Research Paper 2: Security Program for Netflix Inc. Analysis
VerifiedAdded on 2023/06/04
|16
|4220
|457
Report
AI Summary
This research paper analyzes the current state of Netflix's information security, identifying vulnerabilities such as deficiencies in human resource security, IT security management, over-reliance on third-party vendors, and inadequate policies. The paper proposes an ISO 27002-based security program, recognizing the importance of protecting the organization's data and content originality. It emphasizes the need for a comprehensive security management program that includes policy development, risk management, and employee training. The report details the selection of ISO 27002 as a suitable framework, providing a blueprint for implementing, maintaining, and improving Netflix's cybersecurity measures. The paper further outlines the program's objectives, which include safeguarding data confidentiality, integrity, and availability, and protecting Netflix, its employees, and customers from illicit use of its information system. The paper also discusses the importance of addressing cyber threats and integrating security into the organization's risk management approach, including policies to govern operations and address third-party vendor vulnerabilities.
Research Paper 2 1
The Security Program for Netflix Inc.
Student
Course
Tutor
Institutional Affiliations
State
Date
The Security Program for Netflix Inc.
Student
Course
Tutor
Institutional Affiliations
State
Date
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Research Paper 2 2
Introduction
In the global landscape of cyber threats, the threats are still evolving and there is no hope
that it will end soon. This has led to a constant challenge among individuals, organizations and
the security community at large. Netflix Inc. is no exception. Netflix Corporation is an
organization that provides its subscribers with streaming services allowing them to watch a wide
variety of award-winning TV shows, movies, as well as documentaries among other many
internets enabled services. It is one of the organizations offering cloud-based services. As such,
the organization has many software engineers at its service being led by Reed Hasting, the CEO
and the founder of the Corporation (Crunchbase, 2018, pp.1). As a move to mitigate this critical
issue, organizations have adopted various mitigation techniques, one noteworthy approach being
the Information Security Management System. Following this rationale, the main purpose of this
document is to develop a security program that would help Netflix organization to mitigate
security threats that have become common today.
Netflix information system risk analysis
There have been a rapid expansion on the number of the titles produced by the
organization making Netflix one of the largest producers globally. This has led to an increased
number of subscribers of the services offered by the organization. It is thus no secret that the
organization is a hot spot of security threats. Moreover, Netflix has committed its future to
streaming movies to its clients; the organization almost exclusively rely on cloud vendors for its
infrastructures which have raised security concerns. However, Netflix has launched various
security software to protect its information system. The security software has the capability of
analyzing and responding to threats as well as applications that manage access to the
organization’s information system (McSherry, and Mironov, 2009, pp. 627-636). Jason Chan, the
Introduction
In the global landscape of cyber threats, the threats are still evolving and there is no hope
that it will end soon. This has led to a constant challenge among individuals, organizations and
the security community at large. Netflix Inc. is no exception. Netflix Corporation is an
organization that provides its subscribers with streaming services allowing them to watch a wide
variety of award-winning TV shows, movies, as well as documentaries among other many
internets enabled services. It is one of the organizations offering cloud-based services. As such,
the organization has many software engineers at its service being led by Reed Hasting, the CEO
and the founder of the Corporation (Crunchbase, 2018, pp.1). As a move to mitigate this critical
issue, organizations have adopted various mitigation techniques, one noteworthy approach being
the Information Security Management System. Following this rationale, the main purpose of this
document is to develop a security program that would help Netflix organization to mitigate
security threats that have become common today.
Netflix information system risk analysis
There have been a rapid expansion on the number of the titles produced by the
organization making Netflix one of the largest producers globally. This has led to an increased
number of subscribers of the services offered by the organization. It is thus no secret that the
organization is a hot spot of security threats. Moreover, Netflix has committed its future to
streaming movies to its clients; the organization almost exclusively rely on cloud vendors for its
infrastructures which have raised security concerns. However, Netflix has launched various
security software to protect its information system. The security software has the capability of
analyzing and responding to threats as well as applications that manage access to the
organization’s information system (McSherry, and Mironov, 2009, pp. 627-636). Jason Chan, the
Research Paper 2 3
director of cloud security at Netflix Corporation also cited in an occasion that the organization
will always build solutions to address the issues that are either not well served in the marketplace
or that the organization’s security department choose to solve in a traditional way. However,
these strategies are not enough for a more robust system security. Despite the security measures
that have been put into place, the organization still faced a considerable cyber-attacks in 2017.
Ten new episodes of the Netflix’s original shows “Orange is the New Black” got exposed by
attackers who compromised Larson Studio, the post-production company. This attack elucidates
insufficiency in the organization’s information security management system. The act of extortion
demonstrated a critical chink in the organization’s security system that will continue to occur if
the organization does not make changes in its security management. It is high time that Netflix
acknowledges a robust security management strategy.
Due to the fact that one of the core Netflix’s anticipation is to protect the originality of
their products as it is their contents’ originality that drives the organization’s revenue model
since it relies on big releases in order to support the interest of its customers and hence more
return, Netflix must have implemented some of the most advanced cybersecurity defense in the
corporate world. The organization has however forgotten that human beings are the weakest link
in security. Vulnerabilities from the third parties in the organization is a critical threat to the
corporate’s security system and can lead to loss of the organization’s proprietary properties. New
York Times (2017) reportedly learned about the theft that occurred at Larson Studio in 2017
January and waited until a month when they exposed a list of the companies involved in the
attack. It had been reported earlier that the organization’s security personnel were not surprised
by the attack despite the details of the incident being revealed. This is because the organization
has received several warnings earlier about the vulnerabilities at the third party vendors for the
director of cloud security at Netflix Corporation also cited in an occasion that the organization
will always build solutions to address the issues that are either not well served in the marketplace
or that the organization’s security department choose to solve in a traditional way. However,
these strategies are not enough for a more robust system security. Despite the security measures
that have been put into place, the organization still faced a considerable cyber-attacks in 2017.
Ten new episodes of the Netflix’s original shows “Orange is the New Black” got exposed by
attackers who compromised Larson Studio, the post-production company. This attack elucidates
insufficiency in the organization’s information security management system. The act of extortion
demonstrated a critical chink in the organization’s security system that will continue to occur if
the organization does not make changes in its security management. It is high time that Netflix
acknowledges a robust security management strategy.
Due to the fact that one of the core Netflix’s anticipation is to protect the originality of
their products as it is their contents’ originality that drives the organization’s revenue model
since it relies on big releases in order to support the interest of its customers and hence more
return, Netflix must have implemented some of the most advanced cybersecurity defense in the
corporate world. The organization has however forgotten that human beings are the weakest link
in security. Vulnerabilities from the third parties in the organization is a critical threat to the
corporate’s security system and can lead to loss of the organization’s proprietary properties. New
York Times (2017) reportedly learned about the theft that occurred at Larson Studio in 2017
January and waited until a month when they exposed a list of the companies involved in the
attack. It had been reported earlier that the organization’s security personnel were not surprised
by the attack despite the details of the incident being revealed. This is because the organization
has received several warnings earlier about the vulnerabilities at the third party vendors for the
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Research Paper 2 4
year (Chou, 2013, p.79; Booth, Soknacki, and Somayaji, 2013, pp. 4-5). It is even more
surprising that the security management of the organization never changes, neither did the
organization consider the establishment of pertinent policies as a countermeasure for such cyber-
attacks.
The attack should be a wake-up call for the organization that they have not yet
implemented a relevant security management program that provides policies and procedures to
protect the corporate’s sensitive information as well as critical infrastructures and many other
assets of the organization. Information system security will never hold up to the ever increasing
weight of internal as well as third-party vulnerabilities if Netflix management does not consider a
security conscious culture. Leaving the burden of security solely on IT staffs’ shoulders and
establishment of various security software are no longer enough for mitigating security threats
might have been seen by the organization. Additionally, it has become clear that information
system security does not only compromise IT but also affects an organization’s business (Teece,
2010, pp.172-194). Following this rationale, Netflix must take a much more initiative into
making the security threat mitigation be part of the organization’s risk management technique
and formulate formal policies to govern the operations within the organization.
