a key component of a strong organizational security posture. The effectiveness of a security awareness training policy and program will directly influence how well employees will value and protect the organization’s security position. When writing a security awareness training policy, consider the following questions: · Is the policy statement as concise and readable as possible? For example, no more than one to three sentences. · Is the entire policy as concise and readable as possible? For example, no more than two to three pages. · Does the policy align well with other governing documents?
  • 2. · Does the policy speak directly to the target audience? · Does the policy state the “why” with only the minimal detail, and rely on standards or guidelines for the “how”? Policies should be written in such a way that they will not need frequent updates. · Does the policy adequately describe scope and responsibilities? · Are the policy’s revision, approval, and distribution documented? After the policy has been approved, its success relies on proper delivery and understanding. To simply give a new employee 5 minutes to read and sign a policy during orientation is not enough. Focused and interactive “policy understanding” sessions should guarantee every employee understands the policy’s reasoning and necessity. Customizing these sessions according to department or function can drastically increase how much employees retain of and apply the training during their work. Repeat sessions reinforce the policies and keep material fresh in their minds. 1. Review the following scenario for the fictional Bankwise Credit Union: · The organization is a local credit union that has several branches and locations throughout the region. · Online banking and use of the internet are the bank’s strengths, given its limited human resources. · The customer service department is the organization’s most critical business function. · The organization wants to be in compliance with the Gramm- Leach-Bliley Act (GLBA) and IT security best practices regarding its employees. · The organization wants to monitor and control use of the Internet by implementing content filtering. · The organization wants to eliminate personal use of organization-owned IT assets and systems. · The organization wants to monitor and control use of the e-
  • 3. mail system by implementing e-mail security controls. · The organization wants to implement security awareness training policy mandates for all new hires and existing employees. Policy definitions are to include GLBA and customer privacy data requirements, in addition to a mandate for annual security awareness training for all employees. 2. Create a security management policy with defined separation of duties for the Bankwise Credit Union. Bankwise Credit Union Security Awareness Training Policy Policy Statement Define your policy verbiage. Purpose/Objectives Define the policy’s purpose as well as its objectives. Scope Define whom this policy covers and its scope. What elements, IT assets, or organization-owned assets are within this policy’s scope? Standards Does the policy statement point to any hardware, software, or configuration standards? If so, list them here and explain the relationship of this policy to these standards. Procedures Explain how you intend to implement this policy for the entire organization. Guidelines Explain any roadblocks or implementation issues that you must overcome in this section and how you will surmount them per
  • 4. defined guidelines. Any disputes or gaps in the definition and separation of duties responsibility may need to be addressed in this section. Challenge Exercise (0/2 completed) Note: The following challenge exercise is provided to allow independent, unguided work - similar to what you will encounter in a real situation. There are many vendors that provide security awareness training software to organizations that do not have the time nor the resources to create their own. When selecting a software vendor, many organizations will issue a Request for Information (RFI) to potential vendors, outlining the details of what the organization would like to learn about the vendor’s solution. You can read more about RFIs here: https://www.smartsheet.com/free-request-for-information- templates. As a security manager at eChef, an online marketplace for high- end kitchenware, you have been tasked with selecting a security awareness training software provider. Use the internet to research real security awareness training software providers. Question 1: Identify three security awareness training software providers. Question 2: Identify 10 questions that you would include in your RFI. Lab 2: Part 1: Research Remote Access Policies (0/1 completed) Note: In this part of the lab, you will review internet resources
  • 5. on remote access policies in order to form a basis for their purpose and usage. Understanding the reason behind a remote access policy is key to understanding the component policies and procedures. Please take the time to review the research thoroughly and think through the concepts of the policy itself. 1. In your browser, navigate to and read the “Remote Access Policy” template at https://www.sans.org/information-security- policy/. 2. Using your favorite search engine, locate a remote access policy for a higher education institution. 3. Using your favorite search engine, locate a remote access policy for a healthcare provider. 4. Write a brief summary of the information during your research. In your summary, focus on the key elements of the remote access policy. You should also identify any unique elements of remote access policies for higher education and healthcare institutions. Be sure to provide links to the remote access policies you identified in steps 2 and 3. Part 2: Create a Remote Access Policy (0/7 completed) Note: As you found in your research, different industries have similar but different policies. When using a policy template, i t is important to ensure that the template matches the needs of your specific industry and business. 1. Review the following risks and threats found in the Remote Access Domain: · The organization is a local credit union that has several branches and locations throughout the region. · Online banking and use of the internet are the bank’s strengths, given its limited human resources. · The customer service department is the organization’s most
  • 6. critical business function. · The organization wants to be in compliance with the Gramm- Leach-Bliley Act (GLBA) and IT security best practices regarding its employees. · The organization wants to monitor and control use of the internet by implementing content filtering. · The organization wants to eliminate personal use of organization-owned IT assets and systems. · The organization wants to monitor and control use of the e- mail system by implementing e-mail security controls. · The organization wants to implement security awareness training policy mandates for all new hires and existing employees. Policy definitions are to include GLBA and customer privacy data requirements, in addition to a mandate for annual security awareness training for all employees. 2. Identify a security control or countermeasure to mitigate each risk and threat identified in the Remote Access Domain. These security controls or countermeasures will become the basis of the scope of the Remote Access Domain policy definition to help mitigate the risks and threats commonly found within the Remote Access Domain. 3. Review the following characteristics of the fictional Healthwise Health Care Provider: · Healthwise has several remote health care branches and locations throughout the region. · Online access to patients’ medical records through the public Internet is required for remote nurses and hospices providing in- home medical services. · Online access to patients’ medical records from remote clinics is facilitated through a virtual private network (VPN) and a secure web application front-end over the public Internet. · The organization wants to be in compliance with the Health Insurance Portability and Accountability Act (HIPAA) and IT security best practices regarding remote access through the
  • 7. public internet. · The organization wants to monitor and control the use of remote access by implementing system logging. · The organization wants to implement a security awareness training policy mandating that all new hires and existing employees obtain remote access security training. Policy definition is to include HIPAA and electronic protected health information (ePHI) security requirements and a mandate for annual security awareness training for all remote or mobile employees. 4. Create an organization-wide remote access policy for Healthwise Health Care: Healthwise Health Care Remote Access Policy for Remote Workers and Medical Clinics Policy Statement Define your policy verbiage. Purpose/Objectives Define the policy’s purpose as well as its objectives and policy definitions Scope Define whom this policy covers and its scope. What elements, IT assets, or organization-owned assets are within this policy’s scope? Standards Does the policy statement point to any hardware, software, or configuration standards? If so, list them here and explain the relationship of this policy to these standards. In this case, Remote Access Domain standards should be referenced, such as encryption standards and VPN standards; make any necessary assumptions.
  • 8. Procedures Explain how you intend to implement this policy for the entire organization. Challenge Exercise (0/1 completed) Note: The following challenge exercise is provided to allow independent, unguided work - similar to what you will encounter in a real situation. For this portion of the lab, you will create training documentation for remote employees of Healthwise Health Care. This training will provide remote employees with methods they can use to secure their home network before connecting a company computer, as well as guidance on how to access the corporate network while traveling. Use the internet to find information about remote access policies and home network protection, and then use this information to create a training document for remote employees. -----------------------------------------------