[Jessica Jagerson]

Discuss some critical policies needed to ensure a strong security program.

[Jacob Mannon]

Some critical policies regarding a strong security program include but are not limited to Senior Management support, policy, budget, resources, and authority. From a business perspective we need support from all of these areas just to be able to make a security program happen in the first place. Once we have all of these areas covered, we can move on to the foundation of our security program. We should always be trying to lower risks to what policy deems an acceptable level. Our program should be cost effective and not hold up business production. Our program must always be measurable. If we come across data or some issue that we cannot measure in some way shape or form, then we have a security risk that needs addressed. Some ways we can mitigate our risks in security is to set up a RAID so that if one hard drive goes down, we can get the data from another drive. Cloud backups are another useful way to save data from being lost. Firewalls and encryption methods are also great ways to mitigate threats to security. The most important policy to implement is to have everyone be security minded. Knowing threats are there and having all members of the organization aware of simple things like two factor authentication and locking computers when not in use can go a long way.

-Jacob Mannon

[Kanthony]

Reminder:
Submit your initial post to weekly discussion forums by day four of the week, midnight (Eastern Time).
1. Initial responses should be a minimum of 150 words in length.
2. A minimum of 1 response to a fellow student is required with a minimum of 50 words.

[Kanthony]

Hi everyone!

Mile2 has removed the lab from the requirements that was listed on the Work Schedule.  Please see the updated schedule in Mile2 and I’ve posted week 1 below.  

IST2101 Security Principles
By following this schedule, you will be able to complete the course assignments during
the week. Be sure you read the directions for each of the assignments and discussion
forums.
Week One
Preparation:
 Read Chapters 1,2 and 3 in your E-book.
 Watch Chapter 1,2 and 3 videos
Discuss:
 Week One Devotional
 Week One Discussion Questions
Submit your initial post to discussion forums by Day Four of the
week, midnight (Eastern Time). See the discussion forum rubric
in your syllabus as to requirements for posting, including replies
to fellow students.
As to the devotional, the initial post is due by Day 7. Replies to fellow
students encouraged but not required.
Submit:
 C)SP Practice Quiz as a Pre-Test measure of your knowledge
 Chapter 1 end of chapter exam
 Chapter 2 end of chapter exam
 Chapter 3 end of chapter exam

[Braden Binegar]

To ensure a strong security program, organizations should regularly conduct risk assessments to identify and prioritize potential threats and vulnerabilities. Implementing strict access controls, such as multi-factor authentication and role-based access controls, is also crucial. Comprehensive security policies and procedures, including data protection and incident response plans, must be developed and enforced. Regular employee training on security best practices and phishing awareness is essential. A well-defined incident response plan should be in place to handle security incidents effectively. Continuous monitoring and regular security audits help detect and respond to threats in real-time. Data encryption, both in transit and at rest, protects sensitive information. Keeping software and systems up to date with the latest security patches is vital for patch management.

[Jason Springer]

Hello Braden,
You did a great job explaining why companies should perform risk assessments and incident response plans to keep their security policies up-to-date. I also agree that data encryption is another critical part of security policies that should be implemented to minimize data breaches or loss. I also agreed with you when you said, “Keeping software and systems up to date with the latest security patches is vital for patch management.”

[Amy Hastings]

Some policies that are needed to ensure a strong security program is to have a data secure policy because it helps ensure that you have a safe asset for your data, and this also helps you have access to the control systems. Another would be to have backups because it is the key to keep your data protected and it also gives you a recovery plan. You should also have an incident response policy as this helps with identification, containment, and recovery along with many other good things you need. This also does help you keep your information on your systems network and your data information as well. A remote access policy is another great policy you should have because this one allows you to connect to the company’s network from any host. This one is also used a lot for receiving and sending emails and such.

[Jacob Mannon]

Amy,

I like the examples you gave especially concerning backups and remote access. I knew a girl when I went to college my first time that did not back up anything on her computer. She had a major psychology paper due, and her computer crashed, and she lost all of her progress because she wouldn’t back anything up to the cloud or a flash drive. Backing up data for businesses is crucial. Losing important financial information because the data wasn’t backed up properly would be a huge problem. I also liked the remote access example. The ability to access a company network remotely is what allows many people to have successful remote careers.

-Jacob.

[Jason Springer]

One of the critical policies that are needed to ensure a strong security program is a password policy which requires the renewal of passwords after a certain period of time or two-factor authentication for all employees or users. This helps to prevent hackers from stealing important data from the user or employee by not allowing them to keep the same exact password for everything. Another policy that’s critical to strong security is a data backup policy that sets up mandatory data backups to be renewed and stored in another safe location to try and prevent data loss. This data loss can either come from natural causes such as weather or hardware failure or from breaches in the system that try to wipe all the data from a server. These policies should also have a planned interval for reviewing policies, opportunities for improvement, legal consideration, and an owner. The reason these are important is that policies should have some room to grow while still being legal and clear.

[Latoya Stoudmire]

There are multiple policies needed to ensure a strong security program. Some of those programs consist of information security access control, data protection and incident response, just to name a few. A company’s information security policy sets the standard. It allows the company to make clear what their requirements are to operate at their full potential in a secure environment. With this policy we see the CIA triad confidentiality, integrity, and availability. We also consider risk management strategies in this policy. Another important policy that cannot be overlooked is the access control policy. This policy Is used to monitor and make clear which users have access to which systems or applications. This policy is important seeing how most security issues are caused by users. The access control policies are put in place to inform an organization of any users attempting to access information that they are not governed. The incident response policy is also important to an organization’s data safety. The incident response policy negates how any events or potential threats will be handled in an organization. The policy will give a detailed explanation on how different events should be documented and handle, and in some cases, it will give step-by-step procedures for handling the specific incident. There are more policies that I have not discussed yet. These are the policies I thought were most imperative to securing an organization’s data.

[Author]

Posts