Question

Please research the process of setting up a Security Program within a medium sized organization. Provide...

Please research the process of setting up a Security Program within a medium sized organization. Provide a list with short description of the most important 20 things to accomplish during this process.
write in your own words.

Homework Answers

Answer #1

Please do upvote if you found the solution useful. Your feedback is important to me.

20 things to accomplish while setting security program within a medium sized orgaisation are :

  1. Take inventory of your data : Every firm should know, and have properly documented, what information they have, where it is stored, and precisely how it is protected.
  2. Use a firewall : One of the first lines of defense in a cyber-attack is a firewall. The Federal Communications Commission (FCC) recommends that all SMBs set up a firewall to provide a barrier between your data and cybercriminals.
  3. Train employees in key areas : acceptable use, password policies, defenses against social engineering, and avoiding phishing attacks.
  4. Document your cybersecurity policies : While small businesses often operate by word of mouth and intuitional knowledge, cyber security is one area where it is essential to document your protocols. The Small Business Administration (SBA)’s Cybersecurity portal provides online training, checklists, and information specific to protect online businesses.
  5. Encrypt your data : Secret, confidential, proprietary, and other types of secured data should be encrypted, at a very minimum, when in transit outside the firm’s firewall and while stored in any cloud environment.
  6. Backup your data : Perform frequent backups and keep a copy of recent backup data off premises.
  7. Identify zero-day threats and update security patches : An epitome of the constantly changing nature of cybersecurity threats is the phenomenon of the zero-day threat. Any previously unknown threat would fall under this classification. An example of this is ransomware attacks.
  8. Double layer security : Defend your network behind your firewall – and make sure you can block rogue access. You don’t want the cleaning company plugging in a laptop at midnight.
  9. Educate all employees : Employees often wear many hats at medium sized organisation, making it essential that all employees accessing the network be trained on your company’s network cyber security best practices and security policies.

  10. Engage a third party for “white-hat” external and internal vulnerability scanning tests : The sheer magnitude and complexity involved in information security virtually ensures that some potential vulnerability will go undetected by the firm. It is therefore a solid practice for the firm, at least annually, to engage a third-party “white-hat” (i.e., good guy) hacking firm to conduct a vulnerability scan.

  11. Explore and document previous hacking events : One of the best indicators of information security weakness is that the firm has had information security, or hacking, events in the past. The circumstances regarding the nature of previous hacking events must be explored and documented.

  12. Hardware and Software Updates : Small businesses may not have the bustling bullpens that their large conglomerate competitors have, but they do utilize the same components regularly (i.e. desktop and laptop computers, mobile devices, etc.). Just like the large conglomerate companies, medium sized organisation need to cover their bases and keep their hardware and software updated.

  13. Limit Access : Reducing risks in a small business also means limiting access for unauthorized personnel to company computers and accounts. Even a trusted employee shouldn’t be allowed to access computers and information that they are normally unauthorized to use.

  14. Physical Planning Procedures : Start and end your day as a small business owner by physically checking your property’s perimeter. This will help you develop a heightened sense of awareness towards what’s normal and what isn’t.

  15. Use multifactor identification : Regardless of your preparation, an employee will likely make a security mistake that can compromise your data.Using employees’ cell numbers as a second form, since it is unlikely a thief will have both the PIN and the password is good a approach.

  16. Implement controls for data loss : If a hacker gains access to your organization’s system, the hacker will then attempt to exfiltrate data assets. The intrusion detection system (IDS), intrusion prevention system (IPS), firewall, and other tools used by the firm should be configured to monitor all outbound Internet traffic.

  17. Automated Controls : All small and medium businesses battle against lack of time and resources. They are far better off running and monitoring solutions that offer automated controls in addition to threat identification and real time response. Should something fall outside a set of established restrictions, your solution should automatically take action before the damage is done.

  18. Treat Your Security Program Guide as a “Living Document” : The thing about cybersecurity is that it is constantly evolving as the threats businesses face change. Cybercriminals are endlessly creating new attack methods and tools to try and compromise your company’s data. So, your cybersecurity program should never be considered a “one and done” solution.

  19. Building an IT Security Team : Any successful cybersecurity program will need personnel to implement and oversee it. This is where building an IT security team becomes necessary.

  20. Don’t neglect regulatory requirements : You need to create a security program that fits your cybersecurity profile, but you also need to be mindful of regulatory requirements. Try to strike a balance between the two.

Summary
The most important things to do when setting up a new information security program are set out your objectives and a clear strategy, then use existing frameworks as building blocks. Make sure that you cover both regulatory requirements and the needs of the business.

