Description
For this assignment, you must create a presentation that provides details to your selected organization’s managers, technologists, and technicians. Your objective is to bring all parties to a common understanding of a network infrastructure that can reduce risk through improved security within the organization and for all external links.
Your presentation should use best practices for presentations delivered to an audience. Be sure your presentation includes the following:
Identify the name of your selected organization on the title page.
Offer a brief proposal of a network infrastructure for your selected organization.
Identify key perimeter protection considerations.
Detail the security strategy for data links, including remote partners, suppliers, and employees.
Provide insights regarding certification and accreditation, safe network links to cloud resources.
Determine appropriate risk assessment approaches that consider both audit and compliance.
Include at least one diagram that details the core network layout with security components.
Length: 14-18 slides, at least 150 words in the Notes section below each slide
References: Include sources within the course plus a minimum of 2 additional scholarly resources.
The completed assignment should address all the assignment requirements, exhibit evidence of concept knowledge, and demonstrate thoughtful consideration of the content presented in the course. The writing should integrate scholarly resources, reflect academic expectations and current APA standards
Unformatted Attachment Preview
1
Technical Policies and Standards to Meet Internal and External Cyber-security
Requirements
Lethon Jordan
North Central University
Cybersecurity, Risk Management, and Policy for IT Professionals
Dr. Jeevan D’Souza
December 17, 2023
2
Technical Policies and Standards to Meet Cyber-security Requirements
Introduction
Organization’s considerations of cyber security are of great significance in enhancing the
efficiency of operations. Technical policies and standards that meet cyber security requirements
are pivotal in improving safety when using technology. The policies act as regulations
facilitating internal and external monitoring of technology implementation and applications.
Organizations need these policies and standards that outline how stakeholders can utilize the
technology securely. The specific measures are also paramount in protecting the organization
from cyber-attacks or related security issues. With these policies and standards, workers can
understand the regulations and laws guiding how they operate with diverse software and
hardware. Adherence to the set guidelines and standards in the organization is essential for
protecting the integrity and privacy of information. Managers and technologists within the IT or
security sector of the organization should be keen on the policies and procedures for enhancing
external and internal cyber security. Managers and IT personnel’s awareness of these regulations
can be essential in influencing the correct application of the procedures among other workers in
the organization. Coca-Cola Inc. implements diverse technical policies and standards to meet
internal and external cyber security requirements and enhance the safety and privacy of
information by using various technologies.
Cyber-Security at Coca-Cola Company
Coca-Cola Inc. has developed sufficient technical policies that outline the use of
information. The purpose of these policies is to provide a guideline on the responsibilities of
employees in ensuring that they protect the security and privacy of the company’s data. The
3
company’s reliance on technical policies has significantly protected its data from cyber-attacks.
More so, the policies and standards have been relevant in improving how the employees,
managers, and customers take actions and precautions to regain cyber security in the
organization. The company’s cyber security policies have resulted in practical ways of enhancing
and maintaining security (The Coca‑Cola Company, 2023). These policies have also prompted
the protection of the company’s IT system since they meet cyber security’s internal and external
requirements. The standards, policies, and procedures of cyber security in the organization have
been adequate tools in enhancing compliance and assurance of data safety. Coca-Cola Inc.’s
commitment to security and privacy of information has, therefore, enhanced the development
and application of the policies and standards, and procedures that address the internal and
external requirements of cyber security.
Enhances data
confidentiality
Addresses
security
threats
Prevents
cyber-attacks
Maintains
information
safety
Aspects of
cybersecurity
policies
Guides
workers on
appropriate
practices
4
Acceptable Use Policy
Coca-Cola implements the Acceptable Use Policy to enhance the safety and security of
the company’s data. Workers should follow the Acceptable Use Policy to utilize the
organizations effectively. The company’s AUP is relevant in ensuring that the employees do not
disclose the company’s private information to third parties. The AUP’s considerations are
determining how the employees can use the company’s system, network, and computers.
According to the policy, the employees’ restrictions are essential in guiding and maintaining the
privacy, safety, and security of the organization’s data. According to Doherty et al. (2011), an
organization’s Acceptable Use Policy helps prevent inappropriate behaviors that can hurt the
company or employees. The policy requires that workers are aware of the computer-based
information and how they can effectively utilize computer resources and systems to enhance the
safety of the company data. Following these policies is paramount in ensuring that the workers
understand the implications of inappropriate actions that interfere with corporate data security.
According to the Coca-Cola AUP, the organization is assured of data privacy and protection
since the system manager monitors the use of computers (The Coca‑Cola Company, 2023). The
policy indicates that the workers can only use the company resources for business related to the
company. When employees use computer systems for personal purposes, a specific law is
applicable. In case of any inappropriate behaviors from the workers, they can take preventive
measures. Workers in the company are aware of their responsibilities in protecting its IT systems
and computer networks as a strategy to maintain security. Managers and IT personnel in the
company can utilize the AUP to educate workers on the significance of following the proper
implementation and application of company resources to prevent interference with the privacy
5
and safety of the company data. As a result of adherence to the policy, workers at Coca-Cola Inc.
can efficiently meet the internet aspects and requirements of cyber security.
