Lab 3

OriginalityReport.pdf

Home >Information Systems homework help >Lab 3

1/20/22, 9:06 AM Originality Report

https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReport/ultra?attemptId=c637175b-dd5a-46f3-9ba5-cb61a8ac4e37&course_id=… 1/10

%37

SafeAssign Originality Report

%37Total Score: Medium risk

Total Number of Reports

1 Highest Match

37 % Defining_a_Security_Policy_Framework_3…

Average Match

37 % Submitted on

01/20/22 08:56 AM CST

Average Word Count

1,756 Highest: Defining_a_Security_Policy_Fram…

%37Attachment 1

Institutional database (17)

Student paper Student paper Student paper

Student paper Student paper

Internet (1)

wikipedia

Top sources (3)

Excluded sources (0)

View Originality Report - Old Design

Word Count: 1,756 Defining_a_Security_Policy_Framework_3e_-_Laljibhai_Valiya.pdf

1 2 9

13 6 10

12 7 18

11 14 8

15 16 4

17 5

1 Student paper 2 Student paper 9 Student paper

Defining a Security Policy Framework (3e) Security Policies and Implementation Issues, Third Edition - Lab 03

Student: Email:

Time on Task: Progress:

100%

Report Generated: Thursday, January 20, 2022 at 9:56 AM

Guided Exercises

Part 1: Research Security Policy Frameworks

Page 1 of 5

Defining a Security Policy Framework (3e) Security Policies and Implementation Issues, Third Edition - Lab 03

3. Summarize the Policy Development Guide's recommendations for organizing a policy

https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReport?attemptId=c637175b-dd5a-46f3-9ba5-cb61a8ac4e37&course_id=_147629_1&download=true&includeDeleted=true&print=true&force=true

1/20/22, 9:06 AM Originality Report

https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReport/ultra?attemptId=c637175b-dd5a-46f3-9ba5-cb61a8ac4e37&course_id=… 2/10

hierarchy and selecting policy topics.

Policy development is a frequentative process which seeks to continuously improve workplace safety

and security while offering policymaker’s commitment to safety. The process entails establishing the

need, collecting relevant information, sketching, consulting and review. Policy development process is

made of; the policy, standards, procedures and guidelines. The policy development guide

recommends an organization to first establish the need for a policy – why is a policy required in the

organization. In this, the policy’s purposes are outlined and reviewed to ensure they address the need

for a policy. A good policy should be workable and help the organization to easily initiate and navigate

through a change. Any policy should be able to apply as a compliance tool to show the organization

stance on industrial best practices. So as for a policy to be effective, its audience should be

established. This forms the various parties and entities to use the policy. During policy development

the framers of the policy need to have a clear understanding of who will use the policy. In an

organization, the employees will form part of the audience. The policy hierarchy outlines how the

various components of a policy relate to each other. Policy hierarchy in an organization involves

ensuring each of these components is captured correctly, developed to answer the relevant questions (why, what and how) while within the policy purposes. At the top of the policy hierarchy is the

governing policy. This is a single document outlining security concepts at the top most level. In

addition to explain the various concepts, this document details their importance and the company’s

stance on them. The technical policies fall next below the governing policy. This can be in multiple

documents depending on the size of the company. They are used by the technical teams while

undertaking their responsibilities. A key characteristic of technical policies is that they are system

specific thus more detailed than governing policy. At the bottom of the policy hierarchy is the

guidelines. Also referred to as job aids, they give step-by-step direction on ‘how’ of rolling out policy

statements. Used by staff to guide on day to day activities, they act as a backup whenever a staff

leaves an organization and a replacement is brought to fill in the position by ensuring their knowledge

gained in the organization isn’t lost. Policy topics are the various areas in an organization which are

deemed in need of a policy. The process of selecting policy topic considers aspects such are legal

obligations and critical information. Any information which an organization is legally binding to protect

should be given the first priory in selecting a policy topic. This will ensure the organization has

guidelines on how to handle such information. Next follows any information used to make

organization’s critical decisions. Then how a piece of information is critical and sensitive to the

organization should be considered to select a policy topic.

Page 2 of 5

Defining a Security Policy Framework (3e) Security Policies and Implementation Issues, Third Edition - Lab 03

5. Describe the core principles and objectives of COBIT 2019.

This is the latest version of COBIT framework which covers new trends, technologies and information

security needs in organizations. The framework’s core principles include; i. Encourage and adoption

feedback from practitioner community by allowing comments relating to; improvement suggestions, new concepts and ideas. ii. Puts more enforcement on compa- nies to develop governance strategy

which is tailored on unique best fits. It components outline what organization need to have a strong

governance system. iii. Best fit for organization which have adopted multiple frameworks such as ITIL

1/20/22, 9:06 AM Originality Report

https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReport/ultra?attemptId=c637175b-dd5a-46f3-9ba5-cb61a8ac4e37&course_id=… 3/10

and ISO while allowing businesses in their alignment journey to existing frameworks to help them fit to

the overall strategy. iv. The COBIT 2019 gives top management more view on how technology can

support attainment of organization goals. Objectives of CBIT 2019 i. Improve on the fretwork’s

alignment to global standards, other frameworks and industry best practices. ii. Allow for feedback on

improvements and new ideas and concepts from practitioners through open source model for its

enhancement. iii. Roll out updates on regular basis. iv. Guide organization in developing best-fit

system of governance by providing relevant tools. v. Provide online collaborative features thus real- time support on decision making process. vi. Offer more precise ability to measure IT performance

and CMMI alignment by providing better tools.

Part 2: Define a Security Policy Framework

Page 3 of 5

Defining a Security Policy Framework (3e) Security Policies and Implementation Issues, Third Edition - Lab 03

2. For each risk, threat, or vulnerability in the list above, select an appropriate security policy that

might help mitigate it. You can select one of the SANS policies or choose one from the

following list.

Risk, Threat and Vulnerability Security Policy Unauthorized access from public Internet Acceptable

Use Policy Hacker penetrates IT infrastructure Access Control Policy Business Continuity and

Disaster Recovery Policy Communication circuit outages Workstation operating system (OS) has a

known Vulnerability Management and Vulnerability Window software vulnerability Policy Unauthorized

access to organization-owned data Access Control Policy Data Classification Standard and Encryption

Policy Denial of service attack on organization's e-mail Remote communications from home office

Remote Access Policy Vulnerability Management and Vulnerability Window Workstation browser has

software vulnerability Policy Weak ingress/egress traffic-filtering degrades performan Internet

Ingress/Egress Traffic Policy Wireless Local Area Network (WLAN) access points Wide Area Network (WAN) Service Availability Policy are needed for Local Area

Network (LAN) connectivity User destroys

data in application, deletes all files, and Data Classification Standard and Encryption Policy gains

access to internal network Fire destroys primary data center Production Data Backup Policy Intra

office employee romance gone bad Human Resources (HR) Policy Loss of production data Production

Data Backup Policy Need to prevent rogue users from unauthorized WLAN Access Control Policy

Vulnerability Management and Vulnerability Window LAN server OS has a known software

vulnerability Policy Mandated Security Awareness Training Policy User downloads an unknown e-mail

attachment Business Continuity-Business Impact Analysis (BIA) Service provider has a major network

outage Policy User inserts a USB hard drive with personal photos, Data Classification Standard and

Encryption Policy music, and videos on organization-owned computers Virtual Private Network (VPN) tunneling between the Data Classification Standard and En-

cryption Policy remote computer and

ingresslegress router

3. Organize the security policies you selected so that they can be used as part of an overall

framework for a layered security strategy.