Another awakening security incidence that signifies the weak security governance in the
organization is the email phishing scam that targeted over 110 million subscribers of the
organization (Sebayan, 2017). This did not only happen once; the Netflix subscribers
experienced the same problem several times in the year 2017 where an email instructs them to
click and update their credit card details which were only meant to lure them into giving out their
personal data which would compromise their privacy. This came to be due to lack of controls
governing the access control of the organization’s information system which signifies the need
year (Chou, 2013, p.79; Booth, Soknacki, and Somayaji, 2013, pp. 4-5). It is even more
surprising that the security management of the organization never changes, neither did the
organization consider the establishment of pertinent policies as a countermeasure for such cyber-
attacks.
The attack should be a wake-up call for the organization that they have not yet
implemented a relevant security management program that provides policies and procedures to
protect the corporate’s sensitive information as well as critical infrastructures and many other
assets of the organization. Information system security will never hold up to the ever increasing
weight of internal as well as third-party vulnerabilities if Netflix management does not consider a
security conscious culture. Leaving the burden of security solely on IT staffs’ shoulders and
establishment of various security software are no longer enough for mitigating security threats
might have been seen by the organization. Additionally, it has become clear that information
system security does not only compromise IT but also affects an organization’s business (Teece,
2010, pp.172-194). Following this rationale, Netflix must take a much more initiative into
making the security threat mitigation be part of the organization’s risk management technique
and formulate formal policies to govern the operations within the organization.
Another awakening security incidence that signifies the weak security governance in the
organization is the email phishing scam that targeted over 110 million subscribers of the
organization (Sebayan, 2017). This did not only happen once; the Netflix subscribers
experienced the same problem several times in the year 2017 where an email instructs them to
click and update their credit card details which were only meant to lure them into giving out their
personal data which would compromise their privacy. This came to be due to lack of controls
governing the access control of the organization’s information system which signifies the need
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Research Paper 2 5
for information system security management programs to mitigate such vulnerabilities which
might affect the organization’s business.
An effective security management burns down to three crucial mechanism namely
people, policy and procedures. Netflix management team should know that cyber threats are part
of the organization’s risk and its solution lies in sound policies and procedures (Giesen,
Riddleberger, Christner, and Bell, 2010, pp.17-26). The process also involves working with the
organization’s third-party vendors along with ensuring that people at all levels of the
organization are properly trained to recognize potential vulnerabilities and deal with them in
accordance with the policies and procedures of the organization.
Vulnerabilities identified
Some of the vulnerabilities identified are as listed:
i. Deficiency in human resource security management
ii. Deficiency in IT security management controls and proper training on security
management strategies
iii. Over-reliance on third-party vendors
iv. Deficiency in policies governing the agreements between Netflix and third-party vendors.
Security model recommended for Netflix Organization
The security model involves a generic blueprint of security management provided by a
service organization. There are various security models out there but only a few are appropriate
for the Netflix’s case, some of which include Common Objectives for Information and Related
Technologies COBIT, National Institute of Standard Technology (NIST) and International
Organization for Standardization (ISO) (Sheikhpour, and Modiri, 2012, pp.13-28; Gehrmann,
for information system security management programs to mitigate such vulnerabilities which
might affect the organization’s business.
An effective security management burns down to three crucial mechanism namely
people, policy and procedures. Netflix management team should know that cyber threats are part
of the organization’s risk and its solution lies in sound policies and procedures (Giesen,
Riddleberger, Christner, and Bell, 2010, pp.17-26). The process also involves working with the
organization’s third-party vendors along with ensuring that people at all levels of the
organization are properly trained to recognize potential vulnerabilities and deal with them in
accordance with the policies and procedures of the organization.
Vulnerabilities identified
Some of the vulnerabilities identified are as listed:
i. Deficiency in human resource security management
ii. Deficiency in IT security management controls and proper training on security
management strategies
iii. Over-reliance on third-party vendors
iv. Deficiency in policies governing the agreements between Netflix and third-party vendors.
Security model recommended for Netflix Organization
The security model involves a generic blueprint of security management provided by a
service organization. There are various security models out there but only a few are appropriate
for the Netflix’s case, some of which include Common Objectives for Information and Related
Technologies COBIT, National Institute of Standard Technology (NIST) and International
Organization for Standardization (ISO) (Sheikhpour, and Modiri, 2012, pp.13-28; Gehrmann,
Research Paper 2 6
2012, pp.66-77). The NIST is an essential model that every organization should consider when
formulating a security management program, however, it can be expensive. Besides, what would
be the cost of losing critical information that is the core component of a business model? On the
off chance that a cyber-attack occurs, an organization can lessen its liability if the corporate can
prove that it was doing everything possible to keep its assets from security risks by using the
National Institute of Standard and Technology NIST framework as a foundation (Greer et al.,
2014, pp. 23-31; Kampanakis, 2014, pp.42-51). ISO, on the other hand, is a worldwide
federation which is consist of the natural standard of bodies. It has overreaching significance and
has not been adopted by Netflix, it is therefore proposed for Netflix and will be used as a
framework in developing the relevant security program that would be implemented by Netflix to
secure its assets.
ISO model
ISO refers to a non-governmental organization that is consist of standard bodies from
over 150 countries around the globe with each member country represented by one standard
body (ISO, 2012). This section will focus on ISO 27002. The ISO 27002 is a collection of
cybersecurity guidelines which is used by companies to implement, maintain and improve
cybersecurity management (Disterer, 2013, pp.92). ISO 27002 has various controls as well as
control techniques designed to get implemented with guidance from ISO 27001; ISO 27002 is
the refined standard of ISO 27001. The suggested controls provided by ISO 27002 are meant to
address various issues presented during risk assessment. This standard also provides guidelines
that help in the development of security standards as well as effective security management
practices.
2012, pp.66-77). The NIST is an essential model that every organization should consider when
formulating a security management program, however, it can be expensive. Besides, what would
be the cost of losing critical information that is the core component of a business model? On the
off chance that a cyber-attack occurs, an organization can lessen its liability if the corporate can
prove that it was doing everything possible to keep its assets from security risks by using the
National Institute of Standard and Technology NIST framework as a foundation (Greer et al.,
2014, pp. 23-31; Kampanakis, 2014, pp.42-51). ISO, on the other hand, is a worldwide
federation which is consist of the natural standard of bodies. It has overreaching significance and
has not been adopted by Netflix, it is therefore proposed for Netflix and will be used as a
framework in developing the relevant security program that would be implemented by Netflix to
secure its assets.
ISO model
ISO refers to a non-governmental organization that is consist of standard bodies from
over 150 countries around the globe with each member country represented by one standard
body (ISO, 2012). This section will focus on ISO 27002. The ISO 27002 is a collection of
cybersecurity guidelines which is used by companies to implement, maintain and improve
cybersecurity management (Disterer, 2013, pp.92). ISO 27002 has various controls as well as
control techniques designed to get implemented with guidance from ISO 27001; ISO 27002 is
the refined standard of ISO 27001. The suggested controls provided by ISO 27002 are meant to
address various issues presented during risk assessment. This standard also provides guidelines
that help in the development of security standards as well as effective security management
practices.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Research Paper 2 7
The standard was published by the International Organization for Standardization ISO in
collaboration with the International Electronic Commission IEC. Its original name was ISO/SEC
1779, it got published in the year 2000 and updated in the year 2005 when it got complimented
by ISO 27001 (Von Solms, and Van Niekerk, 2013, pp.97-102). The 2013 publication of ISO
27002 which will form the base of security controls to be designed for Netflix has various
controls including security policy, IT asset management, human resource security, and many
others. However, this section will only focus on cybersecurity controls, the major drawback in
Netflix’s business activities.
ISO 27002 is proposed for the reason that its goals address the needs of Netflix. Netflix
needs security management controls to protect its system from frauds and to ensure that its assets
are secured. ISO 27002’s main goal is to establish controls for implementing, maintaining and
improvement of information security management system in organizations along with selection,
implementation and management of guidelines and general principles for securing the
organization’s assets in accordance with the risk environment within the organization (Calder,
and Watkins, 2012, pp. 9). On basis of the organization’s needs identified in the upper section of
this document, it is obvious that ISO 27002 would be the best solution in Netflix’s case.
