5-2 Milestone Two: Policy DevelopmentFor Milestone Two, complete the cybersecurity policy section of the manual. Remember, use the same template you used to complete Milestone One. To complete this as

5-2 Milestone Two: Policy DevelopmentFor Milestone Two, complete the cybersecurity policy section of the manual. Remember, use the same template you used to complete Milestone One. To complete this as 1

Company Training Manual

Prepared by:

Rashel Hafiz

MANUAL OVERVIEW 4

SECTION 1: Introduction: Welcome to CyberLeet 6

1.1 Introduction 6

1.2 Your Role at CyberLeet 7

1.3 Purpose of This Manual 7

SECTION 2: Core Tenets of Cybersecurity 8

2.1 Confidentiality 8

2.2 Integrity 8

2.3 Availability 9

SECTION 3: Cybersecurity Policies 10

3.1 Password Policies 10

3.2 Acceptable Use Policies 10

3.3 User Training Policies 11

3.4 Basic User Policies 11

SECTION 4: Threat Mitigation Scenarios 12

4.1 Theft 12

4.2 Malware 12

4.3 Your Choice 13

SECTION 5: References 14

MANUAL OVERVIEW

You are the training manager at CyberLeet Technologies, a midsized firm that provides cybersecurity services to other businesses. CyberLeet's core customer base is sole proprietorships and other mom-and-pop shops that are too small to have their own IT departments and budgets. Generally speaking, your clients have a reasonably high-risk tolerance and put a premium on the functionality of their IT systems over stringent security measures. However, you also have clients that must protect highly sensitive information in order to continue operating successfully. For example, CyberLeet supports a few small public-accounting firms that need to maintain important tax-related information, as well as several day-care businesses that must keep children's health records private while allowing necessary access for certain caregivers. In the past year, CyberLeet has experienced rapid growth, which means you can no longer personally provide one-on-one training to every new information security analyst as they are hired. Therefore, you have decided to create a training manual that will explain to the current and future cohorts of new hire the essential principles and practices that they must understand in order to be successful in their role as information security analysts at CyberLeet.

Manual Layout

There are four sections in the manual, which cover all the components of a new employee training manual. As the training manager, you must complete each section using the information you learned in this course. Refer to the background information on CyberLeet and apply the appropriate information that best matches based on the size of the company, the value of cybersecurity, and its core tenets. Apply best practices of cybersecurity principles for addressing the common threat scenarios of a sole proprietary business. The main sections of the manual you are responsible for completing are the following:

Introduction
Core tenets of cybersecurity
Developing cybersecurity policies
Threat mitigation scenarios

In Section One, describe the organization. Provide a short history of the company, define the way it operates, and describe its place within the industry and the community it serves. Follow the prompts to complete each section. All prompts should be deleted prior to submitting this section.

SECTION 1: Introduction: Welcome to CyberLeet

1.1 Introduction

Cyber fleet technology is a company that provides cybersecurity services to the sole proprietorship firm. The firm is fully committed to protecting small firm IT system in order to ensure the firms operate seamlessly. The company provides value to small firms because it helps the firm avoid incurring cost related to adopting internal IT departments or worry about IT maintenance. Due the technological development and risk in cybercrime, more organization are focusing on how they can protect their IT system in order to protect customer data, employee’s information, and firm assets from cyber threat. Cyber leet came in play to seal that gap by proving reliable cyber security services. The cybersecurity issues may have a huge impact on the company as it may lead to loss of important resource for example finance, loss of reputation due to data breach, loss of important time while there are major errors in the system caused by outsider to block users from accessing the system which may result to major business disruption making firm make loses per the time the site was not available.

1.2 Your Role at CyberLeet

The role of information security Analysts is to monitor the company computer network in order to combat hackers and compile reports of a security breach. The specific roles include creating, testing and implementing network disaster recovery plans, performing risk assessments and testing of the data processing system, installing a firewall, data encryption and other security measures. The cybersecurity specialist will also train staffs on network and information procedure and recommend security enhancements and purchase. The automate goal once assigned the task to ensure the company IT system are secured

1.3 Purpose of This Manual

This manual will provide a guideline for training new employee about security awareness. The security analysts will apply the guidelines and principles outlined in this manual such as confidentiality, integrity, and availability that will guarantee a secure system. The organization policies and mitigation policies will guide staffs on what to do to avoid a security breach. If the company fails to appropriately apply their training and provide high-quality services to the client to business, the company IT system will be vulnerable to cyber threat arising internally for example when an employee opens an email that contains a virus, share a password with other staff hence compromising the IT system security of the company. The hacker may try to access company data or steal some private information through that.

A widely applicable security model is the CIA triad, standing for confidentiality, integrity, and availability. There are three key principles that should be guaranteed in any kind of secure system. In Section Two, describe the significance of each area as directed in each designated area. Follow the prompts to complete each section. All prompts should be deleted prior to submitting this section.

