Professional Documents
Culture Documents
Group No: 4
Student Name:
Policy Statement
In order to accept credit or debit card payments and compliance with GLBA and IT
1. Protect consumer and customer records and will therefore help to build and
2. Customers gain assurance that their information will be kept secure by the
institution
institutions and third parties and have the ability to opt out of private
information sharing.
records.
Scope
These policies apply to any ABC Credit bank employee, contractor, business
partner, or student involved in the processing of debit and credit card payments or
Standards
All company data stored on electronic devices, hardware or software and other
company’s assets
- The server room must be locked to make sure physical access is restricted
- All devices access to the internal network must be monitored and controlled
Procedures
- The leader of the IT department is responsible for reporting the bank’s policy
Guidelines
program
- Identify and assess the risks to customer information in each relevant area of
- Design and implement a safeguards program, and regularly monitor and test it
- Select service providers that can maintain appropriate safeguards, make sure
and monitoring.
- Any exception of this policy will be examined and approved by the IT
department.
- All individuals must obey the AUPs. Violations can lead to disciplinary action
Group No: 4
Student Name:
1. What are the top risks and threats from the User Domain?
- Social engineering
- Accident disclosure
- Malicious behaviours
- They can protect the organization, the employee, and also the user of the
organization.
- AUPs outline the rules and restrictions employees must follow in regard to the
company's network, software, internet connection and devices → Make sure the
Use Policy?
Acceptable Use Policy and an Email Acceptable Use Policy. Each would
define the rules and regulations, similar to a regular Acceptable Use Policy.
definition?
policies
An acceptable use policy not a failsafe means of mitigating risks and threats
because:
- We cannot control the user (what they do, what they discuss when they are
- Even when the user agrees with the AUPs, they may not always follow
6. Will the AUP apply to all levels of the organization, why or why not?
- Yes, the main purpose of acceptable use policy is to protect the entire
company and all employees and ensure that they are aware of the policies
- This policy should be in effect from day 1 of operation and periodically needs
8. Why does an organization want to align its policies with the existing
compliance requirements?
- These rules are applied to protect Company information against loss or theft,
financial loss, non-compliance with standards, laws and third party liability
- This way there are no hidden surprises for anyone and everyone will be on
10. Where in the policy definition do you define how to implement this
parties?
12. What security controls can be deployed to monitor and mitigate users
AUP?
firewall alerts, monitoring security logs, and setting up a proxy to limit the
13. What security controls can be deployed to monitor and mitigate users
monitoring the network traffic. The webmail systems and services can be
14. What security controls can be deployed to monitor and mitigate users