DQ2 WK4

DQ1 REPLY TO RESPONSES 75-100 WORDS

A Jonathan Retes

           Organizations can have varying needs in terms of security policies, their scope, applicability, and complexity. It is important to remember that there is no universal model for security policies, but there are three different types defined by the National Institutes of Standards and Technology (NIST) Policies are generally categorized into three types: program policies, issue-specific policies, and system-specific policies. Policies are the highest level of the information security program, and they are typically set by the organization's senior leadership. Email privacy is an example of an issue-specific policy. Firewalls and web servers are examples of system-specific policies. Organizations' success depends on their IT security policies. These procedures are at the core of all business operations and conform to the company's core mission and commitment to security.

B Elijah Coverini

Hello class,

The first that sprung to mind was acceptable use policy. An acceptable use policy "defines inappropriate use of information systems and the risk that it may cause" (IT Security Policies, n.d.). One example is that employees may only access company data from a work PC. Next, I must mention remote access policies. Disk encryption and VPN might be enforced. Finally, there is password creation and management policy. A special character, mix of uppercase and lowercase letters, and/or at least one number are all suitable guidlines for some secure passwords.

another type of security problem. Another policy is the password creation policy and this type of policy requires certain things to create passwords. “It should mention password log outs and maximum retry attempts and outline procedures for logging all unsuccessful login attempts" (IT Security Policies, 2022) 

dq2 response

C Adonis Deliannis

Phishing is a killer in any situation. I have prevented many phishing attempts made on my account and I will be honest I have done some myself to learn how it is done to further understand how it works and how it can be better prevented. It is interesting how phishing attacks are carried out, most sloppy, few decently creative. The creative ones really scare me yet they also intrigue me at the same time. I was very close to falling for one of them years ago to which really got me interested. Knowing what I know now I can confirm on the spot what is a good application or site and discern from the malicious.