590a5

Assignment 5
Answer all Eight (8) questions.
· Submission Requirements
ü All sentences must be grammatically correct, and free from spelling errors.
ü Your answer for each question should not exceed 250 words.
ü Submit a Single Microsoft Word Document.
ü Font: Times New Roman, Size 12, Double-Space.
ü Cite all references used in APA format.
1. How does a security awareness training policy impact an organization’s capability to mitigate risks, threats, and vulnerabilities?
2. When trying to combat software vulnerabilities in the workstation domain, what is needed most to deal with operating system, application, and other software installations?
3. What are some strategies for preventing users or employees from downloading and installing rogue applications and software found on the Internet?
4. What other strategies can organizations implement to keep security awareness top of mind with all employees and authorized users?
5. Why is it a best practice of a remote access policy definition to require employees and users to fill in a separate VPN remote access authorization form?
6. What security controls, monitoring, and logging should be enabled for remote VPN access and users?
7. Should an organization mention that it will be monitoring and logging remote access use in its remote access policy definition?
8. Review the following characteristics of the mock Sunshine Health Care Provider:
• Regional Sunshine Health Care Provider has multiple, remote health care branches and locations throughout the region;
• Online access to patients’ medical records through the public Internet is required for remote nurses and hospices providing in-home medical services;
• Online access to patients’ medical records from remote clinics is done through SSL VPN secure Web application front-end through the public Internet;
• The organization wants to be in compliance with HIPAA and IT security best practices regarding remote access through the public Internet in the remote access domain;
• The organization wants to monitor and control the use of remote access by implementing system logging and VPN connections;
• The organization wants to implement a security awareness training policy mandating that all new hires and existing employees obtain remote access security training. Policy definition to include HIPAA and ePHI (electronic protected health information) security requirements and a mandate for annual security awareness training for all remote or mobile employees.
Using the following template, create an organization-wide remote access policy for Sunshine Health Care Provider (this should not be longer than two pages):
Sunshine Health Care Provider
Remote Access Policy for Remote Workers & Medical Clinics
Policy Statement
{Insert policy verbiage here.}
Purpose/Objectives
{Insert the policy’s purpose as well as its objectives; use a bulleted list of the policy definition.}
Scope
{Define this policy’s scope and whom it covers.
Which of the seven domains of a typical IT infrastructure are impacted?
What elements, IT assets, or organization-owned assets are within the scope of this policy?}
Standards
{Does this policy point to any hardware, software, or configuration standards?
If so, list them here, and explain the relationship of this policy to these standards. In this case,
remote access domain standards should be referenced, such as encryption standards, SSL VPN
standards; make any necessary assumptions.}
Procedures
{Explain how you intend to implement this policy organization-wide and how you intend to deliver
the annual or ongoing security awareness training for remote workers and mobile employees.}
Guidelines
{Explain any roadblocks or implementation issues that you must address in this section and how
you will overcome them per defined policy guidelines.}