Question

Think of a security policy you may have encountered either at school or in the workplace....

Think of a security policy you may have encountered either at school or in the workplace. Why do you suppose it was set up that way? Do you think it was effective? Would you arrive at the same solution if you were a network manager?

0 0
Add a comment Improve this question Transcribed image text
Answer #1

I work in an online gaming company and they have imposed a strict working and network policy at the place since the interaction with user data needs to be secure and therefore, the policy I have presented below represents the factor and considerations for the same:

PHYSICAL ACCESS CONTROL

Physical security can pose as much a threat to the factor of security as any other data processes. The policy outlined how employees accessed the data, the entry of visitors, access based control as well as regulation of remote access control and how the data can be accessed by the employees, specifically the use of personal devices.

NETWORK SECURITY AND PASSWORDS

The access systems were based on session based passwords which were given to each employee every day, by the IT department in order to make sure the same data cannot be accessed by individuals which did not have the access for it.

INCIDENT MANAGEMENT

This process involved the IT department's creation of a risk assessment, risk management plan as well as an incident Management plan in place and therefore, guided the actions that needed to be taken in the light of any threat, virus or attack to the system.


The policies were set up this way in order to make sure that the required processes were always accessible in the time of any disaster as well as to prevent the user data from being compromised. Being an online based gaming company, the entire influence needed to be shifter to network security and maintenance which was reviewed every three months. I do not believe these policies to be ineffective, but the measures the company took could be called extreme. And can also have a cost implication over the company's working capital, creating a large operational overhead as well.

If I was in the position of the IT manager, I would have followed the same structure but the elements easier to approach policies and access point. Instead of an OTP, I would've used a simple system with pattern-based IDPS(intrusion detection and prevention system). The poles would only be reviewed when the need arises and instead of regular penetration testing, I would've opted for a yearly penetration test only, in order to save on the cost implications.



Add a comment
Know the answer?
Add Answer to:
Think of a security policy you may have encountered either at school or in the workplace....
Your Answer:

Post as a guest

Your Name:

What's your source?

Earn Coins

Coins can be redeemed for fabulous gifts.

Not the answer you're looking for? Ask your own homework help question. Our experts will answer your question WITHIN MINUTES for Free.
Similar Homework Help Questions
ADVERTISEMENT
Free Homework Help App
Download From Google Play
Scan Your Homework
to Get Instant Free Answers
Need Online Homework Help?
Ask a Question
Get Answers For Free
Most questions answered within 3 hours.
ADVERTISEMENT
ADVERTISEMENT