Thursday, May 16, 2019

Develop information security awareness

Nancy Johnson worked in U.S. Bancorp arranging and was fired in April 2002 on the basis of look oning confidential files of the comp any and some personal files of executive program Kathy Ashcraft that she was non allowed to view. Information trade protection aw atomic number 18ness and facts of life program moldiness have following subject matter to make employees aware of the U.S. Bancorp policies and avoid such occurrence in the future.All employees must be rise aware of all the policies of an shaping governing computer systems, interneting, reading assessment, privacy and authorization to view any suffice.All policies must be available on the intranet and/or desktop of an employee.Policies are constantly updated check to the day-to-day brings hence must be read and understood carefully as in brief as these are updated.In case an employee is unable to understand anything, he/she must immediately radio link his/her supervisor or manager to know about their specific roles and policies elaboration.All computer enforcers of the company must understand that ALL nurture on the companys intranet is confidential and valuable asset of a company, which must be feelered on need-to-know basis after obtaining authorization from their manager.All computer users in an organization allow have permission to access to the confidential teaching or other information not relevant to the user on the basis of valid reason and need-to-know basis to perform a grouchy job.The permission exit be limited to measure period required to perform that job and the arrive of information required.Employees leave not share this information with any other of their co-workers within an organization and/or any person outside the organization unless it is needed, specified and authorized to share such information with those who are also authorized to view this information for the time period and authority granted.All employees who work in the Bancorp organization will be wait by all security laws, rules and policies. They must follow these rules and regulations and assist their implementation.Employee will report any misuse of such information by any user on the intranet of the company or any external threat, if he/she is informed about it.2- Information security awareness and training program for probing networks connected to the clientsMoulton, a network administrator, tried to port scan lawlessly for the computer networks of the Defendants client. Information security awareness and training program defines following content in order for network administrator to know of policies and rules.The job of a network administrator is to address all technical issues on the network, manage software, hardware, and administer tools of the network. However, in no way a network administrator will use clients network resources and private information without any need and authorization.A network administrator must understand this that all network resources on the clients computer network, info, files are private and confidential and asset to be used by the client only. net profit administrator will understand the core concepts, policies and strategies of the security training program. He/she will be abide by all the rules and laws while administrating networking tools.Access to the centrally administered network will be granted on permission with valid reason of a need to have such assessment to perform a particular task. Authentication to use network will be granted with specific user ID and password. substance abuser id and password must be changed frequently to maintain high level of security.Network of clients computer possess valuable and confidential information. Access to this information is not allowed unless the person is authorized to view it.Network administrator will return all valuable material to company upon termination.He will be responsible to dispose of any sensitive information not of any further use.3-Information sec urity awareness and training program for Information security violation concernsWatkins security concerns were regarding use of that confidential information by another employee along with him. Hence he requested State of Tennessee cancellation of the secret code. However, another employee who had access to the information was authorized to do so. Watkins plea was rejected by the court.Information security awareness and training program must have following content of security violence.Information security is very of the essence(p) and none can access this information accept those who are authorized to do so.None will be allowed to get this information except solely for companys business purpose and for process different tasks.Hence, only authorized persons can access that information with a specific code. Authorized kernel theyre allowed legally to use this information in one or another form for the receipts of company/people/business/organization. Hence, there is nothing violati on of privacy when such confidential information is accessed by the authorized people.However, an authorized person will use that information only for the period of time and to the extent hes granted permission. Authorized person will not misuse that information for his/her own purpose or in any case will not sell, transfer or damage such information in any circumstances.Misuse of such information may payoff in revoke of authorization and administration. It can also result in termination from job.Authorized use of such information for the good of company is not a security violation.Security administrator will be in charge of all information and will report any violation by the users. He will keep in check proper protection all confidential data and will be in charge of granting permission to different users to access required information as needed.ReferencesEnisa Security awareness. Retrieved fromhttp//www.enisa.europa.eu/doc/pdf/deliverables/enisa_a_users_guide_how_to_raise_IS_awa reness.pdfNIST security awareness. Retrieved fromhttp//csrc.nist.gov/publications/nistpubs/800-50/NIST-SP800-50.pdf

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.