Tuesday, February 19, 2019
Develop information security awareness
Nancy Johnson worked in U.S. Bancorp giving medication and was fired in April 2002 on the basis of kening hush-hush files of the society and some personal files of supervisor Kathy Ashcraft that she was not all(a)owed to view. discipline bail measures aw arness and prep program mustiness waste spare- metre activity subject matter to make employees awargon of the U.S. Bancorp policies and avoid such occurrence in the future. only employees must be well aware of all the policies of an organization brass figurer systems, webing, culture assessment, privacy and authorization to view any content. either policies must be available on the intranet and/or desktop of an employee.Policies are constantly updated according to the day-to-day needs hence must be read and understood carefully as soon as these are updated.In case an employee is unable to understand anything, he/she must in a flash contact his/her supervisor or manager to know about their precise roles and policies e laboration. tout ensemble computer handlingrs of the association must understand that ALL tuition on the companys intranet is underground and valuable asset of a company, which must be rise to powered on need-to-know basis after obtaining authorization from their manager.All computer users in an organization lead have permission to gravel to the mysterious in clayation or other schooling not applicable to the user on the basis of valid reason and need-to-know basis to practice a particular melody.The permission leave alone be limited to magazine period required to perform that job and the amount of tuition required.Employees forget not share this information with any other of their co-workers within an organization and/or any person outside the organization unless it is needed, specified and classic to share such information with those who are in like manner permit to view this information for the time period and authority minded(p).All employees who work in the B ancorp organization will be abide by all trade protection laws, rules and policies. They must follow these rules and regulations and support their implementation.Employee will report any insult of such information by any user on the intranet of the company or any external threat, if he/she is informed about it.2- study security awareness and reproduction program for probing networks connected to the clientsMoulton, a network executive director, tried to port scan il de jure for the computer networks of the suspects client. Information security awareness and training program defines following content in order for network administrator to know of policies and rules.The job of a network administrator is to handle all technical issues on the network, manage software, hardware, and administer tools of the network. However, in no way a network administrator will use clients network resources and privy information without any need and authorization.A network administrator must unders tand this that all network resources on the clients computer network, information, files are private and confidential and asset to be used by the client only. interlocking administrator will understand the core concepts, policies and strategies of the security training program. He/she will be abide by all the rules and laws while administrating networking tools.Access to the centrally administered network will be granted on permission with valid reason of a need to have such assessment to perform a particular task. Authentication to use network will be granted with specific user ID and password. drug user id and password must be changed frequently to maintain high take of security.Network of clients computer possess valuable and confidential information. Access to this information is not allowed unless the person is authorized to view it.Network administrator will return all valuable material to company upon termination.He will be responsible to dispose of any thin information n ot of any further use.3-Information security awareness and training program for Information security ravishment concernsWatkins security concerns were regarding use of that confidential information by another employee along with him. Hence he pass along State of Tennessee cancellation of the secret code. However, another employee who had opening to the information was authorized to do so. Watkins plea was rejected by the court.Information security awareness and training program must have following content of security violence.Information security is very important and none can access this information accept those who are authorized to do so.None will be allowed to get this information except solely for companys short letter purpose and for processing different tasks.Hence, only authorized persons can access that information with a specific code. Authorized means theyre allowed legally to use this information in one or another form for the benefit of company/people/business/organi zation. Hence, there is nothing violation of privacy when such confidential information is accessed by the authorized people.However, an authorized person will use that information only for the period of time and to the extent hes granted permission. Authorized person will not misuse that information for his/her own purpose or in any case will not sell, transfer or ill-treat such information in any circumstances.Misuse of such information may result in revoke of authorization and administration. It can also result in termination from job.Authorized use of such information for the good of company is not a security violation.Security administrator will be in charge of all information and will report any violation by the users. He will obtain in check proper protection all confidential data and will be in charge of granting permission to different users to access required information as needed.ReferencesEnisa Security awareness. Retrieved fromhttp//www.enisa.europa.eu/doc/pdf/deliver ables/enisa_a_users_guide_how_to_raise_IS_awareness.pdfNIST security awareness. Retrieved fromhttp//csrc.nist.gov/publications/nistpubs/800-50/NIST-SP800-50.pdf
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.