Chapter 1, Problem 6E

Program Plan Intro

Security policy:

• A security policy defines an organization’s security requirements.
• It provides controls and consents needed for meeting requirements.
• A security policy is a well written document in an organization giving the guidelines to how to protect the organization from threats.
• It includes computer security threats, and how to handle situations when they do occur.
• A good security policy must identify all of a company's assets as well as all the potential threats to those assets.
• The employees of the company need to be kept updated on the company's security policies.
• The policies themselves should also be updated regularly.

Failure in identifying threats:

• The failure in identification of threats is a good sign.
• The detailed investigation of threats is required in this case.
• The threats may be in different fields shown below:
  • Economic trends:
    • It denotes research over economy in an area.
    • The notion of economic shifts over market.
  • Market trends:
    • The change in market conditions.
    • The new upcoming trends that may hurt the company.
    • The amount of competition in market.
  • Funding changes:
    • It denotes decrease in grants annually.
    • It checks whether this decrease may hurt company’s economy.
  • Government regulations:
    • It denotes checking of any new regulations that may hurt company.
    • It may sense the kind of damage that can happen.
• After a detailed research over identification of threats, if nothing is been found then that may denote a positive escalation.