Developing a security management program
Introduction
Protecting the organization’s information system is of great importance to Netflix. As a
consequence, the information system security must have controls as well as safeguards in order
to offset any vulnerability and guarantee accountability, integrity, and availability as well as the
confidentiality of data (Rhodes-Ousley, 2013, pp.17). This program offers definitive information
The standard was published by the International Organization for Standardization ISO in
collaboration with the International Electronic Commission IEC. Its original name was ISO/SEC
1779, it got published in the year 2000 and updated in the year 2005 when it got complimented
by ISO 27001 (Von Solms, and Van Niekerk, 2013, pp.97-102). The 2013 publication of ISO
27002 which will form the base of security controls to be designed for Netflix has various
controls including security policy, IT asset management, human resource security, and many
others. However, this section will only focus on cybersecurity controls, the major drawback in
Netflix’s business activities.
ISO 27002 is proposed for the reason that its goals address the needs of Netflix. Netflix
needs security management controls to protect its system from frauds and to ensure that its assets
are secured. ISO 27002’s main goal is to establish controls for implementing, maintaining and
improvement of information security management system in organizations along with selection,
implementation and management of guidelines and general principles for securing the
organization’s assets in accordance with the risk environment within the organization (Calder,
and Watkins, 2012, pp. 9). On basis of the organization’s needs identified in the upper section of
this document, it is obvious that ISO 27002 would be the best solution in Netflix’s case.
Developing a security management program
Introduction
Protecting the organization’s information system is of great importance to Netflix. As a
consequence, the information system security must have controls as well as safeguards in order
to offset any vulnerability and guarantee accountability, integrity, and availability as well as the
confidentiality of data (Rhodes-Ousley, 2013, pp.17). This program offers definitive information
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Research Paper 2 8
on the prescribed measures that would help to establish and enforce appropriate security program
at Netflix organization with the aid of ISO 27002 framework.
The purpose of this security management program
This security management program seeks to prescribe a comprehensive framework for
the following:
i. Compiling a cyber-security management program appropriate for Netflix with reference
to ISO 27002 model.
ii. Safeguarding the availability, integrity, and confidentiality of Netflix data along with its
information system.
iii. To guarantee the effectiveness of security controls over information system and the
organization’s data that support the operations in Netflix organization.
iv. Protecting the Netflix, its employees, and customers from illicit use of Netflix
information system.
The formulation of this program is driven by various factors with the core factor being
risk. This security program will, therefore, form the ground rules under which Netflix will
operate and protect its contents and information in order to both mitigate risk and minimize the
effects of the potential attack on the off chance that the organization is attacked. As a
consequence, implementing these policy controls will help Netflix to mitigate the data breach
that has been continually experienced by the corporate as it helps the organization to comply
with its current and future legal obligation to guarantee a long-lasting diligence in protecting the
organization’s integrity, availability and confidentiality of its contents (Srinivasan, 2012, pp. 3).
Policy development
on the prescribed measures that would help to establish and enforce appropriate security program
at Netflix organization with the aid of ISO 27002 framework.
The purpose of this security management program
This security management program seeks to prescribe a comprehensive framework for
the following:
i. Compiling a cyber-security management program appropriate for Netflix with reference
to ISO 27002 model.
ii. Safeguarding the availability, integrity, and confidentiality of Netflix data along with its
information system.
iii. To guarantee the effectiveness of security controls over information system and the
organization’s data that support the operations in Netflix organization.
iv. Protecting the Netflix, its employees, and customers from illicit use of Netflix
information system.
The formulation of this program is driven by various factors with the core factor being
risk. This security program will, therefore, form the ground rules under which Netflix will
operate and protect its contents and information in order to both mitigate risk and minimize the
effects of the potential attack on the off chance that the organization is attacked. As a
consequence, implementing these policy controls will help Netflix to mitigate the data breach
that has been continually experienced by the corporate as it helps the organization to comply
with its current and future legal obligation to guarantee a long-lasting diligence in protecting the
organization’s integrity, availability and confidentiality of its contents (Srinivasan, 2012, pp. 3).
Policy development
Research Paper 2 9
For Netflix to mitigate the information security risk, the organization must formulate,
adopt and maintain a pertinent set of policies and procedures to manage its content and
information system (Beckers, Faßbender, Heisel, Küster, and Schmidt, 2012, pp. 14-21). Netflix
personnel are required to protect and guarantee the integrity, availability, and confidentiality of
its data. For this reason, security controls will be formulated accordingly to ensure that they
commensurate with the security risks as pointed out in the preceding sections.
