Week6

Running head: COMPANY Facebook Department of Defense (DoD) Ready 1

COMPANY Facebook DoD Ready 4

Step 1: Select an organization.

We have selected the company called Facebook. Facebook is an American company that offers services on online social networking. It was founded by Mark Zuckerberg together with his colleagues in 2004. It is located in Menlo Park, CA.

Step 2: Create an executive summary.

Business model of Facebook is very simple because it is based on advertising. Most of the organization’s revenue comes from advertisements. The company has also been able to unlock a lot for business value from its various operations that have emerged as one of the profitable giants in technology. Currently, Facebook has more than 48,000 employees worldwide ("How Does Facebook Make Money? Facebook Business Model in A Nutshell", 2020). The number of employees has increased gradually since the time the company was formed. This is due to its massive expansion over time. It has succeeded and grown in terms of its product cycle all over the world

· The IT security policy for the company include users changing their passwords on a regular basis and employing different symbols and numerals while coming up with new passwords. The users should also avoid disclosing private or personal information to people they do not trust. They should also be keen to check that they acknowledge the URL as well as domain names before sharing financial or personal data ("Data Policy", 2020). Users should also ensure that secure browsing is always turned on in their account settings. In case users feel or suspect that their account has been tampered with for various reasons, they are free to contact their social network and support staff of Facebook.

· The security policy was developed based on the exposure to threats and things that were affecting people more. The security policy was also developed based on the guidelines of the Department of Defense regarding social networks and policies. Complying with the rules and regulations of the DoD regarding the security of the public and their use of the application was vital.

· Exposing or putting people at risk of losing their personal data or being threatened on the platform was a concern and this led to development of matters catering for data security in the security policy of the company. Facebook stores data under the security measures as long as it is necessary to provide services and products to the users. Information in a given account is kept under safe conditions until the account is deleted, unless they no longer require the data in provision of services and products. The account can also be deleted anytime the user feels like.

Step 3: Conduct a research of DoD-specific requirement for an Organization IT infrastructure and US compliance laws that may affect them

· The mission statement of Facebook Inc. is “to give people power to build community and bring the world closer together.” The mission statement was implemented based on data security and privacy issues. The corporate vision statement of the company is, “People use Facebook to stay connected with friends and family, to discover what is going on in the world, and to share and express wat maters to them.” It shows that their business is not only an online site for social networking. It facilitates knowledge acquisition as well as communication among users.IT infrastructure of Facebook is based on data infrastructure. The data infrastructure ensures usable, efficient and reliable platforms as well as tools of end-users in collecting, managing and analyzing data to enable teams to make decisions that are data-driven as well as to support applications that are data-intensive.

· FISMA is a US federal law that was enacted in 2002 affecting government agencies as well as contractors. It deals with protection of information systems and information from various threats including unauthorized access, modification, use and destruction. In order to achieve FISMA compliance, Facebook should ensure that all the sensitive information for users is well retained and also distributed in an appropriate way and free from security threats.

· Facebook should ensure that data integrity is enhanced through guarding data against any form of destruction and unauthorized modification. Data confidentiality should be ensured by ensuring restrictions on disclosure and access of information. FISMA also requires access of information in a reliable and timely manner.

· It is a requirement to ensure categorization and storage of an inventory for information systems used in the company. Another compliance requirement is establishment of security control system. FISMA requires that organizations must establish security controls that are relevant to their operations to ensure information security ("FISMA Compliance: Requirements, Penalties & Email Archiving", 2020). It also requires organizations to conduct risk assessment effectively to avoid unnecessary risks. Failure to meet the above requirements leads to penalization of the company. At various circumstances, the company may also be made to face a court of law for failing to comply on matters of information security.

Step 4: Policies, Standards and Controls (Users, Workstation, LAN, LAN-to-WAN)

4.1. Users

There are plenty of public users for Facebook. Apart from general public users, there are few clients which are using Facebook as a business:

· WhatsApp

· Facebook AD’s

· Facebook page as business

4.1.0 Acceptable use policy (Introduction, Purpose, Scope, Policy)

4.1.1 Introduction

Facebook acceptable use policy lists out a number of rules and regulations that its consumers are expected to follow in order to ensure that they utilize the application as per the expectations of the developer. The acceptable use policy allows firms that utilize the app as well as other individuals to determine the best way of using the app so as to optimize the services provided and to ensure that the details, they provide remain secure. The policy allows users to be certain that through following the depicted guidelines their information will remain confidential and ensures that through accepting the policy, the Facebook Company is able to offer the personalized experience.

4.1.2 Purpose

The main objective of the acceptable use policy is to allow the users to be able to understand the service that they will be getting, understand the terms and conditions which apply when they successfully decide to use the software and also to allow them determine what the product owner expects of them. It also serves as a manual to welcome the user and to highlight what they will experience in the Facebook App.

4.1.2 Scope

Facebook acceptable use policy elaborates to the users the things that they could carry out in the app and demonstrates to them to activities which could potentially put their personal information in danger. The policy also allows users to understand that using this software is free while highlighting that they could have to view advertisements which other firms have paid the company to display on the platform. In addition, the firm elaborates to the users that through accepting these policies the firm will use their personal data to provide personalized experiences as well as to determine the kind of advertisements that they display on accounts of different users.

