Comprehensive Cybersecurity Strategies for Organizations

Verified

Added on 2020/04/29

AI Summary

This manual is designed to equip organizations with the knowledge necessary for effective cybersecurity. It begins by classifying organizational assets into categories such as confidential information, internal use data, and public data. The document emphasizes understanding legal requirements and potential threats, including human error, natural disasters, and malicious attacks. A risk matrix helps evaluate risks based on their likelihood and impact. Key elements like data security policy, disaster recovery planning, and business continuity are discussed to maintain operations under adverse conditions. Incident response involves preparation, detection, containment, eradication, recovery, and lessons learned phases. The manual also explores technical controls, including antivirus software updates, strong password policies, intrusion prevention systems (IPS), and unified threat management (UTM) systems. Additionally, it addresses human factors in cybersecurity, stressing the importance of continuous training, awareness programs, and adherence to security protocols. Lastly, practical case studies on theft prevention and malware mitigation are included to provide real-world applications of the strategies discussed.

Company Training Manual

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Company Training Manual
Prepared by:
[Student first and last name]

CYBERLEET TRAINING MANUAL
MANUAL OVERVIEW 4
SECTION 1: INTRODUCTION: WELCOME TO CYBERLEET 5
1.1 INTRODUCTION 5
1.2 YOUR ROLE AT CYBERLEET 5
1.3 PURPOSE OF THIS MANUAL 6
SECTION 2: CORE TENETS OF CYBERSECURITY 7
2.1 CONFIDENTIALITY 7
2.2 INTEGRITY 7
2.3 AVAILABILITY 8
SECTION 3: CYBERSECURITY POLICIES 9
3.1 PASSWORD POLICIES 9
3.2 ACCEPTABLE USE POLICIES 9
3.3 USER TRAINING POLICIES 10
3.4 BASIC USER POLICIES 10
SECTION 4: THREAT MITIGATION SCENARIOS 11
4.1 THEFT 11
4.2 MALWARE 11
4.3 YOUR CHOICE 12
SECTION 5: REFERENCES 13
C o m p a n y M a n u a l P a g e | 3

CYBERLEET TRAINING MANUAL
MANUAL OVERVIEW
You are the training manager at CyberLeet Technologies, a midsized firm that provides
cybersecurity services to other businesses. CyberLeet’s core customer base is sole
proprietorships and other mom-and-pop shops that are too small to have their own IT
departments and budgets. Generally speaking, your clients have a reasonably high risk
tolerance, and put a premium on the functionality of their IT systems over stringent security
measures. However, you also have clients that must protect highly sensitive information in
order to continue operating successfully. For example, CyberLeet supports a few small
public-accounting firms that need to maintain important tax-related information, as well as
several day-care businesses that must keep children’s health records private while allowing
necessary access for certain caregivers. In the past year, CyberLeet has experienced rapid
growth, which means you can no longer personally provide one-on-one training to every
new information security analyst as they are hired. Therefore, you have decided to create a
training manual that will explain to the current and future cohorts of new hires the essential
principles and practices that they must understand in order to be successful in their role as
information security analysts at CyberLeet.
Manual Layout
There are four sections in the manual, which cover all the components of a new employee training
manual. As the training manager, you must complete each section using information you learned in
this course. Refer to the background information on CyberLeet and apply the appropriate
information that best matches based on the size of the company, the value of cybersecurity, and its
core tenets. Apply best practices of cybersecurity principles for addressing the common threat
scenarios of a sole proprietary business. The main sections of the manual you are responsible for
completing are the following:
 Introduction
 Core tenets of cybersecurity
 Developing cybersecurity policies
 Threat mitigation scenarios
C o m p a n y M a n u a l P a g e | 4

