May 10, 2011
Security Policy Structure as it Relates to Humans3
Cyber Crime & Cyber Warfare4
Profile and Motivations of a Cyber Criminal4
Attack Methods and Firion Vulnerabilities5
Cyber Crime Trends7
Laws and Regulations Driving Company Security Policies8
Liability and Taking Responsibility9
Setting Backgrounds and Screen Savers Policy11
Intellectual Property and Licensing Policy11
Information Systems Expectable Use Policy11
User Email Responsibilities12
Information Systems Expectable Use Policy13
Software License Policy13
Data Transfer Policy13
Reference Checks Policy14
Least Privilege Policy16
Separation of Duties Policy16
Security awareness program16
Security Policy Structure as it Relates to Humans
The Firion Corporation develops, produces, and markets specialized jackets used in waste disposal and other safety-related applications. At a research laboratory near a large university, it develops new glove designs and coatings, which are sold through wholesale and retail outlets. Firion also operates several factories and warehouses in different parts of the country (UMUC CSEC 2010, p. 4). The company’s development process is proprietary and if exposed to its competitors could potentially cause a significant loss of reputation and revenue. Security Policy Structure as it relates to humans is more complex than policy designed to configure a firewall or file share permissions. Unlike computers that simply process ones and zeros, humans need to understand the purpose and intend of a particular security policy. You simply cannot say “because I told you so”.
Cybercrime should not be viewed through the narrow prism of technology. Crime is, after all, a global human phenomenon. The policies developed to protect Firion Corporation from actions or inactions by its employees are not a technology issue, rather a human issue. Although policy is a great tool to have in a business, a policy is only as good as its compliance from management and staff (Gilhooly 2002, p 2). If employees become frustrated with the security policy, they will begin to find ways to circumvent that policy. So employee compliance becomes the primary driver on how security policy is written and 100% compliance is the goal to ensure security policies are followed. Firion Corporation security policy structure needs to address this human aspect of security. The policy development process must start with top leadership buy in and involvement for the policy to be effective.
The policy structure should be developed in a way that will allow the end user to have a clear understanding of the reasons behind each policy and make clear the negative impact on the corporation as a whole and to each employee if not followed by everyone. It should include continuing education and a marketing campaign that will help increase and maintain compliance to an acceptable level. The policy should not unreasonably hinder or frustrate an employee’s ability to perform their job. If this happens then people will look for ways to circumvent the security policy. It must include a set of metrics that can be measured to indicate successful compliance and identifies areas that need improvement. Cyber Crime & Cyber Warfare
Cyber crime and cyber warfare are a concern of Firion. Cyber crime is defined as a crime performed or resorted to by abuse of electronic media or otherwise, with the purpose of influencing the functioning of a computer or computer systems (Cyber Crime Branch, 2010). Cyber Warfare is usually conducted or supported by a national government with a specific target identified. Cyber warfare can use the same methods as cyber criminals, but may be much more complex due to the national resources and expertise that can be...