Security Policies Given the Highly

Security Policies

Given the highly sensitive nature of the work at the company, what other actions might you add to this policy?

There are a number of different procedures that could be added to this system to include: addressing employee security issues when they begin working at the company, looking for signs of inappropriate data usage and encrypting the company's hard drives. Addressing employee security issues, is when you are establishing various security procedures everyone will follow. This will create effective policies that will prevent unauthorized individuals from obtaining access to sensitive information. At the same time, it is establishing procedures that will identify threats when they are first appearing. ("Security Policies," n.d, pp. 281 -- 302) ("Computer-Based Espionage," n.d, pp. 365 -- 391)

Looking for signs of inappropriate data usage is when you are going through: the machine of each employee, to determine if they are doing activities that are prohibited. This could include everything ranging from: using the internet for their own personal use (i.e. finding a job, shopping or reading news articles) to having various portable flash drives copying sensitive files. When someone is working at the company, this will ensure that they are following the various policies and procedures (which will prevent the possibility of some kind of cyber attack). At the same time, you want to see what particular activities an employee (who is leaving the company) was involved in by: looking at where they have visited online. This will mitigate the loss of classified information by routinely checking everyone's machines. ("Security Policies," n.d, pp. 281 -- 302) ("Computer-Based Espionage," n.d, pp. 365 -- 391)

Encrypting the companies hard drives are when you are making it difficult to read any kind of stolen data. This will serve as a last line of defense, in the event that any kind of sensitive information is stolen. Once this occurs, it will ensure that the company will have several different fail safe measures to prevent the loss of sensitive information. These elements are important, because if these specific actions can be taken, it will dramatically reduce the odds that Hector will have some type of security breach. ("Security Policies," n.d, pp. 281 -- 302) ("Computer-Based Espionage," n.d, pp. 365 -- 391)

Is this adequate? If you believe it is, explain why. If not, what other recommendations would you make to Harold? Explain your reasons for each of recommendations.

No, the actions that were taken by Harold are not adequate. The reason why, is because he has created an initial foundation for protecting sensitive information. However, over the course of time the nature of the threat will change. This could have an impact on his business, as these procedures will become ineffective. Once this occurs, it means that it is only a matter of time until Harold will see an increase in the number of cyber attacks. At first, these procedures will help to prevent hackers from accessing the company's files. Then, as time goes by they will be able to overcome his defenses. This increases the chances that he will see some kind of major disruptions because of these issues. ("Security Policies," n.d, pp. 281 -- 302) ("Computer-Based Espionage," n.d, pp. 365 -- 391)

The recommendations for Harold include: creating different backup systems and constantly monitoring for new threats. Creating different backup systems is when you are establishing other security protocols. They are serving as a failsafe, in the event that a primary block such as: a firewall is breached. This will help to isolate the threat and limit the kinds of information that they will have access to. ("Security Policies," n.d, pp. 281 -- 302) ("Computer-Based Espionage," n.d, pp. 365 -- 391)