University Security and Compliance Assignment: Policies & Artefacts

Verified

Added on 2022/11/15

AI Summary

This assignment addresses key aspects of security and compliance within an organizational context. It proposes two essential policies for managers: an encryption policy to restrict data access and protect confidentiality, and a vulnerability management policy to address and mitigate potential threats. The assignment also discusses the artefacts generated to demonstrate compliance, including use cases, design documents, and UML diagrams, which are vital for the design, execution, and post-execution phases of regulatory compliance. These artefacts aid in modelling, checking, analyzing, and enacting compliance tasks, ultimately demonstrating successful security and compliance implementation. The assignment draws on referenced literature to support its arguments and recommendations.

Running head: SECURITY AND COMPLIANCE
Security and Compliance
Name of the Student
Name of the University
Author’s Note:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1
SECURITY AND COMPLIANCE
1. Two policies for managers to approve and monitor new access
In an organization, the managers are eventually allowed to add their users to the
groups of Active Directory that grant them major access to the sensitive data over file
sharing. There exists few security regulations and policies, which refer to the fact the access
should be reviewed for ensuring maintenance of security to a high level (Safa, Von Solms &
Furnell, 2016). For this purpose, it is highly required to implement two policies for approving
as well as monitoring new access. Two such recommended policies are as follows:
i) Encryption Policy: The first recommended security policy for the managers
regarding approval and monitoring of new access of data would be encryption policy. The
main purpose of this policy is establishment of several kinds of devices, which require to be
encrypted. It would be ensuring that the access to data is being restricted, hence protecting
confidentiality and integrity (Brotby, 2009). The respective data security committee would be
responsible for reducing the complexities of such policy implementation exceptionally.
ii) Vulnerability Management Policy: The second important and significant
recommended security policy for the managers regarding approval and monitoring of new
access of data would be vulnerability management policy. This particular security policy
helps in protecting the information and verifying the discovered vulnerabilities, as soon as
any new threat is being discovered (Jaquith, 2007). The director of information security
charters a VAB or vulnerability advisory board for regular reviewing as well as evaluating
patch or fixing of weaknesses in a definite manner.
2. Discussion of artefacts generated for demonstration of compliance
For the purpose of demonstrating security and compliance, there are few artefacts that
are needed to be generated. These information technology artefacts are being utilized in the
life cycle phases of designing, execution as well as after execution of the regulatory

2
SECURITY AND COMPLIANCE
compliance for the core purpose of performing compliance tasks of modelling, checking,
analyses and finally enactment. The final results eventually demonstrate a successful security
and compliance enactment. The major artefacts generated for this particular case study of
security and compliance are use cases, design documents, requirements, UML or unified
modelling language and class diagrams (Ifinedo, 2014). These have been extremely helpful
for description of the functions, architecture and finally designing of the software. The other
subsequent artefacts, which are being generated for successful development of software
include process of development such as risk assessment, business case as well as project
planning. Moreover, several security policies are also taken into consideration so that it
becomes easy to document the software.

3
SECURITY AND COMPLIANCE
References
Brotby, K. (2009). Information security governance: A practical development and
implementation approach. Hoboken, NJ: Wiley.
Ifinedo, P. (2014). Information systems security policy compliance: An empirical study of the
effects of socialisation, influence, and cognition. Information & Management, 51(1),
69-79.
Jaquith, A. (2007). Security metrics: Replacing fear, uncertainty, and doubt. Upper Saddle
River, NJ: Pearson.
Safa, N. S., Von Solms, R., & Furnell, S. (2016). Information security policy compliance
model in organizations. computers & security, 56, 70-82.