Assume that you are the team member in STM Company. You are asked to outline a security policy for The STM. In your answer you need to explain first the policy concept, then the CIA triad that must be followed for make the policy. Afterward, the policy must mention the approved staff (how are allowed to read modify the data), the conditions of password creations, how STM employee will login in STM company, the changes that done in the firewall, how to measure the data breaches in data, and the physical security.

Assume that you are the team member in STM Company. You are asked to outline a security policy for The STM. In your answer you need to explain first the policy concept, then the CIA triad that must be followed for make the policy. Afterward, the policy must mention the approved staff (how are allowed to read modify the data), the conditions of password creations, how STM employee will login in STM company, the changes that done in the firewall, how to measure the data breaches in data, and the physical security.

Management Of Information Security

6th Edition

ISBN:9781337405713

Author:WHITMAN, Michael.

Publisher:WHITMAN, Michael.

Chapter5: Developing The Security Program

Section: Chapter Questions

Problem 4RQ

See similar textbooks

Similar questions

There are two goals of conducting a Network Vulnerability Assessment. Briefly describe the pro's and con's of both types. Do you foresee any different pro's or con's that may specifically apply to your organization? If you currently do not work for an organization where this applies, pick an organization that you know well and approach it from the perspective of being employed by that organization
Suggest two possible vulnerabilities and when login/password authentication is used. How might each vulnerability be mitigated?
There are three components that make up a security auditing system. Could you please explain each one? If you have examples of system auditing programs for Mac, Windows, and Linux, please describe how they work and what information they collect.
The Microsoft Baseline Security Analyzer should be used. It is the appropriate instrument for the job.
The concept of vulnerability assessment (VA) and penetration testing (PT) can be confusing to the minister given that he is not an information security specialist. Briefly point out to the minister the difference between vulnerability assessment and penetration testing.
There are four vulnerability intelligence sources that must be identified and recorded. Which technique, in your view, seems to be more effective? Why?
It's possible that you have an opinion on the most recent security incident that made news because it included access control or authentication. More specifically, how did it influence the day-to-day operations of the company? How much cash has been squandered by the company?
The Microsoft Baseline Security Analyzer is a good tool to utilize. Using this is the best way to get the task done.
Who in the team is helping to build the security system via iterative testing and revisions? Just who is in control of this operation, anyway?
The concept of vulnerability assessment (VA) and penetration testing (PT) can be confusingto the minister given that he is not an information security specialist. Briefly point out to theminister the difference between vulnerability assessment and penetration testing.
What's the difference between a top-down strategy and a bottom-up one when it comes to information security?Because using a technique that works from the top down is more efficient, why?
There are four possible places to look for vulnerability intelligence. Which one do you think is best based on your calculations? Why?