Policy Development Password Policies for Clients For Milestone Two, complete the Cybersecurity policy section of the manual. Remember, use the same templat
Policy Development Password Policies for Clients For Milestone Two, complete the Cybersecurity policy section of the manual. Remember, use the same template you used to complete Milestone One. To complete this assignment, review the following attached documents:1. Milestone Two Guidelines and Rubric 2. Final Project Template Company Training Manual
Company Training Manual
Prepared by:
[Student first and last name]
CYBERLEET TRAINING MANUAL
MANUAL OVERVIEW
SECTION 1:
INTRODUCTION: WELCOME TO CYBERLEET
4
5
1.1 INTRODUCTION …………………………………………………………………………………………………………………………………. 5
1.2 YOUR ROLE AT CYBERLEET…………………………………………………………………………………………………………………….. 5
1.3 PURPOSE OF THIS MANUAL …………………………………………………………………………………………………………………… 6
SECTION 2:
CORE TENETS OF CYBERSECURITY
7
2.1 CONFIDENTIALITY ………………………………………………………………………………………………………………………………. 7
2.2 INTEGRITY ……………………………………………………………………………………………………………………………………….. 7
2.3 AVAILABILITY ……………………………………………………………………………………………………………………………………. 8
SECTION 3:
CYBERSECURITY POLICIES
9
3.1 PASSWORD POLICIES …………………………………………………………………………………………………………………………… 9
3.2 ACCEPTABLE USE POLICIES ……………………………………………………………………………………………………………………. 9
3.3 USER TRAINING POLICIES ……………………………………………………………………………………………………………………. 10
3.4 BASIC USER POLICIES…………………………………………………………………………………………………………………………. 10
SECTION 4:
THREAT MITIGATION SCENARIOS
11
4.1 THEFT…………………………………………………………………………………………………………………………………………… 11
4.2 MALWARE …………………………………………………………………………………………………………………………………….. 11
4.3 YOUR CHOICE …………………………………………………………………………………………………………………………………. 12
SECTION 5: REFERENCES
Company Manual
13
Page |3
CYBERLEET TRAINING MANUAL
MANUAL OVERVIEW
You are the training manager at CyberLeet Technologies, a midsized firm that provides
cybersecurity services to other businesses. CyberLeet’s core customer base is sole
proprietorships and other mom-and-pop shops that are too small to have their own IT
departments and budgets. Generally speaking, your clients have a reasonably high risk
tolerance, and put a premium on the functionality of their IT systems over stringent security
measures. However, you also have clients that must protect highly sensitive information in
order to continue operating successfully. For example, CyberLeet supports a few small
public-accounting firms that need to maintain important tax-related information, as well as
several day-care businesses that must keep children’s health records private while allowing
necessary access for certain caregivers. In the past year, CyberLeet has experienced rapid
growth, which means you can no longer personally provide one-on-one training to every
new information security analyst as they are hired. Therefore, you have decided to create a
training manual that will explain to the current and future cohorts of new hires the essential
principles and practices that they must understand in order to be successful in their role as
information security analysts at CyberLeet.
Manual Layout
There are four sections in the manual, which cover all the components of a new employee training
manual. As the training manager, you must complete each section using information you learned in
this course. Refer to the background information on CyberLeet and apply the appropriate
information that best matches based on the size of the company, the value of cybersecurity, and its
core tenets. Apply best practices of cybersecurity principles for addressing the common threat
scenarios of a sole proprietary business. The main sections of the manual you are responsible for
completing are the following:
•
Introduction
•
Core tenets of cybersecurity
•
Developing cybersecurity policies
•
Threat mitigation scenarios
Company Manual
Page |4
CYBERLEET TRAINING MANUAL
In Section One, describe the organization. Provide a short history of the company, define the way it
operates, and describe its place within the industry and the community it serves. Follow the prompts
to complete each section. All prompts should be deleted prior to submitting this section.
SECTION 1: Introduction: Welcome to CyberLeet
1.1 Introduction
Prompt: Explain the value of CyberLeet Technologies as a provider of cybersecurity services
to its client businesses. Why is there demand for information security in a business
environment? How do cybersecurity issues impact business resources, including finances,
people, and time?
1.2 Your Role at CyberLeet
Prompt: Describe the overall role of the new hire as an information security analyst. What
are the main functions of the job? What should be their ultimate goal once they are assigned
to clients?
