Aron Park Midterm
October 29, 2015
CIS 4680 Intro to Info Sec
Prof. Carver
1. Select one of the three characteristics of information security (CIA) and explain its importance as related to the development of policy, education, OR technology. The three key characteristics of information security are confidentiality, integrity, and availability. They are designed to guide policies for information security within an organization. Confidentiality refers to limiting information access and disclosure to authorized users, and preventing access by or disclosure to unauthorized ones. In other words, preventing information from reaching the wrong people, and making sure the right people can in fact get it. Confidentiality
…show more content…
The CSE’s vision statement is safeguarding Canada's security through information superiority. In regarding their value statements, the CSE Ethics Charter defines the values and ethics and expected behaviors of CSE to guide and support our employees in their professional activities. The content of this document emphasizes the importance of employees making value-based decisions and conducting their duties in an ethical and professional manner.
3. Design an incident response plan for your home computer if there is a fire exploring actions taken before, during and after the incident (see page 85 in book for a hint).
Incident response is an organized approach to addressing and managing the aftermath of a security breach or attack. The goal is to handle the situation in a way that limits damage and reduces recovery time and costs. An incident response plan includes a policy that defines what constitutes an incident and provides a step-by-step process that should be followed when an incident occurs. The example I will be using is an incident response plan for my computer in case of a fire. The steps that will be taken will show what to do before, during and after the
…show more content…
Using the framework presented in the course textbook, draft a sample issue-specific security policy for an organization.
An issue-specific security policy instructs an organization to securely use a technology system. It provides detailed and targeted guidance to employees. The ISSP instructs the fundamental technological philosophy of the organization. It also protects the organization from inefficiency and ambiguity. The example below will be a draft sample of an issue-specific security policy regarding the internet use of an organization.
Statement of Policy
The main purpose of the policy is to addresses the internet usage of the organization. This Sample Internet Usage Policy applies to all employees of the organization who have access to computers and the Internet to be used in the performance of their work. Use of the Internet by employees of the organization is permitted and encouraged where such use supports the goals and objectives of the business.
Appropriate Use
Company employees are expected to use the Internet responsibly and productively. Internet access is limited to job-related activities only and personal use is not permitted. Job-related activities include research and educational tasks that may be found via the Internet that would help in an employee's