10 update to the employer and data security policies

This preview shows page 12 - 15 out of 15 pages.

10. Update to the employer and data security policies to include implementation of intrusion detection software which would monitor the network for various threat patterns and alert the IT department about any risks. 11. Inclusion of a section in the data security policy that requires all company data be encrypted and that if data transfers are needed, they must be done securely by the proper channels. C1. Mitigating Unethical Uses***How proposed changes would mitigate the unethical uses discussed in parts A1 and A2 In sections A1 and A2 the following unethical uses were identified:Use of on premise security cameras to spy on the activities of fellow employees Updating the employer security policy to define the monitoring activities and what is considered as a violation of surveillance capabilities lets employees know whichmovements are subjected to surveillance and which should not. It also lessens and possibly eliminates the potential for unintentional surveillance or monitoring that could violate the privacy of employees and other internal users. Reading the personal emails of other employees Eliminating the use of company email addresses for personal emails completely eliminates the possibility of unethical use.
MMT2 Task 313Disseminating confidential company information to third parties or competitors The non-disclosure agreement external and internal users are required to sign will lessen the potential for dissemination of confidential information to unauthorized parties. Giving unauthorized users access to the company’s network by sharing credentials The non-disclosure agreement includes a section that forbids the sharing of network credentials, access codes or passwords, and states the consequences of such actions should this occur. C2. How proposed changes would mitigate the security threats discussed in B1 and B2 In sections B1 and B2 the following security threats were identified: Loss or illegal dissemination of sensitive company data through the use of unauthorizedpersonal devices Updating the data security policy to define which devices internal users are allowed to use on the company’s premises and how those devices are to be secured lessens the risk that company data would be compromised or lost due to the use of unauthorized devices. Also including a section that lists approved software for use on computers and workstations lessens this security threat. Loss of confidential data through unauthorized web activities by internal users The non-disclosure agreement will help lessen the loss of confidential data by internal users who use the internet. The internal user will be aware of which activities online are acceptable while accessing the network from the company. They will also know what information they are allowed to share or not to share on the web and the
MMT2 Task 314consequences for doing so. This will keep internal users from unauthorized activities like blogging or speaking in public forums about confidential company business.

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture