C company policies updated 1 all personnel must

This preview shows page 7 - 10 out of 11 pages.

C – Company Policies (Updated)1.All personnel must uphold every security policy and required tosign and acknowledge that they fully understand the policies andrequirements.2.Ethical behavior in every sector of the organization much beexercised at all times. Failure to comply could result indisciplinary and or termination. Security camera’s will also beimplemented. Also, in addition to the badge scanning a list ofauthorized personnel will be present next to the door. Anypersonnel not listed on the document will be refused entry.3.At no circumstance will sharing confidential information will betolerated. I.E network passwords given out or any of the similarcategory unless authorized to do so by senior management. Onlythe database administrator is authorized to give complete access7
to all the company’s data. Under no circumstance will anemployee be allowed to take company data home or remotely4.Viewing or using unauthorized data will result in automatictermination. Approval to do so much come from seniormanagement with a signature. Department managers will onlyhave access to their respected departments.5.All personnel much sign a non-disclosure agreement thatprohibits any user from sharing private company data. Allpersonnel are restricted to talk about company data outside theworkplace. Also, effective immediately will be training on thetype of attacks third parties used such as phishing and socialengineering.6.Both internal and external manager personnel users will haveadditional security requirements. Each document will expand onwhat is allowed and what is restricted. All personnel internal andexternal must sign.C1 – Mitigation A1/A2In regard to unauthorized users viewing private data and restricting vendoraccess to unauthorized areas.First, the data security policy was updated to include specificdisciplinary actions in the event of an internal user viewing private data.8
Viewing or using unauthorized data will result in automatic termination.Department managers will only have access to their respected departmentsand only the database administrator will have access to the all thecompany’s data. No exceptions. This updated policy mitigates and protectssensitive data towards any unauthorized personnel either internal orexternal.Second, the security policy regarding vendors have been fully updatedand include strict guidelines to be exercised. For an extra level of securityoutside the electronic badges are now a document posted on each door witha list of authorized users only. Under no circumstances will any personnel beallowed into restricted areas unless they have an electronic badge thatgrants access and their name on the document. This mitigates any vendorstrying to gain access to any unrestricted area. This will further protectexternal users from retrieving private data from any restricted area.

Upload your study docs or become a

Course Hero member to access this document

Upload your study docs or become a

Course Hero member to access this document

End of preview. Want to read all 11 pages?

Upload your study docs or become a

Course Hero member to access this document

Term
Winter
Professor
Maurice Green
Tags
Information Security, Security engineering

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture