Skip to content
Computer Security Incident Response Policy: A Sample
Why should organizations update their BCP, BIA, RTOs, and RPOs?
How do risk management and risk assessment relate to a business impact analysis for an IT infrastructure?
Why is it critical to align the RTO and RPO standards within the policy definition itself?
Why is a policy definition required for a computer security incident response team?
Why is a post-mortem review of an incident the most important step in the incident response methodology?
How do an incident response plan and incident response team help reduce risks to the organization?
Why is it a good idea to include human resources on the incident response management team?
The Imitation Game: A Core Values Essay
Remote Access Policy: A Sample
Should an organization mention that it will be monitoring and logging remote access use in its remote access policy definition?
What security controls, monitoring, and logging should be enabled for remote VPN access and users?
Why is it a best practice of a remote access policy definition to require employees and users to fill in a separate VPN remote access authorization form?
What strategies can organizations implement to keep security awareness top of mind with all employees and authorized users?
What are some strategies for preventing users or employees from downloading and installing rogue applications and software found on the Internet?
When trying to combat software vulnerabilities in the workstation domain, what is needed most to deal with operating system, application, and other software installations?
How does a security awareness training policy impact an organization’s capability to mitigate risks, threats, and vulnerabilities?
An Analysis of the Systemic Security Weaknesses of the U. S. Navy Fleet Broadcast System, 1967-1974, as Exploited by CWO John Walker
The Devin Nunes memo to the House Permanent Select Committee on Intelligence
Ethical Computer Use Policy
Lone Star Credit Union: A Separation of Duties Case Project
Why is it important for an organization to have a policy definition for business continuity and disaster recovery?
Why the seven domains of a typical IT infrastructure help organizations align to separation of duties
When using a layered security approach to system administration, who would have the highest access privileges?
Why do you want to refer to technical standards in a policy definition document?
How does separation of duties throughout an IT infrastructure mitigate risk for an organization?
Policies for the seven domains of a typical IT infrastructure
Sale of the Japanese Coast Guard Boat (Takachiho): A Case Study
New Hampshire Security Breach Notifications
Information Classification: Who, Why, and How
Is the COBIT framework superior to the other standards and frameworks such as the ISO 27000 and NIST?
What are the key benefits of NIST SP 800-53 Revision 4?
Why should an organization have annual security awareness training that includes an overview of the organization’s policies?
What security controls can be implemented on your e-mail system to help prevent rogue or malicious software disguised as URL links or e-mail attachments from attacking the workstation domain? What kind of policy definition should you use?
Why should an organization have a remote access policy even if it already has an acceptable use policy (AUP) for employees?
What is the purpose of defining a framework for IT security policies?
Computer Incident Response Team (CIRT)
The Chinese Wall Security Policy
Specialty Medical Clinic: A HIPAA Case Project
How do you overcome employee apathy toward policy compliance?
What is difficult about policy implementation in a flat organization? What is difficult about policy implementation in a hierarchical organization?
Do employee personality types differ between hierarchical and flat organizations?
Do employees behave differently in a flat versus a hierarchical organizational structure? Explain your answer.
Organizational Information Security
What security controls can be deployed to monitor users that are potentially in violation of an AUP?
Why must an organization have an acceptable use policy (AUP) even for non-employees, such as contractors, consultants, and other third parties?
Why does an organization want to align its policies with the existing compliance requirements?
Will the AUP apply to all levels of the organization? Why or why not?
Why is an Acceptable Use Policy not a fail-safe means of mitigating risks and threats with the user domain?
Do compliance laws, such as HIPAA or GLBA, play a role in AUP definition?
Can Internet use and e-mail use be covered in an acceptable use policy?
Why do organizations have acceptable use policies (AUPs)?
What are three risks and threats of the user domain?
Why Do Organizations Need Security Policies?