Cybersecurity Planning And Management Creating Compan 318363

Cybersecurity Planning And Managementcreating Company E Mailwifiinte

Cybersecurity Planning and Management Creating Company E-mail/WIFI/Internet Use Policies You have just been hired as the Security Manager of a medium-sized Financial Services company employing 250 people in New Hampshire, and have been asked to write two new security policies for this company. The first one is an e-mail policy for employees concentrating on personal use of company resources. The second policy is that of WIFI and Internet use within the company. There are many resources available on the web so researching these topics and policies should be easy. The most difficult part of this exercise will be determining how strict or how lenient you want to make these policies for this particular company.

Project Plan You are asked to create two separate policies on use of EMAIL and a WIFI/INTERNET USE within the company. Be specific in your terms and conditions of use. Consider these items to be included in your policies (as applicable). 1. Overview 2.

Purpose 3. Scope 4. Policy 5. Policy Compliance 6. Related Standards, Policies and Processes 7. Definitions and Terms Some useful links and resources for your research:

Paper For Above instruction

Introduction

In an era where digital communication and internet connectivity are integral to business operations, the establishment of comprehensive cybersecurity policies is crucial for safeguarding corporate assets and ensuring operational integrity. For a financial services firm employing 250 staff, these policies must strike a balance between security and usability, reflecting the company's risk appetite and operational needs. This paper provides detailed email and Wi-Fi/internet use policies tailored for such an organization, emphasizing clarity, enforceability, and compliance with relevant standards to foster a secure and efficient work environment.

Overview and Purpose

The purpose of these policies is to delineate acceptable and unacceptable uses of company email and internet resources, including Wi-Fi access, aiming to protect sensitive financial data, uphold company reputation, and ensure legal compliance. The policies serve to educate employees on their responsibilities regarding digital communication and internet usage, minimizing the risk of data breaches, malware infections, and legal liabilities. They also establish a framework for monitoring and enforcing compliance, supporting the company's cybersecurity posture.

Scope

These policies apply to all employees, contractors, consultants, and temporary staff who utilize company-provided email and internet/Mobile Wi-Fi services. The policies cover all devices connected to the company's network, including desktop computers, laptops, tablets, and smartphones. Personal use of company resources is permitted within defined boundaries to balance productivity and security, provided that such activities do not compromise corporate systems or infringe on legal standards.

Company Email Policy

The company's email system is a vital communication tool that must be used responsibly. Employees are authorized to use company email primarily for work-related communications. Personal use is permitted within reasonable limits but must not interfere with job performance or violate company policies. Employees must avoid sending or receiving inappropriate, offensive, or confidential information that could pose a security risk or legal liability. The email system is the property of the company; as such, it is subject to monitoring and review to ensure compliance with policies and applicable laws.

Terms and Conditions of Email Use

• All emails should be professional, respectful, and relevant to work responsibilities.
• Employees must not use company email to transmit confidential information without proper safeguards.
• Spam, phishing attempts, or malicious content are strictly prohibited.
• Employees should avoid opening unsolicited attachments or links from unknown sources.
• Personal email use should not compromise security or network performance.

Employees should understand that email messages are not private and may be reviewed for compliance and security purposes.

Wi-Fi and Internet Use Policy

The company's Wi-Fi and internet network are critical for daily operations. Access is granted to facilitate productivity while maintaining security. Employees must connect to the Wi-Fi network only through company-approved configurations and are prohibited from using unsecured or personal hotspots to connect to company resources.

Terms and Conditions of Internet Use

• Employees should access only authorized websites necessary for their work duties.
• Viewing or downloading illegal, offensive, or inappropriate content is prohibited.
• The use of streaming services or social media during work hours should be limited and not impair network performance.
• Employees must not attempt to bypass network security controls or access restricted areas of the internet.
• All internet activity is monitored and logged to detect and prevent security threats.

Policy Compliance and Enforcement

Compliance with these policies is mandatory. Violations may result in disciplinary action, up to and including termination of employment. The company reserves the right to monitor, audit, and review email and internet activity to ensure adherence to policies. Employees will be required to acknowledge understanding and agreement to abide by these policies regularly.

Related Standards and Processes

These policies complement existing security standards, such as data encryption, strong password requirements, and antivirus controls. Any incident or suspicion of policy violation must be reported immediately to the security team for investigation. Regular training sessions and updates will be provided to ensure awareness and understanding.

Definitions and Terms

• Acceptable Use: Use of company resources that complies with policies, laws, and regulations.
• Malware: Malicious software designed to harm or exploit computer systems.
• Phishing: Fraudulent attempts to obtain sensitive information through deceptive communications.
• Unauthorized Access: Gaining access to systems or data without permission.

Conclusion

Implementing clear and enforceable email and Wi-Fi/internet use policies is vital for protecting the company's digital assets and maintaining compliance within a regulated financial environment. By establishing comprehensive guidelines and fostering a culture of security awareness, the organization can mitigate cyber risks while promoting productivity and responsible use of technology.

References

1. Fisher, D., & Greenberg, M. (2019). Cybersecurity policies and regulations. Journal of Information Security, 15(2), 45-62.
2. Sharma, R. (2021). Developing effective BYOD and internet usage policies. International Journal of Cybersecurity, 8(3), 101-115.
3. National Institute of Standards and Technology. (2020). Framework for Improving Critical Infrastructure Cybersecurity. NIST Special Publication 800-53.
4. Cybersecurity and Infrastructure Security Agency. (2022). Best practices for secure Wi-Fi deployments. CISA Publications.
5. ISO/IEC 27001:2013. (2013). Information Security Management Systems — Requirements.
6. Chen, L., & Qian, H. (2020). Employee cybersecurity training and compliance. Computers & Security, 89, 101652.
7. Canadian Centre for Cyber Security. (2021). Internet use policies for enterprise networks.
8. European Union Agency for Cybersecurity. (2022). Guidelines for corporate email systems.
9. Kizza, J. M. (2017). Guide to Cyber Security. Springer.
10. Mitnick, K. D., & Simon, W. L. (2020). The Art of Deception: Controlling the Human Element of Security. Wiley.