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

CYBERLEET TRAINING MANUAL
In Section One, describe the organization. Provide a short history of the company, define the way it
operates, and describe its place within the industry and the community it serves. Follow the prompts
to complete each section. All prompts should be deleted prior to submitting this section.
SECTION 1: Introduction: Welcome to
CyberLeet
1.1 Introduction
Prompt: Explain the value of CyberLeet Technologies as a provider of cybersecurity services
to its client businesses. Why is there demand for information security in a business
environment? How do cybersecurity issues impact business resources, including finances,
people, and time?
CyberLeets technologies is an organization which provide cybersecurity to many
organizations. This organization mainly tends to provide security to tax related information to
many organizations and also helps in securing the data personal which is stored in records.
Cybersecurity issue can cause certain problems like breach of important data which can
ultimately damage the reputation or image of an organization.
C o m p a n y M a n u a l P a g e | 5

CYBERLEET TRAINING MANUAL
1.2 Your Role at CyberLeet
Prompt: Describe the overall role of the new hire as an information security analyst. What
are the main functions of the job? What should be their ultimate goal once they are assigned
to clients?
As an information security analyst of CyberLeet Technologies there are certain number of
responsibilities which are needed to be carried out. Security analyst perform a large number
of activities like analysing the present and future needs of the organization. The ultimate
goal is to provide individual training and development plan which can satisfy the needs of
the organization.
1.3 Purpose of This Manual
Prompt: Explain the purpose for this manual. Why is it important that information security
analysts apply the principles and practices outlined in this manual? What is at stake if they
do not appropriately apply their training and provide high-quality services to the client
businesses?
As an information security analyst there are certain number of activities that are needed to be
performed like proper planning and measurement of security measures for protection of
computer systems, networks and data (Kelly, 2012). If they do not provide good service, then
it can lead to breach of their important data and interruption of various services provided by
CyberLeet Technologies.
C o m p a n y M a n u a l P a g e | 6

CYBERLEET TRAINING MANUAL
A widely applicable security model is the CIA triad, standing for confidentiality, integrity, and
availability. There are three key principles that should be guaranteed in any kind of secure system. In
Section Two, describe the significance of each area as directed in each designated area. Follow the
prompts to complete each section. All prompts should be deleted prior to submitting this section.
SECTION 2: Core Tenets of Cybersecurity
2.1 Confidentiality
Prompt: Explain the significance of confidentiality as a core tenet of cybersecurity. Be sure
to define the term and use specific details and examples to illustrate its meaning in a
business context.
Confidentiality is sometimes considered to be equivalent to privacy. Certain measures are
taken to ensure that the confidentiality of an organization is designed in such a way that it can
prevent sensitive data containing important information from reaching wrong people. On the
contrary it also ensures the fact that right people can get easy access to it. In many cases it is
seen that safeguarding of data involves proper training. A good example of methods for
analysis of confidentiality is an account number. In online banking user Id and password are
considered to be two factor authentication.
2.2 Integrity
Prompt: Explain the significance of integrity as a core tenet of cybersecurity. Be sure to
define the term and use specific details and examples to illustrate its meaning in a business
context.
Integrity generally focuses on providing consistency, accuracy and trustworthy data for its
entire lifecycle. It mainly ensures that data cannot be altered by unauthorized person. Version
control method can be used for preventing accidental deletion of data by authorized user
(Mirkovic, & Benzel, 2012). Apart from this some mechanism must be there which can
easily detect changes in data which can easily result from non-human events like
electromagnetic events like electromagnetic pulse. Data must contain checksums for analysis
of integrity. Option of backup must be there for restoration of affected data to correct state.
C o m p a n y M a n u a l P a g e | 7

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

CYBERLEET TRAINING MANUAL
2.3 Availability
Prompt: Explain the significance of availability as a core tenet of cybersecurity. Be sure to
define the term and use specific details and examples to illustrate its meaning in a business
context.
Availability is generally maintained by the help of hardware which involves maintenance of
operating system which are generally free from software conflicts. It is also vital for updating
of different components of system (Fu & Blum, 2013). Safeguarding of important data or
interruption of data can be important factor which can result in safeguarding of important
data in many condition like natural disaster and fire. For prevention of data loss, a backup
copy must be prepared. Security equipment’s like firewall and proxy server can be helpful in
preventing DOS attack and network intrusion.
C o m p a n y M a n u a l P a g e | 8

