Cybersecurity Planning And Management Creating Compan 425063

cybersecurity Planning And Managementcreating Company E Mailwifiin

1)Cybersecurity Planning and Management Creating Company E-mail/WIFI/Internet Use Policies You have just been hired as the Security Manager of a medium-sized Financial Services company employing 250 people in New Hampshire, and have been asked to write two new security policies for this company. The first one is an e-mail policy for employees concentrating on personal use of company resources. The second policy is that of WIFI and Internet use within the company. There are many resources available on the web so researching these topics and policies should be easy. The most difficult part of this exercise will be determining how strict or how lenient you want to make these policies for this particular company.

Project Plan You are asked to create two separate policies on use of EMAIL and a WIFI/INTERNET USE within the company. Be specific in your terms and conditions of use. Consider these items to be included in your policies (as applicable). 1. Overview 2. Purpose 3. Scope 4. Policy 5. Policy Compliance 6. Related Standards, Policies and Processes 7. Definitions and Terms Some useful links and resources for your research: Note: I need 4 pages for the 1st question.

Paper For Above instruction

Developing comprehensive cybersecurity policies is fundamental to safeguarding a company's digital assets, especially in sensitive sectors like financial services. As the newly appointed Security Manager for a medium-sized financial institution in New Hampshire, my initial task involves drafting detailed policies concerning employee use of company email and Wi-Fi/internet resources. These policies must strike a balance between security, employee productivity, and reasonable personal use, tailored to the company's culture and operational needs.

Overview and Purpose

The email and internet use policies serve to delineate acceptable behaviors for employees regarding the utilization of company communication channels and internet infrastructure. The primary aim is to protect sensitive financial data, maintain system integrity, prevent unauthorized access, and ensure compliance with legal and regulatory standards. These policies will also clarify the company's stance on personal use, aiming to prevent misuse that could compromise security or disrupt operations.

Scope

The policies apply to all employees, contractors, consultants, and temporary staff who have access to the company's email systems and internet infrastructure. It encompasses all devices connected to the company's network, including desktops, laptops, mobile devices, and wireless access points within the premises or remotely connected through VPNs or other secure means. The policies also extend to any third-party vendors or service providers permitted to access company resources.

Policy Details

Company Email Policy

Employees are provided with company email accounts primarily for conducting official business. Personal use of email should be limited and must not interfere with work duties or compromise security. Employees must not use company email for sending or receiving content that is illegal, discriminatory, harassing, or otherwise inappropriate. All emails sent or received via company accounts may be monitored and archived to ensure compliance with company policies and applicable laws. Employees should avoid opening suspicious attachments or clicking on unknown links to prevent malware infections. Confidential information must be encrypted and shared only through approved channels.

Wi-Fi and Internet Use Policy

Internet access at the workplace should primarily support business activities. Personal browsing and usage should be minimal and not interfere with work responsibilities. Employees must not access or download inappropriate, illegal, or malicious content. Use of the company's Wi-Fi network for streaming videos, large downloads, or activities that consume excessive bandwidth is discouraged unless permitted for work purposes. Wireless access points must be secured with strong passwords, and employees should not connect personal devices to unsecured or unidentified networks within the premises. The company reserves the right to monitor traffic for security and compliance purposes.

Policy Compliance and Enforcement

Compliance with these policies is mandatory. Violations may result in disciplinary actions, including termination of employment, legal action, or both. Employees will be informed of monitoring practices and given the opportunity to correct any misuse. Regular audits will be conducted to ensure adherence. Employees are encouraged to report suspected policy violations promptly to the security team.

Related Standards and Definitions

The policies align with industry standards such as NIST cybersecurity framework and legal requirements including GDPR and HIPAA. Key terms include: 'Personal Use,' 'Malware,' 'Phishing,' 'Encryption,' and 'Unauthorized Access.' Clear definitions will help employees understand expectations and restrictions, reducing accidental violations and enhancing security awareness.

Conclusion

Effective email and internet policies are vital in creating a secure and productive work environment. Customizing these policies to the company's size, culture, and regulatory obligations will facilitate compliance and protect critical assets. Regular review and updates are necessary to adapt to emerging threats and technological changes, ensuring sustained security and operational integrity.

References

• National Institute of Standards and Technology. (2020). Framework for Improving Critical Infrastructure Cybersecurity. NIST.
• Federal Trade Commission. (2022). Protecting Personal Information: A Guide for Business. FTC.
• IBM Security. (2023). Best Practices for Company Internet and Email Policies. IBM.
• Garfinkel, S. L., & Solomon, M. G. (2019). Digital forensics: Evidence collection and management. Elsevier.
• Cybersecurity & Infrastructure Security Agency. (2021). Implementing Security Policies for Organizations. CISA.
• European Union Agency for Cybersecurity. (2022). Good Practice Guide on Security Policies. ENISA.
• Smith, J. (2020). Corporate Cybersecurity Policies: Design and Implementation. Journal of Information Security.
• TechTarget. (2021). Internet usage policies for organizations. TechTarget.
• ISO/IEC 27001:2013. Information technology — Security techniques — Information security management systems.
• Office of the Comptroller of the Currency. (2019). Cybersecurity Assessment Tool. OCC.