week 5
1. In your browser, navigate to https://www.sans.org/reading-room/whitepapers/policyissues/information-security-policy-development-guide-large-small-companies-1331 .
Summarize the Policy Development Guide's recommendations for organizing a policy hierarchy and selecting policy topics.?
2. In your browser, navigate to https://www.cio.com/article/3243684/what-is-cobit-a-framework-for-alignment-and-governance.html .
Describe the core principles and objectives of COBIT 2019?
3. For each risk, threat, or vulnerability in the list below, select an appropriate security policy that might help mitigate it. You can select one of the SANS policies or choose one from the following list.
· Acceptable Use Policy
· Access Control Policy
· Business Continuity—Business Impact Analysis (BIA) Policy
· Business Continuity and Disaster Recovery Policy
· Data Classification Standard and Encryption Policy
· Internet Ingress/Egress Traffic Policy
· Mandated Security Awareness Training Policy
· Production Data Backup Policy
· Remote Access Policy
· Vulnerability Management and Vulnerability Window Policy
· Wide Area Network (WAN) Service Availability Policy
4. Organize the security policies you selected so that they can be used as part of an overall framework for a layered security strategy.
5. A user at Digital Innovation Products has been using company network resources to download torrent files onto a USB drive and transfer those files to their home computer. IT tracked down the torrent traffic during a recent network audit. Unfortunately, the company does not have a current policy that restricts this type of activity.
Identify at least two appropriate policies that should be in place to define this type of behavior and the consequences thereof.
Write a brief overview for C-level executives explaining which policies should be added to the company's overall security policy framework, why they should be added, and how those policies could protect the company.