Strayer CIS 462 Security Strategy and Policy, Term Paper: Disaster Recovery Plan, 11 pages, 2278 words, with 15 slide PowerPoint Presentation, Graded A, Security Policies and Implementation Issues
Exclusive and Original document Available only on Course Answer
In recent years, organizations have witnessed the impact of having effective and non-effective business continuity plans and disaster recovery plans. In today’s environment, with significant potential natural disasters, terrorist threats, and other man-made threats, it is critical that organizations develop effective business continuity plans and disaster recovery plans. Select an organization that you are familiar with, such as where you currently or previously have worked, contact a local organization, or search on the Internet for the needed detail of an organization you are interested in. Prepare a disaster recovery plan policy for that organization.
This assignment consists of two parts: a Written paper and a PowerPoint presentation.
Download Now(sent via email)
Describe how monitoring worker activities can increase the security within organizations. Describe the rationale that managers should use to determine the degree of monitoring that the organization should conduct. Monitoring workers’ computer usage on the job will maintain a more productive work force, detect when security policies are not being followed, maintain security of sensitive data, help ensure the reputation of the organization and avoid liability from stolen intellectual property, software and/or music. Workers need to be monitored through manual and automated controls on the Internet, email and computers. The rationale they should use is that they do not want employees wasting company time and money while they peruse social media or personal emails. Just like companies do not want people talking excessively on their phones to boyfriends or family, workers need to be at work to work, not socialize or make monetary gains for themselves. Monitoring social media for any negativity regarding the company is also used so no disgruntled employees are bad-mouthing their reputation. An acceptable use policy will stipulate email use. It is up to the front-line managers and supervisors to properly train their employees on security policies and why they are in place. Consistency is the key to ensure policies are implemented every day. • Explain the extent to which you believe an organization has the right to monitor user actions and traffic. Determine the actions organizations can take to mitigate the potential issues associated with monitoring user actions and traffic. I believe an organization has every right to monitor user actions and traffic. As stated above, workers are at their place of employment to work. How would I feel if I were paying someone to check in patients as in a doctor’s office, make their next appointments, go over their billing or insurance demands and ta1k about their upcoming surgery when all that person was doing was talking to their boyfriend on the phone or checking out how they looked last night on Face book? I would fire that person. If an employee were checking out pornographic sites or inappropriately buying music on company computers, it could really wreak havoc on the doctor’s reputation not to mention potentially allow a virus or other malware to infect the entire system. Enforcement can come through peer pressure techniques, rewarding good computer use and reprimanding not adhering to company policies or even terminating that employee for failing to comply. Other ways are to block sites so even if employees t:cy to get to social media sites they cannot. Transparency and clarity must be enforced through policies of the company. Letting the employees know with acceptable use policies and monitoring to make sure they are following company policies makes employees accountable for their actions. Manual controls such as background checks, log reviews, acces rights reviews and attestations. Automated controls such as authentication methods, authorization methods, data encryption, logging events, data segmentation and network segmentation.
Propose at least three control measures that organizations need to put in place to ensure that they remain complaint with emerging technologies and in a continually changing IT environment. (Compliant. … not complaint?) To remain compliant, three control measures that organizations can put in place are to start with a security police, then create baselines, automated tools and checks as well as management of the changes. Imaging techniques will create snapshots and thus provide baselines of the system. This will improve the security adn reduce total cost of ownership. When all the systems are configured the same, they are easier to troubleshoot when something goes wrong saving time and money overall. Automated tools can be scheduled to run scans nightly to determine their configuration and to verify compliance. The book discusses GroupPolicy which when once establishes a baseline can close any security gaps and increase security settings on computers. Audit trails can look for any changes in the system through logs to define who, what, when, where and why changes were made to the system. Change requests are done through a formal process in many organizations where they are authorized before the changes take place. • Examine the correlation of effective configuration management and change control procedures to remain compliant with emerging technologies and IT security changes. As the case studies suggest, if changes are not planned for and authorized, they may be done in vain and could wreak havoc to the system. Management needs to know about the changes which are stored in a database and can be reviewed and tracked through an application. Details would include the system, the actual change, justification and the submitter. Version control is used when a policy is changed and it let the reader know the date and details of the change as well as who made the change. Management of changes allows experts to review the changes before they are implemented and will reduce problems down the road of the change itself. Also, documentation of any changes is needed as IT technologies securities change so the organization knows which changes are old, the date and function and which changes are new.