Company Manual
Page |5
CYBERLEET TRAINING MANUAL
1.3 Purpose of This Manual
Prompt: Explain the purpose for this manual. Why is it important that information security
analysts apply the principles and practices outlined in this manual? What is at stake if they
do not appropriately apply their training and provide high-quality services to the client
businesses?
Company Manual
Page |6
CYBERLEET TRAINING MANUAL
A widely applicable security model is the CIA triad, standing for confidentiality, integrity, and
availability. There are three key principles that should be guaranteed in any kind of secure system. In
Section Two, describe the significance of each area as directed in each designated area. Follow the
prompts to complete each section. All prompts should be deleted prior to submitting this section.
SECTION 2: Core Tenets of Cybersecurity
2.1 Confidentiality
Prompt: Explain the significance of confidentiality as a core tenet of cybersecurity. Be sure
to define the term and use specific details and examples to illustrate its meaning in a
business context.
2.2 Integrity
Prompt: Explain the significance of integrity as a core tenet of cybersecurity. Be sure to
define the term and use specific details and examples to illustrate its meaning in a business
context.
Company Manual
Page |7
CYBERLEET TRAINING MANUAL
2.3 Availability
Prompt: Explain the significance of availability as a core tenet of cybersecurity. Be sure to
define the term and use specific details and examples to illustrate its meaning in a business
context.
Company Manual
Page |8
CYBERLEET TRAINING MANUAL
Creating effective cybersecurity policies will make visible changes to how the organization operates.
Rely on the information presented in this course to develop the necessary standards and
frameworks of effective cybersecurity policies. Follow the prompts to complete each section. All
prompts should be deleted prior to submitting this section.
SECTION 3: Cybersecurity Policies
3.1 Password Policies
Prompt: What principles should the information security analyst apply in order to develop
appropriate password policies for their clients? Make sure you address confidentiality,
integrity, and availability of information, as well as each of the following aspects:
•
•
•
Password length and composition of the password (e.g., uppercase, numbers,
special characters)
Time period between resets and ability to reuse a prior password
Differentiated policies for different types of users (e.g., administrator vs.
regular user)
3.2 Acceptable Use Policies
Prompt: What principles should the information security analyst apply in order to develop
appropriate acceptable use policies for the client? Make sure you address confidentiality,
integrity, and availability of information, as well as each of the following questions:
•
•
•
What should users generally be allowed to do with their computing and network
resources? When and why would each example be allowable?
What should users generally be prohibited from doing with their computing and
network resources? When and why would each example require prohibition?
When and why should users be aware of acceptable use policies and how can
organizations keep track of these policies?
Company Manual
Page |9
CYBERLEET TRAINING MANUAL
3.3 User Training Policies
Prompt: What principles should the information security analyst apply in order to develop
appropriate user training policies for the client? Make sure you address confidentiality,
integrity, and availability of information, as well as each of the following:
•
•
•
How to determine who would be trained
How to determine how often trainings would occur
How to determine whether certain staff receive additional training or whether they
should be held to higher standards
3.4 Basic User Policies
Prompt: What principles should the information security analyst apply in order to develop
appropriate basic user policies for the client? Make sure you address confidentiality,
integrity, and availability of information, as well as each of the following questions:
•
•
•
•
When and why should users have to display some type of identification while in the
workplace?
What types of physical access (with or without ID) to company areas is acceptable?
Why?
When and why should employees with identification be allowed access to all areas of
the company?
When and why should employees be allowed to take work home or bring guests into
the workplace?
Company Manual
P a g e | 10
CYBERLEET TRAINING MANUAL
A threat-intelligence service provides analyzed, actionable threat information to help organizations
defend against known or emerging threats before systems may be compromised. In this section, you
will create three mitigation scenarios. The first two mitigation topics have been chosen; however,
the third one is your choice. Follow the prompts to complete each section. All prompts should be
deleted prior to submitting this section.
SECTION 4: Threat Mitigation Scenarios
4.1 Theft
Prompt: In the last month, two break-ins have occurred at a client’s office, which resulted in
the theft of employee laptops during both incidents. The first incident occurred in the
evening when the thieves broke through a ground-floor window. The second incident
occurred during the day when the thieves walked right into the business area and removed
two laptops. What physical and technical controls would be helpful to address the issue and
prevent this type of vulnerability in the future? Compare and contrast the different methods
that could be used to mitigate the given threat.
4.2 Malware
Prompt: Recently, one of your client’s staff has been inundated with phishing emails that are
targeted at individuals and related to current business opportunities for the company. These
messages are linked to malware and sent by known threat actors. What physical and
technical controls would be helpful to address the issue and prevent this type of vulnerability
in the future? Compare and contrast the different methods that could be used to mitigate
the given threat.
Company Manual
P a g e | 11
CYBERLEET TRAINING MANUAL
4.3 Your Choice
Prompt: Create your own illustrative scenario of a common threat that an information
security analyst may face. Explain what physical and technical controls would be helpful to
address your chosen issue and prevent that type of vulnerability in the future, and compare
and contrast the different methods that could be used to mitigate the given threat.
Company Manual
P a g e | 12
CYBERLEET TRAINING MANUAL
SECTION 5: References
Prompt: If applicable, list all references used in the creation of this document here. References must
be in APA format.
Company Manual
P a g e | 13
IT 380 Milestone Two Guidelines and Rubric
Overview: For the final project in this course you will assume the role of a training manager at a cybersecurity firm needing to create a training manual for new
information security analyst hires. For milestone two, complete the cybersecurity policy section of the manual. Remember, use the same manual you used to
complete milestone one.
Prompt: You will submit the cybersecurity policy section of the training manual. The training manual will include a discussion of the purpose and value of
cybersecurity, illuminate core tenets of cybersecurity, and illustrate best practices for addressing common threat scenarios. Use the information on each of
these topics to develop a customized training manual for newly hired cybersecurity professionals at CyberLeet.
Specifically, the following critical elements must be addressed:
I.
How to Develop Cybersecurity Policies: In this part of the training manual, you will develop the cybersecurity policies in four distinct areas for new hires
at CyberLeet. Based on information you have learned on cybersecurity use and governance, you will develop policies for end‐user passwords, acceptable
use, basic users, and user training. For each of these areas, follow the guiding questions to develop effective use policies that new hires will be trained
on. Review the directions in each section of the manual template to guide your response. Be sure you delete all of the directions in each section prior to
finalizing the information.
A. What principles should the information security analyst apply in order to develop appropriate password policies for their clients? Make sure you
address confidentiality, integrity, and availability of information.
B. What principles should the information security analyst apply in order to develop appropriate acceptable use policies for the client? Make sure
you address confidentiality, integrity, and availability of information.
C. What principles should the information security analyst apply in order to develop appropriate user training policies for the client? Make sure
you address confidentiality, integrity, and availability of information.
D. What principles should the information security analyst apply in order to develop appropriate basic user policies for the client? Make sure you
address confidentiality, integrity, and availability of information.
Rubric
Guidelines for Submission: Use the template provided to complete this assignment. Review each section and follow the prompts accordingly. All prompts should
be deleted. Remember, you are responsible for every section of a completed training manual.
Critical Elements
Exemplary (100%)
How To:
Meets “Proficient” criteria and
Password Policies demonstrates keen insight into
best practices for defending the
confidentiality, integrity, and
availability of information
How To:
Meets “Proficient” criteria and
Acceptable Use demonstrates keen insight into
Policies
best practices for defending the
confidentiality, integrity, and
availability of information
How To: User
Meets “Proficient” criteria and
Training Policies demonstrates keen insight into
best practices for defending the
confidentiality, integrity, and
availability of information
How To: Basic
Meets “Proficient” criteria and
User Policies
demonstrates keen insight into
best practices for defending the
confidentiality, integrity, and
availability of information
Proficient (85%)
Identifies specific principles for
developing appropriate password
policies that address
confidentiality, integrity, and
availability of information
Identifies specific principles for
developing appropriate acceptable
use policies that address
confidentiality, integrity, and
availability of information
Identifies specific principles for
developing appropriate user
training policies that address
confidentiality, integrity, and
availability of information
Identifies specific principles for
developing appropriate basic user
policies that address
confidentiality, integrity, and
availability of information
Needs Improvement (55%)
Not Evident (0%)
Identifies principles for developing Does not identify principles for
password policies but fails to fully developing password policies
address all relevant aspects or
there are gaps in logic or accuracy
Value
25
Identifies principles for developing Does not identify principles for
acceptable use policies but fails to developing acceptable use policies
fully address all relevant aspects or
there are gaps in logic or accuracy
25
Identifies principles for developing Does not identify principles for
user training policies but fails to
developing user training policies
fully address all relevant aspects or
there are gaps in logic or accuracy
25
Identifies principles for developing Does not identify principles for
basic user policies but fails to fully developing basic user policies
address all relevant aspects or
there are gaps in logic or accuracy
25
Total
100%
Purchase answer to see full
attachment
