Question

Research the IT security policy used by your university or by some other organization you are...

Research the IT security policy used by your university or by some other organization you are associated with. Identify which of the topics listed in Section 14.2 this policy addresses. If possible, identify any legal or regulatory requirements that apply to the organization. Do you believe the policy appropriately addresses all relevant issues? Are there any topics the policy should address but does not? [Note;  if you are unable to have direct access to an organization try to look one up on the web, must identify your source though. Your answer maybe one to three pages for this problem.]

0 0
Add a comment Improve this question Transcribed image text
Answer #1

Ans :- Security policies are the policies which are made by the senior management or a comities of an organization.

IT policies provide a guiding principle and responsibilities which are followed by all member of the university or organization

Purpose of the policy:-

  • The main purpose of the IT security policy is to protect the data or information from security threats and to mitigate risks.

  • All the member are aware of the policy and do not do something wrong which is illegal on the base of policy.and understand their personal responsibilities to protect the confidentiality and integrity of the data that they access

The IT policy in the university of Oxford:-

  1. The first priority is to ensure the IT infrastructure remains in operation.which include network and services.Time to time update on the policies will be necessary and will take high priority in order to minimise overall disruption and to accommodate on-site contractors.

  2. Infrastructure of collage administration is next prioroty this includes supported departmental systems such as databases and booking systems, also shared printers.

  3. Academic priorities: No serious interruption in the operation of their IT equipment.

  4. : For the single-user: breakdown of an individual computer or other collegeowned peripheral devices; software problems, major hardware problems affecting non-college owned equipment but being used for academic or college-related work.

  5. Current students with critical problems involving their own personal PCs; single-user network or software problems.


By this policies we provide security to the university .There are some security fact for which policies are made and these security facts are:-

  1. Network and computer:- The first priority of any university or organization is to secure their own network and the computer use for collage business “There must be a written policy in place at the local level for the handling of confidential information, whether electronic or hard copy, and a copy of the procedures must be provided to every user so that they are aware of their responsibilities.

  2. Firewall:- The collage network include firewall to control the data into or out of their local network. This increase their security level and keep the thread minimum.

  3. Retention of Data:- Different anti crime and security laws are implemented for the data we retain with regard to digital communications

Section 14.2 of the policy address:- It is a secure system engineering principle of the ISO. Iso helps organizations keep information assets secure.Control is not defined with many details. your organization manage the security of assets such as financial information, intellectual property, employee details or information entrusted to you by third parties.

Criminal Justice Information Services (CJIS) Security Policy :-

This is the latest security policy which are using in these days. This policy are use by the FBI . This law enforcement agencies to perform their mission and enforce the laws, information that can include biometric, identity history, person, organization, property, and case/incident history data

The purpose of the Criminal Justice Information Services (CJIS) security policy is to ensure the protection of criminal justice information (CJI) until the information is appropriately released or destroyed.

The intent of the CJIS Security Policy is to ensure the protection of the aforementioned CJI until the information is:-

  1. Released to the public through authorized dissemination by a   court system, presented in crime reports data, or released in the interest of public safety.

  2. Destroyed in accordance with applicable record retention rules.

Identify any legal requirement that apply to an organization:-

In support justice in the collage the concept Body-Worn Cameras are arise in 2016 I think this is the requirement which should be applied in the universities.

One of the best plicy which we want to apply in our organization is Incident Response Policy.a security incident comes in a different forms like malicious attacker gaining access to the network, a virus or other malware infecting computers, or even a stolen laptop containing confidential data  Incident Response Policy is critical to successful recovery from a data incident. This policy cover all the security that may occer in your computer.

The topic which policy should address but does not :-

No there is no such topic which the policy should address but does not because every organization made the best plicies to make their IT sector secure .As the different approach to break the policies the managers who make the policies make update to their policies according to the attack on their security server .

It always a loophole in every security policy and the criminal take advantage of their loophole but it the policy manager duty to secure their network from the criminals.


answered by: ANURANJAN SARSAM
Add a comment
Answer #2

IT security policy used by the organization and identification of this policy address and identification of legal or regularory requirements that apply to the organization --

  • The most important assets of an organization is their assets. the information or data of the company should be kept safe and use appropriately.
  • The organization has adopted an IT security policy which fulfill legal requirements and provide nacessary safety.
  • Changes to application and operating system should be controlled.
  • The development enviornment of the organization should be secured and outsourced development should be controlled  
  • The IT security policies of the organization are as follow --
  • The integrity of the information should be maintained.
  • The information of the organization should be protected against unaouthorised access.
  • Identification of responsibility for organization's users, administrator and mangment.
  • The policy provide sufficient guidance for development of specific procedure.
  • The responsibility and requirements document for IT users can be -- Resource managment, Broad security functions, access rights or granting of site access authorization, division of responsibility and saperation of function, Application and IT componants,
  • Personnel security and background checking, Training for IT applications and assigned roles and control and security issues.
  • The physical and environmental security of an organization include --
  • Identify secure areas and general controls and access control
  • Fire detection and intruder devices.
  • Protection against entering and breaking.
  • Fire safety inspection, entry regulations and controls.
  • Alert plan and fire drills.
Add a comment
Know the answer?
Add Answer to:
Research the IT security policy used by your university or by some other organization you are...
Your Answer:

Post as a guest

Your Name:

What's your source?

