I’m working on a Computer Science exercise and need support.

Hello,

I need two responses of at least 150 words each for the below students discussions for this week. Also in the bold below are the questions the students at answering.

1. Do you believe that training is a necessity in the implementation of new policies? Please support your answers.

2. Why are background checks important to information security? What purpose do they serve?

3. What can happen if management does not enforce the policies that are put in place?

Student one:

Hello fellow classmates,

1. Do you believe that training is a necessity in the implementation of new policies? Please support your answers.

Yes because it ensures the new policies are followed correctly. If the polices are not presented to all personal and how they should be followed, it leaves a window open for mistakes to be made. For intense, if the policy was not to allow employees within the facility without proper identification within a biometric or certificate identification system. It would leave a vulnerability within the access control point. This is because people could state I do not have my credentials on me and I left them in my office. IF security personnel is not trained properly then they could possibly let the individual within the facility.

2. Why are background checks important to information security? What purpose do they serve?

This is because a company does not want to hire someone with a background of stealing or financial issues that are not presented in the interview. These unwanted stresses in a persons’ life can cause an issue within the workplace. These factors can lead an individual from stealing from the company or from fellow employees. The employee could leak vital information that will cause the company to be not trusted by customers. The purpose of this check is to prevent the company from hiring an individual that will cause harm to the company.

3. What can happen if management does not enforce the policies that are put in place?

The policies represent a standard in the workplace for all to follow. If people do not see the corrective actions across the broad and there is unfair treatment within the workplace; it can cause legal an action from the workers within the workplace. If a male and a female both decide not to wear their ID tags within a work environment for example and the male is the only one that is punished then it brings up a discrimination case. If the policy is not enforced at all then no one will follow it and it will eventually lead to an incident in the workplace. Like not wearing a hard hat in the packaging and distributing sector of the building. It will not be an issue until a worker gets knocked out and sues the company for an unsafe environment.

-Easton

Reference:

Korolevich, S. (May 10, 2018) The Complete Guide to Background Checks https://www.goodhire.com/blog/complete-guide-to-background-checks

Student two:

Hello Class

Training is a big topic to talk about and conduct because without training there would be a big gap in knowledge for employees with tasks outside their realm of ability. Especially in security, common practice and new policy may not be immediately on an employee’s mind when conducting day to day work. They are focused on the task at hand to complete it no matter what it takes. Without training providing the awareness and much needed skills in areas such as information security there would a be a lot more risk involved with the daily operation. To achieve compliance of new implemented policies training must be conducted to address any immediate questions and ensure accountability that all hands have received a notice of the change.

Background checks are another essential key element in information security for one main purpose, validating the individuals that are being allowed access into the company. Employees have the advantage over what a normal attacker would have so an attacker who either hires and employee or gets hired themselves to create an insider threat poses one of the greatest risks to information security. Conducting background checks is a step at mitigating a big majority of that risk by gaining more information about the individual such as past crimes.

Policies and procedures can be drafted and implemented one after another but if there is no enforcement than they are just as effective as not having them. Enforcement of the policies will ensure compliance and create an atmosphere where following policy is a standard. This will prevent future mishaps which can happen such as a security breach due to a password being to weak which was addressed in the password policy. Or the company being sued because of illegal downloading of content on the company internet and the user claims they never have seen the internet usage policy. Compliance will ensure the users and company are protected.

Thank you

-Cory

References:

Johnson, R. Security Policies and Implementation Issues. [VitalSource Bookshelf]. Retrieved from https://online.vitalsource.com/#/books/97812840706…