The organization’s information is an essential asset which needs utmost protection and security. Any

1/20/22, 9:06 AM Originality Report

https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReport/ultra?attemptId=c637175b-dd5a-46f3-9ba5-cb61a8ac4e37&course_id=… 4/10

compromise to information help by the organization could lead to adverse losses and even lawsuits

against the organization by the aggrieved parties. The law demands any information and data breach

be communicated to the affected users thus the need to ensure any information held by the

organization has enough security. The company's overall security policy framework though

elaborative, it doesn’t capture all risks, threats and vulnerabilities the information help by the company

is exposed to. For that matter, some activities which can expose the organization’s information do not

have appropriate policies restricting such activities. In a recent activity, a user was able to use

company resources to download torrent files and transfer the files to home computer using USD drive. These series of activities greatly exposes the organizations in- formation to risks and threats either

emanating from the internet, the USB or even the ability to access the resources. It is my submission

that the following policies be added to the overall security policy framework to guide on such future

events.

Page 4 of 5

Defining a Security Policy Framework (3e) Security Policies and Implementation Issues, Third Edition - Lab 03

Challenge Exercise

Identify at least two appropriate policies that should be in place to define this type of behavior and the

consequences thereof.

This policy will guide and control use of portable storage devices in organization resources and

network. The policy will prohibit us of all sorts of removable storage devices such as USB drives from

being used within the company network. The Information Technology (IT) team will be guided by this

policy to disable all company computers and other devices from accepting any portable storage

device. Any device plugged into the company network will not be recognizable by the user and an alert

will be send to the Information Security office on such activity. For any removable media to be used

within the network, express permissions and approvals should be sort from the line management and

the same forwarded to the security office justifying why such access should be granted. Additionally, such removable media should allow physical encryption and key vaulting for recovery. The Information

Security Office and Data custodian will be the responsible party for this policy. Its implementation

should be immediately after approval by the organizations top management committee of Information

security.

Write a brief overview for C-level executives explaining which policies should be added to the

company's overall security policy framework, why they should be added, and how those policies could

protect the company.

This policy will guide on interfaces such as gateways, routers, firewalls, Virtual Private Networks; organizational demilitarized zones; and restricting external web traffic to only designated servers. Users will therefore not be able to access restricted websites such as torrent which enabled the user

to download the files. Through the policy, the IT team will be able to block any such external traffic

from connecting to the organization network. The policy will use denial method to block access of any

websites described as risky and unnecessary. The policy guidelines will inform users on prohibition to

access such websites using the company network resources. Any attempted access will send an auto

alert to the information security office, detailing the device from which the access is originating. The

1/20/22, 9:06 AM Originality Report

https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReport/ultra?attemptId=c637175b-dd5a-46f3-9ba5-cb61a8ac4e37&course_id=… 5/10

Source Matches (45)

Student paper 100%

wikipedia 70%

Information Security Office will be the responsible for this policy. Its implementation should be

immediately after approval by the organizations top management committee of Information security

where IT team will proceed and block any blacklisted websites.

Page 5 of 5

http://www.tcpdf.org

Student paper

Defining a Security Policy Framework (3e) Security Policies and Implementation Issues, Third Edition - Lab 03

Original source

Defining a Security Policy Framework (3e) Security Policies and Implementation Issues, Third Edition - Lab 03

Student paper

Time on Task:

Original source

Time on Task

Student paper

Research Security Policy Frameworks

Original source

Research Security Policy Frameworks

Student paper

Page 1 of 5

Original source

Page 1 of 5

Student paper

Defining a Security Policy Framework (3e) Security Policies and Implementation Issues, Third Edition - Lab 03

Original source

Defining a Security Policy Framework (3e) Security Policies and Implementation Issues, Third Edition - Lab 03

Student paper

Summarize the Policy Development Guide's recommendations for organizing a policy hi- erarchy and selecting policy topics.

Original source

Summarize the Policy Development Guide's recommendations for organizing a policy hi- erarchy and selecting policy topics

Student paper

Policy development process is

Original source

the policy process

1/20/22, 9:06 AM Originality Report

https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReport/ultra?attemptId=c637175b-dd5a-46f3-9ba5-cb61a8ac4e37&course_id=… 6/10

Student paper 100%

Student paper 75%

Student paper 65%

Student paper 100%

Student paper 82%

Student paper 100%

Student paper

The policy development guide

Original source

policy development guide

Student paper

During policy development

Original source

Development of policy

Student paper

This will ensure the organization has

Original source

This will ensure that

Student paper

Page 2 of 5

Original source

Page 2 of 5

Student paper

Defining a Security Policy Framework (3e) Security Policies and Implementation Issues, Third Edition - Lab 03

Original source

Defining a Security Policy Framework (3e) Security Policies and Implementation Issues, Third Edition - Lab 03

Student paper

Describe the core principles and objectives of COBIT 2019.

Original source

Describe the core principles and objectives of COBIT 2019

Student paper

the overall strategy.

Original source

into the overall strategy

Student paper

Define a Security Policy Framework

Original source

Define a Security Policy Framework

Student paper

Page 3 of 5

Original source

Page 3 of 5

Student paper

Defining a Security Policy Framework (3e) Security Policies and Implementation Issues, Third Edition - Lab 03

Original source

Defining a Security Policy Framework (3e) Security Policies and Implementation Issues, Third Edition - Lab 03

1/20/22, 9:06 AM Originality Report

https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReport/ultra?attemptId=c637175b-dd5a-46f3-9ba5-cb61a8ac4e37&course_id=… 7/10

Student paper 100%

Student paper 67%

Student paper 66%

Student paper 72%

Student paper 99%

Student paper 85%

Student paper 81%

Student paper 82%

Student paper

For each risk, threat, or vulnerability in the list above, select an appropriate security policy that might help mitigate it. You can select one of the SANS policies or choose one from the

Original source

For each risk, threat, or vulnerability in the list above, select an appropriate security policy that might help mitigate it You can select one of the SANS policies or choose one from the

Student paper

Risk, Threat and Vulnerability Security Policy Unauthorized access from public Internet Acceptable

Original source

Risk – Threat – Vulnerability Primary Domain Impacted Unauthorized access from public Internet WAN

Student paper

Use Policy Hacker penetrates IT infrastructure Access Control Policy Business Continuity and

Original source

Unauthorized access from public Internet - Acceptable Use Policy Hacker penetrates IT in- frastructure - Security Policy Communication circuit outages - Business Continuity Policy

Student paper

Disaster Recovery Policy Communication circuit outages Workstation operating system (OS) has a

Original source

Continuity and Disaster Recovery Policy Workstation operating system (OS) has a known software

Student paper

known Vulnerability Management and Vulnerability Window software vulnerability Policy Unauthorized

Original source

known software vulnerability Vulnerability Management& Vulnerability Window Policy Unauthorized

Student paper

access to organization-owned data Access Control Policy Data Classification Standard and Encryption

Original source

access to organization-owned data - Data Classification Standard and Encryption Policy Denial of

Student paper

Policy Denial of service attack on organization's e-mail Remote communications from home office

Original source

attack on organization’s e-mail- WAN policy Remote communications from home office- remote

Student paper

Remote Access Policy Vulnerability Management and Vulnerability Window Workstation browser has software vulnerability Policy Weak ingress/egress traffic-filtering degrades performan Internet

Original source

Access Policy • Workstation browser has software vulnerability- Vulnerability Management and Vulnerability Window Policy • Weak ingress/egress traffic-filtering degrades perfor- mance- Internet

1/20/22, 9:06 AM Originality Report

https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReport/ultra?attemptId=c637175b-dd5a-46f3-9ba5-cb61a8ac4e37&course_id=… 8/10

