Description
Purpose:This course project is intended to assess your ability to identify, design, and organize information technology (IT) security policies.
Q1. Submit a bulleted list of DoD-compliant policies, standards, and controls that affect the WAN, Remote Access, and System/Application Domains.
You should consider the following laws in the report
Department of Defense Instruction (DoDI) issues plans and implementations of policies that allocates relations required to contribute security situational awareness as identified by the DoD policies and agreements.
undefined
National Institute of Standards and Technology (NIST) is a known cybersecurity framework used to provide guidance on what processes and controls should be implemented. These standards are in place to protect services and consumers of information systems.
North American Electric Reliability Corporation (NERC) has cyber security standards focused on ensuring the reliability of the Bulk Electric System (BES).
Federal Information Processing Standards (FIPS) Publications are guidelines exercised by all agencies to classify, manage, operate, and control security requirements of all information and information systems collected or maintained to for or by the federal government.
International Standards Organization (ISO) a certified security standard for the creation and maintenance of assets and requirements to ensure the Confidentiality, Integrity, and Availability (CIA) of all Information Technology (IT) and Information Systems (IS).
You should add more policies in different domains
For example, some common standards that organizations deploy to control and reduce risk for the user domain includes:
Acceptable Use Policy – the UAP needs to cover all users and the way they will protect access and discloser of information.
Remote Access – access through virtual private networks (VPN) will be limited to a few individuals and data deemed critical will not be allowed across a VPN.
User Account Requests – all new accounts will be processed by requests that are signed off by hiring manager and human resources. The accounts will then be partitioned to active directory.
User Accounts Disable – all users accounts will be closed withing 15 days of termination. Users that go on long term leave will have accounts disabled until return to duty.
Personal Equipment Usage – no critical information should be accessed through any device except company approved devices.
Email – all critical and sensitive labeled information shall not used in any email except corporate approved.
Passwords – all passwords must be of minimum length (9 characters) and include letters, numbers, and special characters.
PWD (Password) Change – all passwords will be changed every 60 days.