ASM 1 Security Part 2.docx - SECURITY ASSIGNMENT 1(PART 2...

This preview shows page 1 - 4 out of 12 pages.

SECURITY ASSIGNMENT 1 (PART 2) STUDENT: LE BINH MINH CLASS: GCD0805 STUDENT ID: GCD191002 MENTOR: TRAN TRONG MINH
1. ORGANIZATIONAL SECURITY PROCEDURES The purpose of Security Procedures is for organizations to establish technical, administrative, and physical safeguards to prevent critical data systems from being leaked, stolen, or hacked. In Basically, it uses to improve and provide organizations security. A. ADMINISTRATIVE Information systems and networks are created and served for the organization's business and purposes. Employees and stakeholders who follow the organization's privacy policy must protect confidential and essential information. The rule includes: protecting non-public information from unauthorized access, avoiding using wrong solutions in protecting data, preventing the destruction of data. The organization's confidential and private information will not be permitted and distributed to any other party without permission and not used for any other purpose Employees must be trained in security rules during recruitment, orientation, and reception. Stakeholders who are granted access to the organization's data systems must sign a written confirmation of their reading and compliance with the Foundation's security rules, procedures, and terms. There are 3 points in this procedure, include: General Use and Ownership Focuses on General principles of use and ownership of the data on the system - All data created and stored is subject to the policy - All data will be encrypted before storing and transmitting on the system - All data and information stored in the system are the property of the Organization - Organization has permission to check and monitor any information and data stored in the system at any time and for any reason. General Use and Ownership Focuses on organizing information and data for different purposes and the importance of specific principles. - Information contained on the Organization's systems should be marked and classified as public or sensitive - Password protected must be secure and not be shared with anyone else. An authorized person is responsible for the password and account accessing the system if any problem occurs.
- All related administration computers, workstations, and computers must be protected by a password - Do not store any sensitive information on personal devices only when encrypted and authorized by authorized personnel. - All authorized devices connected to the Organization's network must regularly check virus and malware checks. Virus protection and scanning software must be database updated and approved - Individuals using authorized devices must cautious in opening emails and attachments to avoid exposure to threats that could lead to an organization's information systems being hacked.

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture