02.08.2019
 Essay regarding Security Understanding Policy

Security Awareness Plan ​

(statement 1)

TheВ InformationВ SecurityВ (IS)В teamВ isВ responsibleВ forВ promotingВ onВ­goingВ securityВ awarenessВ toВ allВ informationВ systemВ users. В В AВ SecurityВ AwarenessВ programВ mustВ existВ toВ establishВ formalВ methodsВ byВ whichВ secureВ practicesВ areВ communicatedВ throughoutВ theВ corporation. В В В

SecurityВ guidanceВ mustВ existВ inВ theВ formВ ofВ formalВ writtenВ policiesВ andВ proceduresВ thatВ defineВ theВ principlesВ ofВ secureВ informationВ systemВ useВ andВ theВ responsibilityВ ofВ usersВ toВ followВ them. В SecurityВ awarenessВ articles, В posters, В andВ bulletinsВ shouldВ beВ periodicallyВ createdВ andВ distributedВ throughoutВ theВ corporationВ toВ educateВ employeesВ aboutВ newВ andВ existingВ threatsВ toВ securityВ andВ howВ toВ copeВ withВ them. В В

AllВ employeesВ areВ responsibleВ forВ promptlyВ reportingВ toВ theirВ managementВ andВ InformationВ SystemsВ (IS)В managementВ anyВ suspectedВ insecureВ conditionsВ orВ securityВ violationsВ theyВ encounter. В В AllВ employeesВ mustВ beВ madeВ awareВ ofВ theirВ securityВ responsibilitiesВ onВ theirВ firstВ dayВ ofВ employmentВ asВ partВ ofВ theВ newВ­hireВ orientationВ program. В В AllВ employeesВ mustВ complyВ withВ ISВ securityВ policiesВ byВ signingВ aВ complianceВ agreementВ thatВ isВ retainedВ inВ theirВ personnelВ file. В В

ISВ SecurityВ policiesВ andВ proceduresВ mustВ remainВ currentВ andВ readilyВ availableВ (e. g., В viaВ theВ intranetВ site)В forВ InformationВ SystemВ usersВ toВ reviewВ andВ understandВ them. В В InformationВ SystemsВ (IS)В managementВ mustВ ensureВ thatВ theВ termsВ andВ conditionsВ ofВ authorizedВ systemВ accessВ areВ clearlyВ communicatedВ toВ potentialВ usersВ ofВ thoseВ systemsВ beforeВ accessВ isВ granted. В В AВ formalВ processВ mustВ existВ toВ documentВ thatВ appropriateВ managementВ wasВ awareВ ofВ andВ approvedВ allВ accessВ andВ privilegesВ grantedВ toВ corporateВ systemВ users. В В

Approval:

OrganizationalВ securityВ awarenessВ isВ anВ essentialВ partВ ofВ theВ corporateВ securityВ posture. В InformationВ isВ oneВ ofВ theВ mostВ valuableВ assetsВ ownedВ byВ theВ corporation, В andВ securingВ informationВ isВ theВ responsibilityВ ofВ everyВ employee. В ManyВ securityВ breachesВ mightВ easilyВ haveВ beenВ avoidedВ ifВ everyoneВ inВ theВ corporationВ understoodВ theВ importanceВ ofВ maintainingВ theВ securityВ ofВ corporateВ assets. В

TheВ securityВ awarenessВ policyВ isВ intendedВ toВ ensureВ thatВ employeesВ understandВ howВ corporateВ informationВ assetsВ areВ toВ beВ protected. В AlthoughВ seniorВ managementВ doesВ notВ believeВ thatВ theВ breachВ originatedВ fromВ withinВ theВ organization, В draftingВ aВ formalВ securityВ awarenessВ policy, В ensuresВ thatВ employeesВ obtainВ theВ necessaryВ skillsВ andВ trainingВ toВ spotВ suspiciousВ activitiesВ throughoutВ theВ organization. В В

HIPAA, В whichВ regulatesВ theВ protectionВ ofВ patientВ healthВ informationВ (PHI), В definesВ theВ requirementВ forВ securityВ awarenessВ andВ trainingВ forВ allВ membersВ ofВ theВ workforceВ (includingВ

management). В (HIPAA, В 2014)В TheВ variousВ regulationsВ andВ safeguardsВ outlinedВ underВ HIPAAВ seeВ toВ theВ properВ careВ andВ exchangeВ ofВ patientВ healthВ informationВ (PHI)В (e. g., В patientВ recordsВ andВ otherВ sensitiveВ data). В TheВ creationВ ofВ aВ soundВ securityВ awarenessВ programВ ensuresВ thatВ everyoneВ understandsВ theВ integralВ rolesВ theyВ playВ inВ preventingВ andВ maintainingВ securityВ throughoutВ theВ corporation. В В

Remote control Access Policy ​

(statement 2)

AllВ usersВ whoВ remotelyВ accessВ corporateВ systemsВ areВ subjectВ toВ twoВ (2)В factorВ authentication. В RemoteВ accessВ toВ theВ Company'sВ resourcesВ shouldВ beВ limitedВ toВ authorizedВ entryВ pointsВ (e. g., В connectionВ toВ centralizedВ communicationВ servers). В В В ModemsВ andВ remoteВ accessВ serverВ softwareВ notВ specificallyВ approvedВ byВ ISВ infrastructureВ managementВ areВ notВ allowedВ onВ desktopВ computersВ andВ workstationsВ withinВ theВ Company'sВ networks. В В ComputersВ remotelyВ accessingВ theВ CompanyВ networkВ mustВ notВ simultaneouslyВ beВ connectedВ toВ theВ InternetВ throughВ anВ outsideВ provider. В В AВ VirtualВ PrivateВ NetworkВ (VPN)В sessionВ isВ theВ onlyВ remoteВ­accessВ userВ sessionВ conductedВ overВ theВ InternetВ thatВ isВ approvedВ forВ useВ byВ theВ company. В В RemoteВ accessВ ofВ sensitiveВ informationВ (i. at the. В financialВ reports, В patientВ healthВ...

References: HIPAA,. В (2014). В RetrievedВ 19В NovemberВ 2014, В fromВ

http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/securityrulepdf.pdfВ

PCIВ DSS,. В (2014). В RetrievedВ 19В NovemberВ 2014, В fromВ

PCIВ DSS,. В (2014). В RetrievedВ 19В NovemberВ 2014, В fromВ

https://www.pcisecuritystandards.org/documents/pci_dss_v2.pdfВ

NIST,. В (2014). В RetrievedВ 19В NovemberВ 2014, В fromВ

NIST,. В (2014). В RetrievedВ 19В NovemberВ 2014, В fromВ

http://csrc.nist.gov/publications/nistpubs/800В­92/SP800В­92.pdfВ

NIST,. В (2014). В RetrievedВ 19В NovemberВ 2014, В fromВ

PCIВ DSS,. В (2014). В RetrievedВ 19В NovemberВ 2014, В fromВ

https://www.pcisecuritystandards.org/documents/PCI_DSS_v3.pdfВ

INTERNATIONALE ORGANISATION FUR STANDARDISIERUNG,. В (2005). В ISO/IECВ 27002: 2005(E), В InformationВ technology — SecurityВ techniques — CodeВ

ISO,. В (2013). В ISO/IECВ FDISВ 27001: 2013(E), В InformationВ technology — SecurityВ techniques —В

InformationВ securityВ managementВ systems — Requirements. В (2013). В RetrievedВ fromВ

http://www.iso.org/В

Qcode. co. uk,. В (2014). В PCIВ DSSВ RequirementВ 8: В PartВ 3 – UserВ & В PasswordВ Policy « QcodeВ

Software, В S. В (2014). В HIPAAВ ComplianceВ ChecklistВ forВ PasswordВ Security. В

Webdrive. com,. В (2014). В Terminology. В RetrievedВ 24В NovemberВ 2014, В fromВ

Whaley, В A. В (2012). В AreВ YourВ PasswordsВ SecureВ ANDВ HIPAAВ Compliant?. В ManageВ MyВ

Practice. В RetrievedВ 19В NovemberВ 2014, В from