1. Information security program policy (1)
Objective: to specify the development, adoption, assessment, authorization, and monitoring of
the Netflix information security program. Effective implementation of this control will depend
on the successful implementation of the Netflix controls at the program level.
Netflix shall protect the integrity, availability, and confidentiality of its information system, data
among other assets regardless of how its data I managed.
1.1. Information security policy (1.1)
The information security management system shall focus on the IT management and information
system associated risks. The policy behind Netflix’s information security management system is
that along with all management processes, the information management system shall remain
effective and efficient in the long term adapting to the internal as well as external environment
changes in the organization.
1.2. Information security policy (1.2)
For Netflix to mitigate the information security risk, the organization must formulate,
adopt and maintain a pertinent set of policies and procedures to manage its content and
information system (Beckers, Faßbender, Heisel, Küster, and Schmidt, 2012, pp. 14-21). Netflix
personnel are required to protect and guarantee the integrity, availability, and confidentiality of
its data. For this reason, security controls will be formulated accordingly to ensure that they
commensurate with the security risks as pointed out in the preceding sections.
1. Information security program policy (1)
Objective: to specify the development, adoption, assessment, authorization, and monitoring of
the Netflix information security program. Effective implementation of this control will depend
on the successful implementation of the Netflix controls at the program level.
Netflix shall protect the integrity, availability, and confidentiality of its information system, data
among other assets regardless of how its data I managed.
1.1. Information security policy (1.1)
The information security management system shall focus on the IT management and information
system associated risks. The policy behind Netflix’s information security management system is
that along with all management processes, the information management system shall remain
effective and efficient in the long term adapting to the internal as well as external environment
changes in the organization.
1.2. Information security policy (1.2)
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Research Paper 2 10
Netflix shall define a set of information security policies and have them approved, published and
communicated to the organization’s employees and its third parties by its IT security
management.
1.2.1. Publishing information security policies (1.2.1)
Objective: to establish, publish, implement and maintain security policy.
The information security policies and standards of Netflix organization shall be presented in a
single document in a written form that shall be endorsed by Netflix’s executive management and
disseminated to the relevant parties in order to ensure that all Netflix personnel understand all
that they are required of. The information security policy shall represent the roadmap for
implementing Netflix’s security measures to protect its important contents. All Netflix personnel
shall be aware of the sensitivity of Netflix’s data and information system as well as their
responsibility to protect them.
1.2.2. Assignment of information security responsibilities (1.2.2)
Objective: to appoint individuals from the IT department and assign missions and resources to
manage information security program within the organization.
All responsibilities and authorities of the information system shall be delegated to Netflix’s chief
information security officer CISO. The information security management team shall also be
delegated their responsibilities as well as Netflix users.
a. CISO roles and responsibilities
The CISO is anticipated to perform the following security management roles:
Netflix shall define a set of information security policies and have them approved, published and
communicated to the organization’s employees and its third parties by its IT security
management.
1.2.1. Publishing information security policies (1.2.1)
Objective: to establish, publish, implement and maintain security policy.
The information security policies and standards of Netflix organization shall be presented in a
single document in a written form that shall be endorsed by Netflix’s executive management and
disseminated to the relevant parties in order to ensure that all Netflix personnel understand all
that they are required of. The information security policy shall represent the roadmap for
implementing Netflix’s security measures to protect its important contents. All Netflix personnel
shall be aware of the sensitivity of Netflix’s data and information system as well as their
responsibility to protect them.
1.2.2. Assignment of information security responsibilities (1.2.2)
Objective: to appoint individuals from the IT department and assign missions and resources to
manage information security program within the organization.