Know the answer?
Your Answer:

Post as a guest

Your Name:

What's your source?

Earn Coins

Coins can be redeemed for fabulous gifts.

Not the answer you're looking for?
Ask your own homework help question
Similar Questions
2. Using the steps of the research process, please evaluate the following effort and suggest three...
2. Using the steps of the research process, please evaluate the following effort and suggest three major changes (list your suggestions as three bullet points). The Pocono Airline Company wanted to alter the interior layout of their aircraft to suit the tastes of the growing segment of their market- business people. They were planning to increase their leg space and install tables so that the business people could work during long flights. Before renovating, the management decided to do some...
Do you think people at your level in the organization should provide budget inputs, and why...
Do you think people at your level in the organization should provide budget inputs, and why or why not? Stage 1 : What is Budget Planning is the way toward making an arrangement to spend your cash. This spending plan is known as a financial plan. Making this spending plan enables you to decide ahead of time whether you will have enough cash to do the things you have to do or might want to do. Stage 2 : Need...
Case You own a small computer business and you specialize in setting up networks for small...
Case You own a small computer business and you specialize in setting up networks for small businesses. The owner of a local sporting goods store has hired you to set up a local area network for his business. He wants to connect computers located in an office, on the selling floor, in a series of rooms in which he offers personal training classes, in a section of the store with batting cages, and in the section of the store that...
Case Study: Henderson Printing is a small- to medium-sized manufacturer of account books, ledgers, and various...
Case Study: Henderson Printing is a small- to medium-sized manufacturer of account books, ledgers, and various types of record books used in business. Located in Halifax, the company has annual sales of about $12 million, mostly in the Atlantic provinces. The owner, George Henderson, is a firm believer in making a high-quality product that will stand up to many years of use. He uses only high-grade paper, cover stock, and binding materials. Of course, this has led to high production...
Analysis and Report - "The Science of Cool" During this lesson, you've learned about the variety...
Analysis and Report - "The Science of Cool" During this lesson, you've learned about the variety of research methodologies that a psychologist scientist may choose to use in answering a research question. Now it's your turn to think carefully and creatively through a research question and choose an appropriate method. The research question:   What is the concept of "Cool"? Can we identify people who are "cool"? Are there benefits (or effects) to being a "cool" person (i.e. what might cool...
Organization culture includes things such as the location of the office(s). appropriate and inappropriate things to...
Organization culture includes things such as the location of the office(s). appropriate and inappropriate things to say and how to say them. temperature control. the size of the organization. 2. You are urging a friend to adopt a cat that has been rescued. What is this an example of? Argument Coercion Appeal Propaganda 3. Speaking in your workplace will usually take place for people you do not know or work closely with. larger audiences. people you know and work closely...
Project Management Fundamentals Questions Only A project team is discussing the benefits and drawbacks of working...
Project Management Fundamentals Questions Only A project team is discussing the benefits and drawbacks of working on projects within their organization now that it has become project-oriented. They can agree on many advantages for the team and for the organization, but also agree there are some drawbacks, relative to the strong matrix structure the organization used to have. In a project-oriented organization the project team: ANSWER Will not always have a "home" Reports to the functional manager Has no loyalty...
Please read the article below, and answer the questions that follow. In doing so, remember the...
Please read the article below, and answer the questions that follow. In doing so, remember the following, - Although the use of generic theories, covered in class/your module guide/text book will provide a framework, the expectation for the student is to be able to discuss it in context with research relevant to South Africa and your own reflective experiences. - You are required to extensively research current South African trends, amidst our changing political landscape and benchmarked against a global...
A newly developed hospital requires an Electronic Decision Support System (DSS) for clinicians. This DSS is...
A newly developed hospital requires an Electronic Decision Support System (DSS) for clinicians. This DSS is required to have all the necessary features to help the practice. Develop a Software Requirements Specification (SRS) document that identifies all the necessary requirements for the system. This document must strictly follow the IEEE template uploaded on canvas. However, there may be sections in the template that may not apply to the project, these sections can be eliminated. Use the template below to answer...
I'm working in a 6 page research paper and below is the complete list of the...
I'm working in a 6 page research paper and below is the complete list of the paper has to be set up and the required things needed to be included. Can you check to see what is already included on the list and what is missing in my paper. Also, what I need to improve and how? My topic is "The Struggles of Epilepsy". Can you help me with the content (background, empirical research, and hypothesis )? I also need...
ADVERTISEMENT
Need Online Homework Help?

Get Answers For Free
Most questions answered within 1 hours.

Ask a Question
ADVERTISEMENT