Earn Coins

Coins can be redeemed for fabulous gifts.

Not the answer you're looking for? Ask your own homework help question. Our experts will answer your question WITHIN MINUTES for Free.
Similar Homework Help Questions
  • As part of your course project, you are to develop, and design your overall security policy...

    As part of your course project, you are to develop, and design your overall security policy strategy. Instructions Identify a complete list of security standards that must be addressed in a comprehensive solution for the organization. Discuss legal and regulatory issues that must be considered in relation to the management of information assets. Identify the steps that you took throughout the quarter to ensure that your security solution will succeed internationally and describe how you addressed globalization in your security...

  • I would like to you spend a few moments and access Internet Security, Privacy, and Legal...

    I would like to you spend a few moments and access Internet Security, Privacy, and Legal Issues under this week's activities. This module discusses many of the important things we need to take into consideration regarding online security and protecting ourselves against common threats including viruses, spyware and malicious identity theft tactics. As a web designer, it is important to understand the threats against our web sites or online web applications. Such attacks as SQL injections and Denial of Service...

  • Comparing State Policies on Sexually Transmitted Diseases There are five steps in the health policy analysis process. Us...

    Comparing State Policies on Sexually Transmitted Diseases There are five steps in the health policy analysis process. Using Online Library or the Internet, research on a sexually transmitted disease (STD) policy of the state you reside in. Once you identify an STD policy from the state you reside in, visit your state health department or browse your state's website and search for the STD policy you selected. Next, write a research paper describing this public health policy analysis and background....

  • Research a health care organization or network that spans several states with in the United States...

    Research a health care organization or network that spans several states with in the United States (United Healthcare, Vanguard, Banner Health, etc.). Assess the readiness of the health care organization or network you chose in regard to meeting the health care needs of citizens in the next decade. Prepare a 1,000-1,250 word paper that presents your assessment and proposes a strategic plan to ensure readiness. Include the following: Describe the health care organization or network. Describe the organization's overall readiness...

  • Creating the Home and Template Pages Overview In this assignment, you will start building your Web...

    Creating the Home and Template Pages Overview In this assignment, you will start building your Web site for your fictional organization by creating a homepage using HTML5 and some of the key elements that define a Web page. You are required to use either a simple text editor to write your code, or an enhanced text editor such as Brackets. Note: Microsoft Word is not a good tool for developing code because it is a document processor and not a...

  • The legal requirements governing the content, retention, and destruction of health information most closely resemble a...

    The legal requirements governing the content, retention, and destruction of health information most closely resemble a patchwork quilt: various federal and state laws and regulations address issues central to these health information matters. No one reliable scheme exists that addresses all of the issues contained in this chapter. For example, to guarantee compliance with all the requirements, health information managers must consider (1) quasi-legal requirements such as accrediting and institutional standards, (2) professional guidelines, (3) state law, and (4) federal...

  • HIT 110: Updating Retention/Destruction Policy AHIMA Competencies: Domain III. Health Services Organization and Delivery, Subdomain B....

    HIT 110: Updating Retention/Destruction Policy AHIMA Competencies: Domain III. Health Services Organization and Delivery, Subdomain B. Health Care Privacy, Confidentiality, Legal, and Ethical Issues: 1. Adhere to the legal and regulatory requirements related to health information infrastructure: Apply legislative and regulatory processes; 2. Apply policies and procedures for access and disclosure of personal health information: Evaluate health information/record laws and regulations (such as retention, patient rights/advocacy, advanced directives, privacy, etc.). Scenario: You work for a 650-bed acute care Level I...

  • You are planning to build a Web Site for a fictitious local organization or charity. The...

    You are planning to build a Web Site for a fictitious local organization or charity. The website should allow the visitor to subscribe to a newsletter (simulated), present past newsletters, and view images related to the organization or efforts. You need to complete the entire design phase and then implement the Web application. Please create the Word document and answer the following questions: Identify the goal of the website: Who are the end users? Why do you need to have...

  • What lessons have you learned, based on your own experience with the types of data resources...

    What lessons have you learned, based on your own experience with the types of data resources and data systems in the IT fueld withing businesses. share how your organization has used these data resources and systems. Offer ideas for how the data resources or systems presented might be used in your organization. Identify any obstacles that your organization might face or has faced when using these data resources and systems. develop a set of recommendations from which organizations with similar...

  • OPTION #1: Assist in creating a Proposal: ......... XYZ Corporation XYZ Corporation is a small organization of roughly 2...

    OPTION #1: Assist in creating a Proposal: ......... XYZ Corporation XYZ Corporation is a small organization of roughly 20 to 30 employees working in a simple office space using basic peer-to-peer type networking in which all employees keep their data on their own PCs and each has his or her own devices (i.e., printers, scanners, and other peripherals). In the last few months, XYZ developed a revolutionary widget that will change technology as we know it. The company received a...

ADVERTISEMENT
Free Homework Help App
Download From Google Play
Scan Your Homework
to Get Instant Free Answers
Need Online Homework Help?
Ask a Question
Get Answers For Free
Most questions answered within 3 hours.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT