RESPOND TO THESE DISCUSSION POST: "A security policy is developed by senior management to assign certain responsibilities and mandate certain requirements, which are usually aligned with the agency's mission.

A new policy was just created to prohibit peer-to-peer software downloads, as they are illegal and may bring malicious content to the workplace. You, the security officer, noticed that employees resisted the policy and chose to continue downloading peer-to-peer software. In an initial post, explain how you would handle this situation. What would you do to enforce the policy?

When responding to your classmates, discuss what might occur if senior management did not have a security policy or procedures in place. Use specific examples to support your thinking." (TWO PARAGRAPHS EACH WITH REFERENCES ON EACH OF THEM SEPARATELY, NOT TOGETHER)

Please view article- Every new project starts with a need

1. AlXy BlMs Security plcy

Initially, I would do a full assessment to determine the extent and impact of the unauthorized activities. I would review the results of the relevant network logs and if necessary, isolate any violated systems (Cisco, 2005). It may also be necessary to shut down any network components that had been compromised. I would also work to determine all sources of these violations, by contacting the ISP (Cisco, 2005). In addition, all adminstrative and relevant legal personnel would be notified (Cisco, 2005).

I think it would be important to send a strong and clear message regarding the staff members that chose to violate the security policy. I would have memo sent out to all employees, stating that several of their co-workers had violated the download policy and that they were being repremanded. Within the body of the memo, I would also remind personnel of what the policy is and why it was implemented. The memo would list possible negatice consequences of violations of this policy, with regard to placing the organization's network at risk. Additionally, all violators of this policy would be called in to meet with management and receive a verbal warning. The employee that was found to be the most prolific violator of the policy would be given a written warning at their meeting with management. This letter would be added to their employment file.

2. TrLl BrNs).

In my position as the security officer I would gather everyone together to discuss the seriousness of violating the new policy. Be sure to advise human resources and local union if applicable and discuss the new policy all employees would have to acknowledge they have been covered on the new policy. Violating the policy will start the discipline steps from verbal, to written warnings, suspensions up to termination. All employees must understand the laptops and desktops belong to the company and it's not one's personal device.

My company conducts annual training on ethics/code of conduct, social engineering and the consequences are well understood. We have an internal software store where only approved software is available. We all must take annual training, and acknowledge this mandatory training on all levels of the company it's required. "No Exceptions" it's documented in everyone's training files.

Prevention measure

They would need to understand by downloading peer to peer software the company is in violation of software piracy laws because a new license was not purchased. Employees need to understand not only the company but they can be personally liable if discovered undertaking this very reckless practice.

Develop disciplinary steps to change behavior

Disable USB ports and block all unauthorized software

Turn off P2P, since it's very famous mechanism for distributing Bots, Spywares, Adware, Trojans, Rootkits, Worms and other types of malwares. Since these Peer to Peer (P2P) Application is software installed on your computer so you can block the Process used for running these applications. As they are complete software so if the user tries to rename the main process name the application will not work. So, you can block these processes using Application controls.

3. TyLr ThRy). Broken WT

If employees are openly disregarding policies then immediate disciplinary action must take place. The employees in question will be disciplined according to the plan in place (ex. 1st offense written warning, 2nd offense performance improvement plan, and 3rd offense exit). Discipline will help apply the "broken window theory" which is a theory from 1982 that was used in New York City to clean up crime infested neighborhoods (Lacey, 2013). The theory states that if you prevent small crimes from occurring you create an atmosphere of lawfulness which in turn prevents more serious crimes from happening. The window example is that if a building has a few broken windows then vandals may break a few more windows, then they may break in, then they may become squatters or set the building on fire (McKee, 2017). If you fix the windows or in this case the security perception then less crimes or infractions will occur. This will in turn create an atmosphere where the employees care about security and less risky activity would occur on the network.

This policy would be enforced by blocking all P2P sharing clients on our network machines. I would strongly discourage employees from continuing this practice but would ensure that if they chose to continue they would be subject to disciplinary action that I would follow through with.

PLEASE READ THIS

Allow your discussion posts to be detailed and capable of sharing knowledge, ideas and points. You must discuss the topic using your own words first. Using your own words indicate you understand the topic of discussions. Secondly, you must cite your sources in-text. This is necessary to justify your points. Sources from several sources showed good research abilities. Lastly, you must provide references at the bottom of your post. A discussion post without justification with sources does not show proper research abilities. A terse and not detailed discussions represent post that would not provide enough sharing of knowledge or proper understanding of the topic. DO NOT just copy and paste a sentence from online with citation at the end as your own discussion. I have not asked for definitions, I asked for discussions and will not buy this. You must show understanding of the discussion topic by using your own words to describe the topic and then justify that with sources.

Use double spacing, 12-point Times New Roman font, and one-inch margins. Sources should be cited according to APA citation method (citation should be relevant and current). Page-length requirements:2 PAPARAGRAPHS FOR EACH PROMPT ANSWER. Make sure you cite if you take a piece of someone's work, very important and your reference should relate to your writing (don't cite a reference because it relates to the course and not this very paper) at least 2 current and relevant academic references. No heavy paraphrasing of others work.

Attachment:- PM-Network-Requirements-Article.pdf