SECTION 2: Core Tenets of Cybersecurity

2.1 Confidentiality

Confidentiality is a security principle that control access to information. Its main purpose is to ensure the wrong people cannot gain access to the sensitive information in the company and while on other it provides access to those authorized. The access to information should always be authorized to those who are authorized to view the information. For example, there must be a proper training done to employees on sharing sensitive data as well as familiarizing the authorized users with key security risk factors as well as teaching the staffs on to guard applicable data assets. The training majorly focuses on training staffs on password best practice. The password should be protected and change occasionally and not to be store as reminder password in the computer system because someone can guess and be able to access the system where they are not authorized

2.2 Integrity

The integrity as a core component of cybersecurity assures the sensitive data is trustworthy and accurate. The data which is accurate and that is reliable to the organization should be maintained over its life cycle and sensitive data should not be altered in transit. There should be a proper security control on file access and those who are allowed to access. In the file management, therefore, should be version control that prevents unintentional changes and deletion form authorized. There should be measures that help in protecting data changes through a non-human caused event for an example server crash. The organization loses important file due to unintentional file deleted or files that are deleted intentionally but with the right mechanism in place, it will help protect data integrity and reliability.

2.3 Availability

Availability as a key core tenet of cybersecurity provides a guarantee for reliability and constants access to the company sensitive data by authorized people. The software's and hardware's should be well maintained to ensure there is the reliability of the data. The disaster recovery plan should be adopted that will provide a recovery plan and provide guidelines that might be employed against interruption and data loss. Companies' faces issued such as a denial of service DOS attack and network intrusion because of lack of proper software that will prevent such issues.

Creating effective cybersecurity policies will make visible changes in how the organization operates. Rely on the information presented in this course to develop the necessary standards and frameworks of effective cybersecurity policies. Follow the prompts to complete each section. All prompts should be deleted prior to submitting this section.

SECTION 3: Cybersecurity Policies

3.1 Password Policies

Prompt: What principles should the information security analyst apply in order to develop appropriate password policies for their clients? Make sure you address confidentiality, integrity, and availability of information, as well as each of the following aspects:

Password length and composition of the password (e.g., uppercase, numbers, special characters)
The time period between resets and the ability to reuse a prior password
Differentiated policies for different types of users (e.g., administrator vs. regular user)

3.2 Acceptable Use Policies

Prompt: What principles should the information security analyst apply in order to develop appropriate acceptable use policies for the client? Make sure you address confidentiality, integrity, and availability of information, as well as each of the following questions:

What should users generally be allowed to do with their computing and network resources? When and why would each example be allowable?
What should users generally be prohibited from doing with their computing and network resources? When and why would each example require prohibition?
When and why should users be aware of acceptable use policies and how can organizations keep track of these policies?

3.3 User Training Policies

Prompt: What principles should the information security analyst apply in order to develop appropriate user training policies for the client? Make sure you address confidentiality, integrity, and availability of information, as well as each of the following:

How to determine who would be trained
How to determine how often training would occur
How to determine whether certain staff receive additional training or whether they should be held to higher standards

3.4 Basic User Policies

Prompt: What principles should the information security analyst apply in order to develop appropriate basic user policies for the client? Make sure you address confidentiality, integrity, and availability of information, as well as each of the following questions:

When and why should users have to display some type of identification while in the workplace?
What types of physical access (with or without ID) to company areas is acceptable? Why?
When and why should employees with identification be allowed access to all areas of the company?
When and why should employees be allowed to take work home or bring guests into the workplace?

A threat-intelligence service provides analyzed, actionable threat information to help organizations defend against known or emerging threats before systems may be compromised. In this section, you will create three mitigation scenarios. The first two mitigation topics have been chosen; however, the third one is your choice. Follow the prompts to complete each section. All prompts should be deleted prior to submitting this section.

SECTION 4: Threat Mitigation Scenarios

4.1 Theft

Prompt: In the last month, two break-ins have occurred at a client’s office, which resulted in the theft of employee laptops during both incidents. The first incident occurred in the evening when the thieves broke through a ground-floor window. The second incident occurred during the day when the thieves walked right into the business area and removed two laptops. What physical and technical controls would be helpful to address the issue and prevent this type of vulnerability in the future? Compare and contrast the different methods that could be used to mitigate the given threat.

4.2 Malware

Prompt: Recently, one of your client’s staff has been inundated with phishing emails that are targeted at individuals and related to current business opportunities for the company. These messages are linked to malware and sent by known threat actors. What physical and technical controls would be helpful to address the issue and prevent this type of vulnerability in the future? Compare and contrast the different methods that could be used to mitigate the given threat.

4.3 Your Choice

Prompt: Create your own illustrative scenario of a common threat that an information security analyst may face. Explain what physical and technical controls would be helpful to address your chosen issue and prevent that type of vulnerability in the future, and compare and contrast the different methods that could be used to mitigate the given threat.

SECTION 5: References

Fady Bashy, (Feb 02, 2018).Cybersecurity. Retrieved from https://www.difenda.com/blog/what-is-the-cia-triangle-and-why-is-it-important-for-cybersecurity-management

Smith, A. D. (2004). Cybercriminal impacts on online business and consumer confidence. Online Information Review, 28(3), 224-234.