Security Policy and Recommendations for Dealing with Cyber Crime

Verified

Added on 2023/01/05

AI Summary

This document discusses the importance of security policies in managing the risks associated with technology deployment. It covers various policies such as acceptable use policy, access control policy, information security policy, change management policy, incidence response policy, remote access policy, and disaster recovery policy. Additionally, it provides recommendations for dealing with cyber crime, including raising awareness, leveraging trusted resources, building an economic framework, working with invested partners, and implementing a response plan.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Computer Forensics 1
Computer Forensics
Your Name
School-Affiliated

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

Computer Forensics 2
Question 5: Security policy
The building and management process of security program needs effort and continuous
responsibility for managing the risks that come with the technology deployed. The security
program that is mature will contain the following;
a) The acceptable use policy
The policy shows the requirements and the constraints that the staff using the IT assets of
the organization need to accept for them to use the organization network or the company internet
of the company. This is the policy that helps in guiding the new employee sin that they are often
given this policy to read and to sign before they are granted the network ID of the company.
b) The access control policy
The policy helps the organization employees in accessing the raw data or/ and the
organization’s information systems. There are common topics that would be considered in this
policy like the NIST’s access control standard that helps in the general control and
implementation of the guides. This policy will additionally help in guiding the way unattended
workstations must be made secure, the OS and networks access controls and the organization’s
passwords complexities.
c) The information security policy
This policy basically ensures that the company staff who have access to the IT assets
within the organization’s breadth or the organization networks complies with the guidelines and
the rules that have been stated. This policy is often read and signed, this will help the employees

Computer Forensics 3
recognize the presence of the rules that must be held followed with much regards to the IT assets
and information sensitivity.
d) The change management policy
This is a policy that helps in the processes of making changes to the soft wares and the
services that are offered in the organization. The primary objective of this policy is to help in the
creation of awareness and the understanding of the changes that have been proposed in the
organization to help in ensuring that the conducted changes have been methodically done to
minimize any effects on the services of the organization and the customers.
e) The incidence response policy
This is a policy that helps the organization in managing the incidents and remediate the
effects of the operations. The primary objective of this policy is to help in describing the
handling processes of any incidents with regards to reducing the business activities damages, and
minimizing the overall resources needed for the recovery.
f) The remote access policy
This is a policy that deals with the outlining and defining the acceptable methods that are
needed for remote connections to the internal networks for the organization. This policy also
restricts rules for the BYOD assets within the company.it is a policy that is key in the extension
of the private secure networks of the organization to the insecure networks outside the company
premises and the unmanaged home networks.

Computer Forensics 4
g) The disaster recovery policy
This is a policy in the organization that will bring together the cybersecurity and the IT
teams’ inputs and the part that has been developed as a plan for the larger business continuity.
The teams and the CISO help in managing incidents through the incident response policy
(Hayslip, 2018).
Question 6: Recommendations to deal with cyber crime
a) The company should raise awareness
A continuous comprehensive educational campaign for cybersecurity is important to help
in raising awareness on the cyber activity risks and effects to the company employees. This will
help them in knowing the importance of protecting the company machines including the laptops,
mobile devices, desktops, and tablets. The connected devices need to be secured against the
attacks that are made using the telecommunication media hence when not in use, the smart
devices of the company like the automobiles, lighting systems, and the air conditioners need to
be protected against all sought of complexities that attackers may try to experiment with the
company computing devices. The cybersecurity education will focus on strong passwords,
securing devices through the use of firewalls, activation of the automated system updates and the
careful handling of the emails.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

Computer Forensics 5
b) The company should leverage the trusted resources of the company.
As an addition, the company must seek to build, maintain, scale and update online
information sources to help guide the users of every level in establishing and improving their
cyberspace protection. Leveraging capabilities helps in ensuring the implementation of sustained
and comprehensive campaigns as a way of educating and creating awareness for a successful
cybersecurity program for the company. The company needs to use the already established
frameworks, standards and recommended controls to help in securing their cyberspace.
c) The company should build an economic framework
This is basically making purchases of security tools that help in securing the company
cyberspace. The company needs to make decisions for investments on cybersecurity measures to
be made possible in the company. This will help as a way of managing risks and providing
important information to help in evaluations of the cybersecurity economic value to the
company.
d) The company needs to work with invested partners
For the company to improve on detection, prevention, mitigation and prevention of
cybersecurity capabilities, the company must join and become integrated with other
organizations to help in leveraging through sharing of information, and prioritize on the analysis
and collaboration. This will help in ensuring the matured capability of cyber security to stand
when attacks occur. As the company works with communities all-round the globe to address the
gaps that exist and coordinating the enforcement of the law, the processes of investigating and
prosecuting the cybercriminals will help overcome the economics and the difficulties of working
against anonymity in the activities of cyberspace.

Computer Forensics 6
e) The company will need to implement a response plan
Incident response plan for the company is implemented to help in securing its economic
security therefore, it should bring forth the unique nature of the cyber events and helps in
providing clarity that is predictable and sustainable based on the roles and the responsibilities of
the numerous stakeholders when there are occurrences of escalations. Within the company, the
strategic framework must accompany operational playbooks that are dedicated only on the
critical infrastructure of the company cybersecurity. The stepwise framework is important in the
achievement of true situational awareness when there is a cyber-event (GCN, 2017).

Computer Forensics 7
References
GCN, 2017. strategies for addressing cybercrime. INDUSTRY INSIGHT, 6 7, p. 1. Accessed on
7th June 2019 https://gcn.com/Articles/2017/01/11/strategies-addressing-cybercrime.aspx?
Page=2
Hayslip, G., 2018. policies and procedures you need to know about if you’re starting a new
security program. IDG CONTRIBUTOR NETWORK, 7 6, pp. 1-2. Accessed on 7th June 2019
https://www.csoonline.com/article/3263738/9-policies-and-procedures-you-need-to-know-about-
if-youre-starting-a-new-security-program.html

1 out of 7

+13062052269

info@desklib.com

Security Policy and Recommendations for Dealing with Cyber Crime

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Related Documents

Network Security Plan Template

ICTNWK411 Deploy Software to Networked Computers

Network Security Plan for First National University

Information Security Policy - Assignment

Challenges to Maintain Information Security at Remote Recovery Locations

Information Security Policy Enforcement