Clean Desk Policy
Coca-Cola Company also applies the Clean Desk Policy to meet the intended cyber
security requirements and standards. The primary purpose of the Clean Desk policy is to guide
the employees on taking precautions when not using the organization’s computer and system.
Workers are granted complete control over their organization’s network systems to enable them
to handle their roles and responsibilities effectively. It is essential that when using these systems,
the workers maintain the safety of company data. According to Mishra et al. (2022),
organizations prioritizing cyber security take relevant security controls and measures. These
measures are essential in promoting consistency in maintaining the security and safety of the
company data. When leaving or away from their working environment, the company expects the
workers to clear off any sensitive information. The primary purpose of clearing the desk is to
avoid exposing the information and prevent third parties from accessing the organization’s data.
Implementing the Clean Desk policy involves logging the computer systems from the working
environment after completing company tasks and projects. The Clean Desk policy acts as an
access control practice since it determines the personnel who can access specific company
information. The policy is vital for safeguarding company information by ensuring that the
workers keep working areas clear of classified company information when not in use. Through
the access control policy, employees can only access data relating to their roles and
responsibilities (Mishra et al., 2022). The manager and IT personnel rely on the policy to ensure
workers know their roles and the importance of controlling who can access the organization’s
databases, systems, and computers.
6
Policy
Significance
Acceptable Use Policy
•
Protects sensitive data
•
Determines restrictions on system use
•
Encourages due diligence
•
Outlines guidelines for system use
•
Protects company from data breaches
and cyber attacks
Clean Desk Policy
•
Encourages lockdown of sensitive data
•
Minimizes exposure of sensitive
company data
•
Maintains data confidentiality
•
Protects company from cyber attacks
•
Reduces security breaches
The standards appropriate for organizations are implemented to ensure that the
technology and management meet international standards. Embracing these standards is
significant in an organization as it influences the ability of the company to meet the expected
cyber security standards at an internal level. Coca-Cola Inc. applies ISO 27001 as the standard
for meeting cyber security requirements in its industry. The organization incorporates the
standard to measure the efficiency of its system design and implementation in cyber security and
information safety. According to Coca-Cola HBC (2020), the company received an ISO 27001
certification to indicate its adherence to the information systems infrastructure. The certification
7
also shows that the company meets all the standardization requirements for information security
management. Having the certificate shows that the performance of Coca-Cola’s security program
is adequate in enhancing the company’s safety and privacy. Coca-Cola has, therefore, selected
sufficient and appropriate security policies and practices according to the expected internal
standards for cyber security requirements.
Risk Reduction Plan
Organizations must engage in continuous developments to facilitate efficiency in
developing the policies and standards that meet cyber security requirements. An efficient
strategy for reducing cyber-attack risk in the organization is developing a risk management plan.
The purpose of the management plan is to provide the organization’s management with the
resources needed to plan how to respond in case of cyber issues. Utilizing the risk management
plan to educate workers on implementing diverse policies and practices is paramount in attaining
efficiency. The cyber security management plan provides the company managers with the
resources to guide workers and reinforce the company’s security (Doherty et al., 2011). Workers
will receive the necessary training and support to understand the policies. Significantly, the IT
managers crate guidelines on the effective use of the policies and standards, thus increasing the
efficiency of the policies.
Conclusion
In conclusion, the technical policies and standards that meet cyber security requirements
focus on enhancing the company’s security and privacy. The managers and IT developers should
collaborate to determine which. In Coca-Cola Inc., diverse technical policies are significant in
cyber security and reducing cyber-attacks. The two primary policies in the organization are the
8
Clear Desk Policy and the Acceptable Use Policy, which guide employees on using company
systems and computers. Coca-Cola utilizes the ISO 27001 recognized standard that has been
significant in ensuring that the company’s cyber security policies meet international
requirements. The company can create a risk management plan to improve its operations and
educate workers on properly applying the policies and procedures to protect company data’s
safety, privacy, and security.
9
References
Coca-Cola HBC. (2020, Jan 15). Coca‑Cola HBC Information Security Awarded ISO
Certification. https://www.coca-colahellenic.com/en/about-us/who-weare/awards/workplace/2020/coca-cola-hbc-information-security-awarded-iso-certification
Doherty, N. F., Anastasakis, L., & Fulford, H. (2011). Reinforcing the security of corporate
information resources: A critical review of the role of the acceptable use policy.
International Journal of Information Management, 31(3), 201-209.
http://dx.doi.org/10.1016/j.ijinfomgt.2010.06.001
Mishra, A., Alzoubi, Y. I., Gill, A. Q., & Anwar, M. J. (2022). Cybersecurity Enterprises
Policies: A Comparative Study. Sensors (Basel, Switzerland), 22(2), 538.
https://doi.org/10.3390/s22020538
The Coca‑Cola Company (2023, Feb 16). Coca‑Cola Terms of Service. https://www.cocacola.com/xe/en/legal/terms-of-service
Purchase answer to see full
attachment
