Create a 10- to 12-slide presentation (not including the title and reference sli
ID: 3811960 • Letter: C
Question
Create a 10- to 12-slide presentation (not including the title and reference slides) that discusses how policies and procedures are used to implement a security plan.
Describe the following:
Topics that should be covered by security policies
Role of security awareness training
Steps that can be taken to help ensure compliance with policies
How human resources security is included in security policies and planning
Risk assessment and mitigation strategies related to security controls and safeguards
Include detailed speaker notes within your presentation, and support your presentation with appropriate references.
Explanation / Answer
SECURITY POLICIES :-
´A plan or course of action, intended to influence and determine decisions, actions, and other matters“.
Policies should define:-
1.Scope
2.Who defines the policies
3.What equipment needs to be used
4.Who enforces the policies
5.Consequences of failure
OBJECTIVES:-
´Confidentiality -> Only the people who are authorized to have access to information are able to do so.
´Integrity -> Maintaining the value and the state of information, which means that it is protected from unauthorized modification.
´Availability -> Information and information systems are available and operational when they are needed.
SECURITY AWARENESS:-
´Security awareness training is a formal process for educating employees about computer security.
Topics Covered:-
1.Employee and contractor responsibilities
2.proper handling of sensitive material
3.Consequences of failure to properly protect information
STEPS TO ENSURE COMPLIANCE WITH POLICIES
´Regularly educate employees
´Best format of policies for audience
´Take action when policies are misused
´Make policies and procedure easily accessible to employees
´Re-educate the employees when there is change in policies.
´Deadlines for each policies & procedure to acknowledge
RISK ASSESSMENT:-
´A risk assessment is not about creating huge amounts of paperwork , but rather about identifying sensible measures to control the risks in your workplace.
STEPS TO RISK ASSESSMENT:-
1.Identify hazards
2. Decide who may be harmed and how.
3. Assess the risk and take action.
4. Make a record of the findings.
5. Review the risk assessment.
MITIGATION STRATEGY:-
´The mitigation strategy is made up of three main required components: mitigation goals, mitigation actions, and an action plan for implementation. These provide the framework to identify, prioritize and implement actions to reduce risk to hazards.