CYBERLEET TRAINING MANUAL
Creating effective cybersecurity policies will make visible changes to how the organization operates.
Rely on the information presented in this course to develop the necessary standards and
frameworks of effective cybersecurity policies. Follow the prompts to complete each section. All
prompts should be deleted prior to submitting this section.
SECTION 3: Cybersecurity Policies
3.1 Password Policies
Prompt: What principles should the information security analyst apply in order to develop
appropriate password policies for their clients? Make sure you address confidentiality,
integrity, and availability of information, as well as each of the following aspects:
Password policies generally comprises of age of password, length of password and
requirements (Rabai et al., 2013). Age of password generally helps in calculating the period
of time before which they can make a change in it. Length of password mainly ensures
minimum number of characters for a password. Password must satisfy the following
requirements like six characters, it cannot contain letters from username, it must have four
types of characters like lowercase, uppercase, numbers and lastly symbol.
C o m p a n y M a n u a l P a g e | 9

CYBERLEET TRAINING MANUAL
3.2 Acceptable Use Policies
Prompt: What principles should the information security analyst apply in order to develop
appropriate acceptable use policies for the client? Make sure you address confidentiality,
integrity, and availability of information, as well as each of the following questions:
Acceptable use policy of services generally ensures that integrity, security, reliability and
privacy of CyberLeet Technologies are not disturbed at all. These policies like improper use
of services, excessive utilization of network resources, junk emails, activities related fraud,
software viruses and excessive use of resources.
3.3 User Training Policies
Prompt: What principles should the information security analyst apply in order to develop
appropriate user training policies for the client? Make sure you address confidentiality,
integrity, and availability of information, as well as each of the following:
All the personal training session must be of one hour and trainings can be of 30 minutes in
duration and will count for half of session. Clients must arrive on time for their respective
training session. Trainers are advised to wait only for 15 minutes and after that they are
requested to lead the rest portion of the session.
C o m p a n y M a n u a l P a g e | 10

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

CYBERLEET TRAINING MANUAL
3.4 Basic User Policies
Prompt: What principles should the information security analyst apply in order to develop
appropriate basic user policies for the client? Make sure you address confidentiality,
integrity, and availability of information, as well as each of the following questions:
Resources which can be controlled are root and organizational resources which generally
makes up the structure organization (Jang-Jaccard & Nepal, 2014). An employee
identification system must be placed like badges and photo ID for proper identification of
employee of an organization. Employees of an organization must wear ID tag on their
premises. Proper methods must be followed for reporting during the visit of unauthorized
person. Visitors must have proper photo ID, temporary issue cards which will ultimately help
in better identification.
C o m p a n y M a n u a l P a g e | 11

CYBERLEET TRAINING MANUAL
A threat-intelligence service provides analyzed, actionable threat information to help organizations
defend against known or emerging threats before systems may be compromised. In this section, you
will create three mitigation scenarios. The first two mitigation topics have been chosen; however,
the third one is your choice. Follow the prompts to complete each section. All prompts should be
deleted prior to submitting this section.
SECTION 4: Threat Mitigation Scenarios
4.1 Theft
Various technical controls can be used for securing all the windows, installation of deadbolt
on the doors, locking of steel bars or barriers of doors with high security which has a
hardened body (Singer & Friedman, 2014). It must be ensured that electronic access control
units have a secure by pass. It must be ensured that restrooms have high security locks and
only permissible members are allowed to access it. At the reception desk of this organization
that is CyberLeet Technologies a panic button must be established for emergencies. New
technologies like motion sensitive lights must be installed which will glow in cases of theft
attacks on this organization.
C o m p a n y M a n u a l P a g e | 12