PricingBlogAbout Us

Security Policy Design and Implementation: A Detailed Analysis

Verified

Added on  2023/04/21

|5
|645
|67
Report
AI Summary
This report outlines the critical need for a well-defined security policy within an organization, emphasizing its role in protecting valuable assets like organizational and employee data. It identifies various types of cyberattacks, such as ransomware, email phishing, DDoS, and SQL injection, along with potential perpetrators like hacktivists, cybercriminals, and internal employees. Furthermore, the report proposes a basic incident response plan, detailing steps to be taken from initial incident identification to documentation and preventative measures. The plan includes clear communication channels, incident categorization, recommended changes, and thorough documentation of the discovery process, response activities, and their effectiveness, ensuring continuous improvement of the organization's security posture. Desklib provides this document as a valuable resource, among a wide array of study tools, for students seeking to understand and implement effective security policies.
Document Page
Running head: DESIGN AND IMPLEMENTATION OF SECURITY POLICY
DESIGN AND IMPLEMENTATION OF SECURITY POLICY
Name of the Student
Name of the University
Author Note
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
1
DESIGN AND IMPLEMENTATION OF SECURITY POLICY
Table of Contents
Explain the need for a security policy..................................................................................................2
Describe types of attacks and possible perpetrators.............................................................................2
Propose a basic incident response plan for the company.....................................................................2
References............................................................................................................................................4
Document Page
2
DESIGN AND IMPLEMENTATION OF SECURITY POLICY
Explain the need for a security policy
It provides clear description of security needs and procedures to follow for security officers as well
as to the employees of the organization (Varadharajan & Tupakula, 2017). It enhances security of
organizational assets such as organizational and employee related data that are important for
business.
Describe types of attacks and possible perpetrators
Types of attacks Possible perpetrators
Ransomware Hacktivists, cyber criminals
Email phishing Cyber criminals
Distributed denial services or DDS Internal employees, hacktivists
SQL injection Internal employees, hacktivists
Database hack Hacktivists
Propose a basic incident response plan for the company
This document discusses the steps taken during an incident response plan.
1) The person who identify the incident is advised to call the grounds dispatch office. Sources
who might require contact information may be:
a) Helpdesk
b) Intrusion detection monitoring personnel
c) A system administrator
d) A firewall administrator
e) A business partner
f) A manager
g) The security department or a security person.
h) An outside source.
Each sources need to contact one entity that is available 24/7. This might include grounds
security officers.
2) If the person who discovers the incident is part of the IT department or a member of affected
department, they are instructed to follow step 5.

This is a preview!

Do you want full access?

icon

Trusted by 1+ million students worldwide

Document Page
3
DESIGN AND IMPLEMENTATION OF SECURITY POLICY
3) If the person discovering the incident is not a member of the IT department or affected
department, they will call the 24/7 reachable grounds security department at xxx-xxx.
4) The grounds security office will log:
a) The caller name
b) Time when the call was done
c) Contact information
d) The nature of the incident.
e) Incident location
f) Equipment or persons involved
g) Procedure to identify the incident
5) An incident ticket will be created. The incident will be categorized into the highest
applicable level of one of the following categories:
a) Category one - whether threat is associated with public safety or not
b) Category two - whether threat is associated with sensitive data
c) Category three - whether threat is associated with computer systems
d) Category four - A disruption of services
6) Team members will recommend changes to prevent the occurrence from happening again or
infecting other systems.
7) Upon management approval, the changes will be implemented.
8) Documentation: the following shall be documented:
a) Discovery process of the incident
b) the categorization of the incident
c) details of the response plan
d) details of the activities done in the response
e) effectiveness of the response
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
4
DESIGN AND IMPLEMENTATION OF SECURITY POLICY
References
Varadharajan, V., & Tupakula, U. (2017). On the design and implementation of an integrated
security architecture for cloud with improved resilience. IEEE Transactions on Cloud
Computing, 5(3), 375-389.
Zhang, D., Wang, Y., Suh, G. E., & Myers, A. C. (2015). A hardware design language for timing-
sensitive information-flow security. ACM SIGARCH Computer Architecture News, 43(1),
503-516.
chevron_up_icon
1 out of 5
circle_padding
hide_on_mobile
zoom_out_icon
logo.png

Your All-in-One AI-Powered Toolkit for Academic Success.

  +13062052269
info@desklib.com

Available 24*7 on WhatsApp / Email

[object Object]
Unlock your academic potential

Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.