4.1.3 Policies (Examples of policies to develop: General Use and ownership, Security and Proprietary Information, Unacceptable Use, System and Network Activities)

Facebook has an unacceptable use policy which displays to users the various activities which are considered inappropriate to conduct in the application as well as the actions that could potentially lead to the product owner suspending the users (Richter.et.al, 2017). Moreover, they offer security and proprietary information which allows individuals to securely use the software to provide original content. The firm also demonstrates to consumers the most appropriate ways of operating in the platform to enforce data protection and avoid being attacked by cybercriminals.

4.2 Workstation

4.2.1 Introduction

The workplace acceptable use policy is intended for use by organization and is a different service to the consumer version. It allows firms to enforce their own workplace policies on the use of the accounts and devices which are issued by the organizations. These policies allows the users to understand that they have to abide by the outlined company policies as well as those of their employers since the devices in which the software operate or the accounts that belong to the firm might have important business data that is expected to be handled with the set guidelines in the specified industry.

4.2.2 Purpose

The objective of having workstation acceptable use policy is to allow the companies to be able to use Facebook to access their clients and to easily establish a customer relationship management system which can obtain consumer data from the software application. In addition, it allows firms to have the freedom to use their own policies even when operating their business through the platform in order to maximally secure their data and allow the accounts to be used for business matters only (Patil & Shyamasundar, 2017). Facebook Inc understands that the needs of business are different and therefore they have created these policies to ensure that companies become part of this community and be able to benefit more from the platform as well as ensure that their employees abide by the company policies once they utilize the software.

4.2.3 Scope

The workstation acceptable use policy outlines the responsibility of Facebook such as using technologies to determine illegal or abusive materials which could potentially harm the third parties and firms. The firms ensure that it lists out its role in protect companies from information which could potentially damage their reputation in this platform or violate their outlined policies. Facebook also allows firms to apply their workplace policies in the site so as to maximize their use of the platform. These policies which are outlined allow business to determine the support they will receive from the product owner as well as the expectations that they should have when they decide to use this platform to better their businesses.

4.2.4 Workstation Policy, standard, Controls

Some of the policies displayed in the workplace Facebook version include security and data protection which outlines some of the ways that businesses could easily ensure that all their information that is presented in the platform is secured. The system and network activities policies are also listed out to allow business to determine the actions that will be undertaken in the software. An example of such a policy dictates that the product owner might use innovative technologies to assess the data presented by the business to verify and certify that the data can be used in the platform

4.3 LAN

4.3.0 Introduction

The LAN domain policies are those standards which have been developed so as to deal with the traffic flow and connectivity of the user to the platform. These comprise of the standards, policies and controls regarding the switches, the disk operating system, the wireless fidelity security as well as the firewalls. Facebook uses these policies to control the users of its application and to ensure that they are connected to the system using the acceptable networks

4.3.1 Purpose

The main aim of the LAN domain policies is to help the organization to easily oversee the traffic flow and allow users to determine the baseline standards which apply when connecting to the firm’s system. They allow the users to protect their disk operating systems as well as to be able to protect their Wi-Fi.

4.3.2 scope

In order to be able to connect to the Facebook application users are expected to use networks that enable them to have access to the internet. Facebook lists out activities that the users can undertake to make sure that they network that their devices are connected into do not expose them to attackers (Christofides, Muise, & Desmarais, 2019). The company enables users to understand ways in which they can protect their disk operating system and methods in which they can create firewalls to ensure unauthorized people do not access their accounts.

4.3.3 LAN Policy, Standard, Controls

These policies include security controls for routers which are used to allow devices to be connected into the system. They also entail controls of configuring change and the activities to carry out to ensure that the wireless fidelity being used is secure.

4.4 LAN-to-WAN Domains

4.4.0 Introduction

These are the policies that the Facebook Company applies to detect the intruders in their system and to develop controls of prevention of intrusion as well as to block and filter some materials. The firms ensure that bad content is blocked from appearing on the user’s new feeds and ensures that some materials that contain sensitive details are filtered so that users can watch or access them at their own consent.

4.4.1 Purpose

The main aim of these policies is to allow the company to control the available data and the new data that is uploaded by the users. In addition, the company uses these standards to ensure the users determine the material which the firm is likely to block or filter the users it reaches.

4.4.2 Scope

LAN-to-WAN domain policies contain crucial details which are used in controlling Internet Proxy, detecting intruders, preventing intrusion and filtering the displayed data (Jackler.et.al, 2019). Facebook has an aim of personalizing the experiences of its clients and therefore uses these policies to ensure that the clients consent to these operations that the firm undertakes.

4.4.3 LAN-to-WAN Policy, Standard, Controls

The applied LAN-to-WAN Policy, Standard, Controls of Facebook include the DMZ controls, the criteria applied in blocking the materials uploaded in the software, the rules that are used to block the information which could potentially harm businesses or promote illegal activities. The intrusion detection and prevention controls are those strategies that the firm applies so as to determine the individuals that are accessing the software without the right authorization and techniques used to strengthen the vulnerable areas in the system which could be used by intruders.

Week 6 (06-14-2020)

Step 6: Policies, Standards and Controls (WAN, Remote Access, System Application Domains)

4.4 WAN

4.4.1Introduction

4.4.2 Purpose ….

4.5 Remote access

4.6 System Application

Step 7: Conclusion

· Summarize the planning and execution process Develop a deployment plan for implementation of these polices, standards, and controls Include all applicable DoD frameworks

Reference

APA Reference - Minimum of 5 references