Wk 4 - Apply Summative Assessment Reflection Information and Security
docx
keyboard_arrow_up
School
University of Phoenix *
*We aren’t endorsed by this school
Course
205
Subject
Information Systems
Date
Apr 27, 2024
Type
docx
Pages
5
Uploaded by xaviergg
1
Wk 4 - Apply Summative Assessment: Reflection: Information and Security
Xavier G Guerron
University of Phoenix
CYB/205
Jason Cupano
July 29, 2023
2
Wk 4 - Apply: Summative Assessment: Reflection: Information and Security
Protecting a Business's Information
To protect a company's information against possible threats and unauthorized access, IT professionals use a combination of technological and organizational safeguards. a.
To make sure that only authorized workers may access sensitive data, IT professionals use access control measures. This entails making strong passwords and unique user accounts, as well as frequently utilizing multi-factor authentication for additional protection (McCallister, 2010).
b.
Data encryption is used to turn information into unintelligible code, rendering it worthless to anybody who may have access to it without authorization. When sending data via networks or keeping it in the cloud, this is very crucial.
c.
By monitoring and regulating incoming and outgoing traffic, firewalls serve as a barrier between a company's internal network and the outside world. Systems for detecting and preventing intrusions (IDS/IPS) aid in spotting unusual activity and possible threats.
d.
According to McCallister (2010), IT experts make certain that vital corporate data is routinely backed up and securely kept. In the case of data loss due to system failures, cyberattacks, or other unanticipated catastrophes, this guarantees that data can be recovered.
e.
IT specialists run training sessions to inform staff members on security best practices and potential hazards, such as phishing scams or social engineering. Employees who have the
right information are less likely to experience security breaches.
f.
Regular security testing, such as penetration testing and vulnerability assessments, helps detect system flaws and enables IT specialists to proactively resolve them. Security audits
3
assist in ensuring that the company complies with all applicable security standards and laws.
g.
IT specialists classify data according to its value and sensitivity (McCallister, 2010). Then they put the idea of least privilege into practice, making sure that workers only have
access to the information required for their particular responsibilities.
Policies that Reinforce Security and Comply with Best Practices
To ensure the security of a company's data and follow industry best practices, IT professionals create and implement the following different rules.
a.
The organization's broad foundation for information security is established by the information security policy. It identifies security goals, creates rules for safeguarding information assets, and defines roles and duties (Bauer et al., 2017).
b.
A strong password policy that mandates the use of complicated passwords, frequent password changes, and limitations on the sharing and reuse of passwords.
c.
Acceptable Use Policy: This rule outlines what constitutes appropriate and improper use of an organization's IT resources. It informs staff about how to use business equipment and networks appropriately and may include issues like internet usage, social media, and personal device policies.
d.
Data Protection Policy: This document describes the proper handling, storing, and transmission of sensitive data. It contains recommendations for data retention, encryption, and deletion procedures.
e.
Incident Response Policy: In the event of a security incident or data breach, this policy lays out a course of action. It describes the actions to be done to lessen the effects of the catastrophe and resume regular business activities as Bauer et al. (2017) claim.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
4
f.
Bring Your Own Device (BYOD) Policy: If relevant, this policy specifies how workers should safeguard personal devices used for work and what amount of access they may have to corporate data.
g.
Remote Work Policy: This policy addresses the security precautions and processes that employees are required to adhere to while accessing corporate information from locations
other than the company's headquarters, as remote work becomes increasingly prevalent.
h.
Vendor Management Policy: according to Bauer (2017), this policy establishes recommendations for evaluating and keeping track of the security practices of outside suppliers to make sure they adhere to the organization's security requirements.
Therefore, IT specialists may improve the organization's security posture, lower the risk of security incidents, and show compliance with relevant laws and industry best practices by establishing and upholding these policies.
5
References
McCallister, E. (2010). Guide to Protecting the Confidentiality of Personally Identifiable Information
(Vol. 800, No. 122). Diane Publishing.
Bauer, S., Bernroider, E. W., & Chudzikowski, K. (2017). Prevention is better than cure! Designing information security awareness programs to overcome users' non-compliance with information security policies in banks. Computers & Security,
68, 145-159.