Prompt. Use the information on each of these topics to develop a customized training manual for newly hired cybersecurity professionals at CyberLeet.
Specifically, the following critical elementsmust be addressed:
When doing the assignment is take in consideration the 3 core of information security: confidentiality, integrity and availability
I. How to Develop Cybersecurity Policies: In this part of the training manual, you will develop the cybersecurity policies in four distinct areas for new hires at CyberLeet. Based on information you have learned on cybersecurity use and governance, you will develop policies for end-user passwords, acceptable use, basic users, and user training. For each of these areas, follow the guiding questions to develop effective use policies that new hires will be trained on.
A. What principles should the information security analyst apply in order to develop appropriate password policies for their clients? Make sure you address confidentiality, integrity, and availability of information.
• Password length and composition of the password (e.g., uppercase, numbers, special characters)
• Time period between resets and ability to reuse a prior password
• Differentiated policies for different types of users (e.g., administrator vs. regular user)
B. What principles should the information security analyst apply in order to develop appropriate acceptable use policiesfor the client?
• What should users generally be allowed to do with their computing and network resources? When and why would each example be allowable?
• What should users generally be prohibited from doing with their computing and network resources? When and why would each example require prohibition?
• When and why should users be aware of acceptable use policies and how can organizations keep track of these policies?
C. What principles should the information security analyst apply in order to develop appropriate user training policiesfor the client?
• How to determine who would be trained
• How to determine how often trainings would occur
• How to determine whether certain staff receive additional training or whether they should be held to higher standards
D. What principles should the information security analyst apply in order to develop appropriate basic user policiesfor the client?
• When and why should users have to display some type of identification while in the workplace?
• What types of physical access (with or without ID) to company areas is acceptable? Why?
• When and why should employees with identification be allowed access to all areas of the company?
• When and why should employees be allowed to take work home or bring guests into the workplace?