Security and Compliance

Verified

Added on 2022/11/15

AI Summary

This document discusses two policies for managers to approve and monitor new access and artefacts generated for demonstration of compliance. The recommended policies are encryption policy and vulnerability management policy. The artefacts generated for successful development of software include use cases, design documents, requirements, UML and class diagrams.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: SECURITY AND COMPLIANCE
Security and Compliance
Name of the Student
Name of the University
Author’s Note:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

1
SECURITY AND COMPLIANCE
1. Two policies for managers to approve and monitor new access
In an organization, the managers are eventually allowed to add their users to the
groups of Active Directory that grant them major access to the sensitive data over file
sharing. There exists few security regulations and policies, which refer to the fact the access
should be reviewed for ensuring maintenance of security to a high level (Safa, Von Solms &
Furnell, 2016). For this purpose, it is highly required to implement two policies for approving
as well as monitoring new access. Two such recommended policies are as follows:
i) Encryption Policy: The first recommended security policy for the managers
regarding approval and monitoring of new access of data would be encryption policy. The
main purpose of this policy is establishment of several kinds of devices, which require to be
encrypted. It would be ensuring that the access to data is being restricted, hence protecting
confidentiality and integrity (Brotby, 2009). The respective data security committee would be
responsible for reducing the complexities of such policy implementation exceptionally.
ii) Vulnerability Management Policy: The second important and significant
recommended security policy for the managers regarding approval and monitoring of new
access of data would be vulnerability management policy. This particular security policy
helps in protecting the information and verifying the discovered vulnerabilities, as soon as
any new threat is being discovered (Jaquith, 2007). The director of information security
charters a VAB or vulnerability advisory board for regular reviewing as well as evaluating
patch or fixing of weaknesses in a definite manner.
2. Discussion of artefacts generated for demonstration of compliance
For the purpose of demonstrating security and compliance, there are few artefacts that
are needed to be generated. These information technology artefacts are being utilized in the
life cycle phases of designing, execution as well as after execution of the regulatory

2
SECURITY AND COMPLIANCE
compliance for the core purpose of performing compliance tasks of modelling, checking,
analyses and finally enactment. The final results eventually demonstrate a successful security
and compliance enactment. The major artefacts generated for this particular case study of
security and compliance are use cases, design documents, requirements, UML or unified
modelling language and class diagrams (Ifinedo, 2014). These have been extremely helpful
for description of the functions, architecture and finally designing of the software. The other
subsequent artefacts, which are being generated for successful development of software
include process of development such as risk assessment, business case as well as project
planning. Moreover, several security policies are also taken into consideration so that it
becomes easy to document the software.

3
SECURITY AND COMPLIANCE
References
Brotby, K. (2009). Information security governance: A practical development and
implementation approach. Hoboken, NJ: Wiley.
Ifinedo, P. (2014). Information systems security policy compliance: An empirical study of the
effects of socialisation, influence, and cognition. Information & Management, 51(1),
69-79.
Jaquith, A. (2007). Security metrics: Replacing fear, uncertainty, and doubt. Upper Saddle
River, NJ: Pearson.
Safa, N. S., Von Solms, R., & Furnell, S. (2016). Information security policy compliance
model in organizations. computers & security, 56, 70-82.

1 out of 4

+13062052269

info@desklib.com

Security and Compliance

Contribute Materials

Secure Best Marks with AI Grader

Related Documents

Cybersecurity Framework Compliance and Risk Assessment

Cyber Security: Policies, Training, Detection, Assessment, Recovery

Information Security: The Royal Children's Hospital

Information Security Management - Assignment

Cloud Computing: Information Security, BCP, Resource Management, SLA Management

Ethical Hacking in IoT Enabled Protocols