All responsibilities and authorities of the information system shall be delegated to Netflix’s chief
information security officer CISO. The information security management team shall also be
delegated their responsibilities as well as Netflix users.
a. CISO roles and responsibilities
The CISO is anticipated to perform the following security management roles:
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Research Paper 2 11
i. CISO has a responsibility to formulate, document and implement security policies and
procedures to govern the Netflix information system.
ii. CISO shall monitor and analyze information security alerts.
iii. The CISO shall create, document and disseminate response and escalation procedures of
a security incident in order to ensure an effective and timely handling of various
incidents.
iv. The CISO shall distribute security alerts to relevant individuals in the organization.
a. Roles and responsibilities of the management team
i. Management team ensure periodical implementation of security management policy
manual
ii. The management provides all resources, direction, and appropriate support to ensure that
Netflix content, data, and the information system are well protected within their areas of
responsibilities.
iii. Netflix management team has a responsibility to ensure that pertinent policies and
controls are documented according to the organization’s policies and procedures and
implemented by all Netflix personnel.
iv. The IT management team has a duty to evaluate the compliance with the policies and
procedures through regular audits.
a. User role and responsibility
i. To follow the organization’s policies in the user secret information for authentication.
ii. To comply with all policies and procedures of Netflix to ensure to secure the
organization’s data and information system.
2. Security management policies for human resource
i. CISO has a responsibility to formulate, document and implement security policies and
procedures to govern the Netflix information system.
ii. CISO shall monitor and analyze information security alerts.
iii. The CISO shall create, document and disseminate response and escalation procedures of
a security incident in order to ensure an effective and timely handling of various
incidents.
iv. The CISO shall distribute security alerts to relevant individuals in the organization.
a. Roles and responsibilities of the management team
i. Management team ensure periodical implementation of security management policy
manual
ii. The management provides all resources, direction, and appropriate support to ensure that
Netflix content, data, and the information system are well protected within their areas of
responsibilities.
iii. Netflix management team has a responsibility to ensure that pertinent policies and
controls are documented according to the organization’s policies and procedures and
implemented by all Netflix personnel.
iv. The IT management team has a duty to evaluate the compliance with the policies and
procedures through regular audits.
a. User role and responsibility
i. To follow the organization’s policies in the user secret information for authentication.
ii. To comply with all policies and procedures of Netflix to ensure to secure the
organization’s data and information system.
2. Security management policies for human resource
Research Paper 2 12
Objective: to ensure that the best security management practices are well incorporated in human
resource personnel management.
Netflix shall ensure that the best practices of information security management are well
incorporated into the human resource personnel management practices.
2.1. Screening (2.1)
Objective: to mitigate the risk from the internal sources.
There shall be background verification for all organization personnel during employment, this
will be carried out in accordance with the pertinent laws and procedures and shall be relational to
Netflix’s business needs, the perceived risks as well as classifications of the asset to be protected.
2.2. Training, testing, and monitoring (2.2)
Objective: to implement procedures to ensure that Netflix’s plan to conduct security training,
testing and monitoring activities which are related to the information system of the organization.
The chief information security officer CISO in coordination with relevant personnel shall be
responsible for the establishment and maintenance of procedures for security training, testing and
monitoring activities which are related to the Netflix information system. These activities should
be informed by the current threats that have been experienced by the organization according to
the risk assessment.
2.3. Policy for vendors/external party management
Objective: to guarantee security for Netflix contents that are managed by the external parties or
vendors.
2.3.1. The security policy for vendors/external parties relationships (2.3.1)
Objective: to ensure that the best security management practices are well incorporated in human
resource personnel management.
Netflix shall ensure that the best practices of information security management are well
incorporated into the human resource personnel management practices.
2.1. Screening (2.1)
Objective: to mitigate the risk from the internal sources.
There shall be background verification for all organization personnel during employment, this
will be carried out in accordance with the pertinent laws and procedures and shall be relational to
Netflix’s business needs, the perceived risks as well as classifications of the asset to be protected.
2.2. Training, testing, and monitoring (2.2)
Objective: to implement procedures to ensure that Netflix’s plan to conduct security training,
testing and monitoring activities which are related to the information system of the organization.
The chief information security officer CISO in coordination with relevant personnel shall be
responsible for the establishment and maintenance of procedures for security training, testing and
monitoring activities which are related to the Netflix information system. These activities should
be informed by the current threats that have been experienced by the organization according to
the risk assessment.
2.3. Policy for vendors/external party management
Objective: to guarantee security for Netflix contents that are managed by the external parties or
vendors.
2.3.1. The security policy for vendors/external parties relationships (2.3.1)
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 16
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.