This essay has been submitted by a student. This is not an example of the work written by professional essay writers.
Uncategorized

Security Policies, Procedure and Regulatory Compliance

Admin 21 Apr 2024

Pssst… we can write an original essay just for you.

Any subject. Any type of essay. We’ll even meet a 3-hour deadline.

GET YOUR PRICE

writers online

Security Policies, Procedure and Regulatory Compliance

1.0.The list of regulatory requirements introduced by the IPO.

The compliances are the processes that ensure the enforcement of all policies, laws, standards, and regulations. It comes into three basic modes as described below.

  • Regulatory compliances: this ensures the compliances to rules which the organization is based on.
  • Commercial compliances: this has the significant objectives of controlling requirements of a business, which entails the client partners’ industrial relations.
  • The organization compliance: this works with the handling of questions of an organization which are driven by various activities, for instance, the need to preserve asset of any institution. Answering these needs may be obstructed by factors of technology. This makes compliance a sensitive concern in an organization. This is in consideration that legislation which aligns the compliance action. Hence it is important to emphasize and manage the orientation and legislation memos.

The RCM is the problem of ensuring that premises organization and processes are structured in line with the applicable regulations. This is in accordance with the guidelines contained in the regulations

Don't use plagiarised sources.Get your custom essay just from $11/page

 

2.0. The five policies that the company needs are?

2.0 organization level policies

the organizational level security policies are also referred to as primary information security policies. These policies bring about the primary definition of critical information and the modes of handling such information. The also gives the responsibilities and roles of the information security. The policies in question are as explained bellow.

2.1 Handling policy and Data classification: this policy is the primary policy since it defines the meaning of sensitive data and minimum-security controls and associated responsibility for every classification. This policy takes many forms; however, the fundamental structure addresses the topics mentioned below.

2.2 Data classification level: this entails data examples that are included in levels of classification.

2.3 Responsibilities and roles: these have a list of responsibilities and tasks in data classification areas. The roles entail the information security (which is responsible for coming up with the procedures and policies for classified data security) and the data custodian: which has the role of implementing the required controls.

2.4 Data rule: these data classification have the accompanying regulations that control how they are treated. This classification policy has a general effect on the monitor and security of very critical information whenever it associated with rules with data classification.  The following are the list of data rules. Which can be used in the classification of data:

 

Transmission: The classification policy of data must control all the requirements and limitations on the strength and encrypted transmission.

Handling: policy of data classification must dictate requirements or the limitations on the delivery of receipt, guardianship of data, and restricted movement and conversations.

Marking: any data deemed to be sensitive must be labeled with the necessary sensitivity.

Storage: The policy of data classification should control any requirement on the logical and physical requirement for storage.

Processing: the policy has to show any requirements and limitations on an official processing device.

Disposition: the policy of data classification should command any requirement and limitation on the information, sensitization, disposal, and preservation.

Information security policy program. This is the basic policy since it gives a full definition of the roles of the information security controls in order to verify, maintain, and manage a program information security. This policy can take different forms of the fundamental structure and should address bellow topics.

Security monitoring and testing: this policy should give definition control for documenting, conducting, and review of the security monitoring and testing devices.

2.5 Information security policy; the policy requires that the program policy should identify the plan of an organization to define the minimum command for every system of information, compliance of document with least controls possible, and the authorization of operations and changes of the system.

Information security plan: it requires the information security policy program to identify the plan of the organization to define the least control for every information system, and authorization of changes in the system.

Responsibilities and roles: the policy is required to define general roles for monitoring, establishing, and management of the security program of the information and several other key responsibilities in the team of security.

Information security management of risk: the security program should have the definition of control to document, conduct, and give a full review of the information risk assessment for the information system of the organization.

 

 

Whenever the primary information security programs are put in place, a more complex set of security policies of the information is needed to establish the minimum control in the activities of the security program. In general, these policies mostly cover topics of programs like contingency planning, the response of incidence, and controls of security personnel.  The policies are described below:

 

3.0 Security level program policies.

Incident response: this policy takes on several modes. However, the primary structure addresses the topics below;

  1. Training of incidence response: the policy of incidence response must define the needed training when it comes to topics, roles, and frequency.
  2. Testing of incidence response: the policy should define the necessary testing of incident response capability and plan in the line of involvement and testing type.
  • Incidence handling; the policy is required to define the capability of the incident handling necessary in the automation and capability.

3.1 Contingency plan: this policy takes on several forms; however, the fundamental structure addresses the topics like:

  1. Testing: the policy requires that testing of the incidence capability in the line of frequency, involvement, and testing types.

Alternative processing, telecommunication, and storage: here, the policy ensures that the required processing, telecommunication, and storage are utilized when it comes to disaster.

Training: there should be a clear definition in terms of topics, roles, and frequency.

Back up: the policy should define the requirements of backup for any serious information system.

Reconstitution and recovery: the policy is required to define the recovery requirement and reconstitution in the line of objectives of recovery and service types.

3.2 Personnel control of security: this policy can take several forms; however, the fundamental structure addresses the bellow topics:

Sensitive positions: policy should define critical conditions in an organization.

Screening of employees: the security policy should define pre-employment needs.

Termination procedures: policy should show the procedures of ensuring the god privacy of information system of organization.

4.0 User security policy.

This policy directs the user limits and expectations of utilizing computing resources of an organization.

It involves two components, first is the organization content and the content.

4.1 AUP contents: whenever a policy is being created, it is important to make sure that the related requirements are addressed by the policy statement.

The regulations which do not dictate UAP are as bellow:

NIST 800-53: it has the requirements for making sure access agreements are signed after creation.

State laws: these can have the necessities that hinder the computer tampering, changes in the information systems

PCI DSS: it has the requirements for ensuring agreement access creation.

4.2 UAP organization of content: it is essential that it is well organized to facilitate users in knowing expectations and controls.

Expected behaviors: this area covers the behavior which the user is expected of, for example, safe computing.

Acknowledgment and notification: it notifies the user of ownership of the organization of any component of the system.

 

 

 

 

Three policies that the company needs to implement are as follows:

5.0 Control and system policies.

The highly complex information security policy is the Control and system policies. These policies are basically categorized into authentication, identification, and network security.

5.1 Network security: this policy takes several forms but addresses topics such as; the architectural control, server control, and system audit security, and access control.

5.2 he architectural control:  the policy will help the company define safe architectural control, for instance, the protection of boundary and configuration of firewalls.

5.3 server control: the security policy will assist the company in defining safe control architecture, for instance, secure configurations.

5.4 System audit security: this policy will be concerned with event content audit, record storage audit and the generation of report audits

Access control: it addresses the ideas of enforcement access and system use notification.

6.0 Specific security policies

Description of data in motion and data at rest and ways in which they can be protected.

The data centers are important materials in corporations dealing with cloud computing. They make a connection to every server and services of storage.  Several businesses rely upon the support of the data center in supporting its operations and values. The roles of data centers must be planned and managed to growing demands. The architectures of the data centers propose the practices which assist the engineers of such centers. It is said that any cloud access to data service follows the business process, as described in fig 4. It includes several layers of security protocols. The cloud data process security controls are more refined data demand.  The data centers constructions/ architectures proposes practices and technologies that assist the team of engineers and managers who have the responsibilities of answering business requirements. All cloud data access services follow the steps of the business process as in fig 4; this entails the security protocol having multilayers.

The cloud data security procedures control are more refined process of data security; for instance, In fig 5, the cloud date process control is again redefined. It is the BPM model of the various state model for the security of data. This security can be used to study performance of the data cloud selected. The process begins with data decision status and passes the data according to the decision from one of the followed paths of processes of cloud storage.  This in the process, is passed to the data pool, which is considered a separate lane with a busy security process used in studying the routine of the designated cloud data construction. This process begins with the status decision of data and passes the data according to the decision of any of the paths of the cloud process. This is later passed to data pool, which is the separate lane with special processes of security to study control security used before the end. The intrusion detection area is utilized in the intimation of the team of cloud management and in the security pool through alarm raised. The hazards which will happen with intrusion are accessible. In this process in business and through the management orders, the warning and rejection mails will be composed and sent to the client. Fig 5. Indicates the BPMN models used in the simulation of the rejection process, which is used in showing the performance of the designated cloud design architecture.

 

 

 

 

 

 

 

 

 

 

 

 

Reference

Information Security Policies, Procedures, and Standards: A Practitioner’s Reference

Chapter 4 – Information Security Policy Details

Landoll, Douglas J.. ( ©, 2016).Information security policies, procedures, and standards: a practitioner’s reference. [Skillsoft version] Available from https://login.proxy.cecybrary.com/sso/skillport?context=117417

Towards Achieving Data Security with the Cloud Computing Adoption Framework

IEEE TRANSACTIONS ON SERVICES COMPUTING, VOL. 9, NO. 1, JANUARY/FEBRUARY 2016

Victor Chang and Muthu Ramachandran, Member, IEEE

Elements that Orient the Regulatory Compliance Verification Audits on ICT Governance

https://dl-acm-org.proxy.cecybrary.com/doi/abs/10.1145/3085228.3085286

Business Process Regulatory Compliance Management Solution Frameworks: A Comparative Evaluation Marwane El Kharbili Laboratory for Advanced Software Systems University of Luxemburg Email: marwane.elkharbili@uni.lu

https://dl-acm-org.proxy.cecybrary.com/doi/abs/10.5555/2523782.2523786

 

 

 

 

  Remember! This is just a sample.

Save time and get your custom paper from our expert writers

 Get started in just 3 minutes
 Sit back relax and leave the writing to us
 Sources and citations are provided
 100% Plagiarism free
GET CUSTOM ESSAY
Copyright © 2016
error: Content is protected !!
×
Hi, my name is Jenn 👋

In case you can’t find a sample example, our professional writers are ready to help you with writing your own paper. All you need to do is fill out a short form and submit an order

Check Out the Form
Need Help?
Dont be shy to ask