MANUAL OVERVIEW
You are the training manager at CyberLeet Technologies, a midsized firm that provides cybersecurity services to other businesses. CyberLeet’s core customer base is sole proprietorships and other mom-and-pop shops that are too small to have their own IT departments and budgets. Generally speaking, your clients have a reasonably high risk tolerance, and put a premium on the functionality of their IT systems over stringent security measures. However, you also have clients that must protect highly sensitive information in order to continue operating successfully. For example, CyberLeet supports a few small public-accounting firms that need to maintain important tax-related information, as well as several day-care businesses that must keep children’s health records private while allowing necessary access for certain caregivers. In the past year, CyberLeet has experienced rapid growth, which means you can no longer personally provide one-on-one training to every new information security analyst as they are hired. Therefore, you have decided to create a training manual that will explain to the current and future cohorts of new hires the essential principles and practices that they must understand in order to be successful in their role as information security analysts at CyberLeet.
Manual Layout
There are four sections in the manual, which cover all the components of a new employee training manual. As the training manager, you must complete each section using information you learned in this course. Refer to the background information on CyberLeet and apply the appropriate information that best matches based on the size of the company, the value of cybersecurity, and its core tenets. Apply best practices of cybersecurity principles for addressing the common threat scenarios of a sole proprietary business. The main sections of the manual you are responsible for completing are the following:
· Introduction
· Core tenets of cybersecurity
· Developing cybersecurity policies
· Threat mitigation scenarios
Introduction: Welcome to CyberLeet
Explain the value of CyberLeet Technologies as a provider of cybersecurity services to its client businesses. Why is there demand for information security in a business environment? How do cybersecurity issues impact business resources, including finances, people, and time?
Describe the overall role of the new hire as an information security analyst. What are the main functions of the job? What should be their ultimate goal once they are assigned to clients?
Finally, explain the purpose for this manual. Why is it important that information security analysts apply the principles and practices outlined in this manual? What is at stake if they do not appropriately apply their training and provide high-quality services to the client businesses?
Core Tenets of Cybersecurity
Explain the significance of confidentiality as a core tenet of cybersecurity. Be sure to define the term and use specific details and examples to illustrate its meaning in a business context.
Explain the significance of integrity as a core tenet of cybersecurity. Be sure to define the term and use specific details and examples to illustrate its meaning in a business context.
Explain the significance of availability as a core tenet of cybersecurity. Be sure to define the term and use specific details and examples to illustrate its meaning in a business context.
How to Develop Cybersecurity Policies
What principles should the information security analyst apply in order to develop appropriate password policies for their clients? Make sure you address confidentiality, integrity, and availability of information, as well as each of the following aspects:
Password length and composition of the password (e.g., uppercase, numbers, special characters)
Time period between resets and ability to reuse a prior password
Differentiated policies for different types of users (e.g., administrator vs. regular user)
What principles should the information security analyst apply in order to develop appropriate acceptable use policies for the client? Make sure you address confidentiality, integrity, and availability of information, as well as each of the following questions:
What should users generally be allowed to do with their computing and network resources? When and why would each example be allowable?
What should users generally be prohibited from doing with their computing and network resources? When and why would each example require prohibition?
When and why should users be aware of acceptable use policies and how can organizations keep track of these policies?
What principles should the information security analyst apply in order to develop appropriate user training policies for the client? Make sure you address confidentiality, integrity, and availability of information, as well as each of the following:
How to determine who would be trained
How to determine how often trainings would occur
How to determine whether certain staff receive additional training or whether they should be held to higher standards D. What principles should the information security analyst apply in order to develop appropriate basic user policies for the client? Make sure you address confidentiality, integrity, and availability of information, as well as each of the following questions:
When and why should users have to display some type of identification while in the workplace?
What types of physical access (with or without ID) to company areas is acceptable? Why?
When and why should employees with identification be allowed access to all areas of the company?
When and why should employees be allowed to take work home or bring guests into the workplace?
IV. Threat Mitigation Scenarios: For each of the hypothetical scenarios listed below, illustrate for the new hires the strengths and weaknesses of the different approaches. This will help new hires gain a more practical understanding of how to deal with these types of issues that they are likely to face in their day-to-day job.
Theft: In the last month, two break-ins have occurred at a client’s office, which resulted in the theft of employee laptops during both incidents. The first incident occurred in the evening when the thieves broke through a ground-floor window. The second incident occurred during the day when the thieves walked right into the business area and removed two laptops. What physical and technical controls would be helpful to address the issue and prevent this type of vulnerability in the future? Compare and contrast the different methods that could be used to mitigate the given threat.
Malware: Recently, one of your client’s staff has been inundated with phishing emails that are targeted at individuals and related to current business opportunities for the company. These messages are linked to malware and sent by known threat actors. What physical and technical controls would be helpful to address the issue and prevent this type of vulnerability in the future? Compare and contrast the different methods that could be used to mitigate the given threat.
Your choice: Create your own illustrative scenario of a common threat that an information security analyst may face. Explain what physical and technical controls would be helpful to address your chosen issue and prevent that type of vulnerability in the future, and compare and contrast the different methods that could be used to mitigate the given threat.
What Students Are Saying About Us
.......... Customer ID: 12*** | Rating: ⭐⭐⭐⭐⭐"Honestly, I was afraid to send my paper to you, but splendidwritings.com proved they are a trustworthy service. My essay was done in less than a day, and I received a brilliant piece. I didn’t even believe it was my essay at first 🙂 Great job, thank you!"
.......... Customer ID: 14***| Rating: ⭐⭐⭐⭐⭐
"The company has some nice prices and good content. I ordered a term paper here and got a very good one. I'll keep ordering from this website."