Student paper 85%

Student paper 75%

Student paper 68%

Student paper 66%

Student paper 88%

Student paper 89%

Student paper 79%

Student paper 71%

Student paper

Ingress/Egress Traffic Policy Wireless Local Area Network (WLAN) access points Wide Area Network (WAN) Service Availability Policy are needed for Local Area Network (LAN) con- nectivity User destroys

Original source

traffic policy • Wireless Local Area Network (WLAN) access points are needed for Local Area Network (LAN) connectivity within a warehouse – WAN service Availability Policy • User destroys data in the

Student paper

data in application, deletes all files, and Data Classification Standard and Encryption Policy gains

Original source

in application, deletes all files, and gains access to internal network- Data Classification Standard and

Student paper

access to internal network Fire destroys primary data center Production Data Backup Poli- cy Intra

Original source

control policy, production data backup policy Fire destroys primary data center - BCP/DR plan

Student paper

office employee romance gone bad Human Resources (HR) Policy Loss of production data Production

Original source

employee romance gone bad- acceptable use policy Loss of production data- business continuity

Student paper

Data Backup Policy Need to prevent rogue users from unauthorized WLAN Access Control Policy

Original source

Backup Policy Need to prevent rogue users from unauthorized WLAN access

Student paper

Vulnerability Management and Vulnerability Window LAN server OS has a known software

Original source

server OS has a known software vulnerability- Vulnerability Management and Vulnerabili- ty Window

Student paper

vulnerability Policy Mandated Security Awareness Training Policy User downloads an un- known e-mail attachment Business Continuity-Business Impact Analysis (BIA) Service provider has a major network

Original source

downloads an unknown e-mail attachment Mandated Security Awareness Training Policy Service provider has a major network outage Business Continuity—Business Impact Analysis (BIA) Policy User

Student paper

outage Policy User inserts a USB hard drive with personal photos, Data Classification Standard and

Original source

Continuity Policy User inserts a USB hard drive with personal photos, music, and videos on

1/20/22, 9:06 AM Originality Report

https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReport/ultra?attemptId=c637175b-dd5a-46f3-9ba5-cb61a8ac4e37&course_id=… 9/10

Student paper 71%

Student paper 100%

Student paper 65%

Student paper 76%

Student paper 100%

Student paper 66%

Student paper

Encryption Policy music, and videos on organization-owned computers Virtual Private Network (VPN) tunneling between the Data Classification Standard and Encryption Policy remote computer and

Original source

Standard and Encryption Policy Virtual Private Network (VPN) tunneling between the re- mote computer

Student paper

Organize the security policies you selected so that they can be used as part of an overall framework for a layered security strategy.

Original source

Organize the security policies you selected so that they can be used as part of an overall framework for a layered security strategy

Student paper

The company's overall security policy framework though

Original source

overall security framework

Student paper

that the following policies be added to the overall security policy framework to guide on such future

Original source

The policies that must be added to the overall security policy framework are the following

Student paper

Page 4 of 5

Original source

Page 4 of 5

Student paper

Defining a Security Policy Framework (3e) Security Policies and Implementation Issues, Third Edition - Lab 03

Original source

Defining a Security Policy Framework (3e) Security Policies and Implementation Issues, Third Edition - Lab 03

Student paper

Identify at least two appropriate policies that should be in place to define this type of be- havior and the

Original source

Identify at least two appropriate policies that should be in place to define this type of be- havior and the

Student paper

Write a brief overview for C-level executives explaining which policies should be added to the company's overall security policy framework, why they should be added, and how those policies could protect the company.

Original source

Student paper

access such websites using the company network resources.

Original source

as using company network resources

1/20/22, 9:06 AM Originality Report

https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReport/ultra?attemptId=c637175b-dd5a-46f3-9ba5-cb61a8ac4e37&course_id… 10/10

Student paper 100%

Student paper

Original source

Student paper

Page 5 of 5

Original source

Page 5 of 5

Student paper

http://www.tcpdf.org

Original source

http://www.tcpdf.org