CIS 550, Term Paper: DigiNotar, Part 6B
ABSTRACT
This paper will review the events that lead to the breach of DigiNotar and the factors that would have mitigated it, and develops a security policy document for my mid-sized organization “Cañar Networking Organization”. The paper will include measures to protect against breaches and act as a proactive defense. It defines the segments of policy that are purpose, audience, document information and scope for the success of organization. This paper also develops the policy criteria that protect the organization from proactive defense and organizational risks. It examines the objectives, complains, responsibilities, implementations and control of policy criteria in order to enhance the organization. The paper also details the policy measurement in order to mitigate the organizational threats, and provides effective security elements for the enhancement of the organization.
Introduction “ A security policy should fulfill many purposes. It should: protect people and information; set the rules for expected behavior by users, system administrators, management, and security personnel; authorize security personnel to monitor, probe, and investigate; define and authorize the consequences of violation; define the company consensus baseline stance on security; help minimize risk; and help track compliance with regulations and legislation.” Hurwicz, Michael (2002, February 01). This policy is the procedure and principle that guides the decisions and the rational outcomes of an organization. The subjective and the objective decisions can be assisted by policy in order to make better environment to the organization. Policies include the set of decision that can be associated by the senior management in an organization.
References: Hurwicz, Michael (2002, February 01). Peer pressure: Securing P2P networking. Network Magazine, (2), 60, Retrieved from http://elibrary.bigchalk.com http://www.cisco.com/en/US/tech/tk869/tk769/technologies_white_paper09186a008014f945.shtml Barbetta, Frank (1996, January 01). Network security: examine your arsenal. (includes related article on asynchronous transfer mode security). Business Communications Review, ({26}) 46(4), Retrieved from http://elibrary.bigchalk.com http://www.networkworld.com/news/2009/072209-botnets.html Schrodel, David (2003, December 01). Network Configuration Management. Computer Technology Review, (12), 18, Retrieved from http://elibrary.bigchalk.com