CIS 550, Term Paper: DigiNotar, Part 6B
This paper will review the events that lead to the breach of DigiNotar and the factors that would have mitigated it, and develops a security policy document for my mid-sized organization “Cañar Networking Organization”. The paper will include measures to protect against breaches and act as a proactive defense. It defines the segments of policy that are purpose, audience, document information and scope for the success of organization. This paper also develops the policy criteria that protect the organization from …show more content…
Security policy criteria/ Policy Creation
In this section I will start to draft my policies, beginning with the root security policy and then working through a few of the others. Each policy sets out the definitive answer to a set of key questions.
1. Compliance: As of Hurwicz “Security Policies can be useful compliance tools, showing what the company’s stance is on best practice issues and that they have controls in place to comply with current and forthcoming legislation and regulations. “ This Security Policy applies to all users of Cañar Networking Organization information including: employees, partners, contractors, volunteers, and outside affiliates. Failure to comply with this Policies and Standards by employees, partners, contractors, volunteers, and outside affiliates may result in disciplinary action up to and including dismissal in accordance with applicable Cañar Networking Organization. Further, penalties associated with state and federal laws may apply. Possible disciplinary/corrective action may be instituted for, but is not limited to, the following:
1. Unauthorized disclosure of confidential information as specified in the statement.
2. Unauthorized disclosure of a sign-on code (user