The CISO reaches out to you again and complains about the interns who appear to be violating many security policies. They do not lock their workstations, download illegal music, connect their personal devices to the organization’s computers, spend too much time on social media, and even download pornography to the organization’s computers. The CISO asks you to address these violations by developing a security document (Rules of Behavior) stating at least 15 rules about what activities employees are not allowed to conduct on the network. See the as a sample. Additionally, write three supplementary paragraphs to discuss what types of training should occur in order to keep these violations from occurring in the future. How can you proactively strive for compliance with these behaviors?. Specifically, the following critical elements must be addressed: · Address committed by the interns. · State at least 15 rules about . · Propose with three supplementary paragraphs. · Discuss how businesses can with behaviors. Your paper must be submitted as a three to four (3-4)-page Microsoft Word document with double spacing, 12-point Times New Roman font, and one-inch margins. Make sure you cite if you take a piece of someone’s work, very important and your reference should relate to your writing

Addressing Violations by Interns and Promoting Security Awareness

Interns violating security policies can pose significant risks to an organization’s information security. To address the violations described – failure to lock workstations, downloading illegal content, connecting personal devices, excessive use of social media, and downloading pornography – an effective approach would be to develop a comprehensive security document outlining a set of Rules of Behavior.

The following are 15 rules that should be included in the document to discourage such behaviors:

1. All workstations must be locked whenever the user is away, including for short periods.
2. Downloading, distributing, or accessing illegal content, including copyrighted material without proper authorization, is strictly prohibited.
3. Personal devices, such as smartphones, tablets, or USB drives, are not allowed to connect to organizational computers without explicit permission.
4. Social media usage during working hours should be limited to work-related tasks only.
5. Pornographic material or any content deemed offensive or deemed inappropriate by the organization is strictly prohibited from being accessed or downloaded on organizational computers.
6. Employees are required to use strong and unique passwords for all their accounts.
7. Sharing passwords or any form of user credentials with others is strictly prohibited.
8. All software and applications used on organizational computers must be legally licensed.
9. All software and security updates must be promptly applied to ensure ongoing protection against known vulnerabilities.
10. Reporting any suspicious activity or potential security incidents to the IT department is mandatory.
11. All employees should be aware of and abide by the organization’s data protection and privacy policies.
12. Unauthorized modification of any information system or its related components is strictly prohibited.
13. Personal use of organizational resources, including bandwidth, is limited and should not interfere with work-related tasks.
14. Email communication should adhere to the organization’s acceptable use policies, including refraining from sending or opening suspicious emails or email attachments.
15. All employees should undergo regular security awareness training to ensure they are aware of and understand the organization’s security policies and best practices.

In order to prevent future violations, it is crucial to provide comprehensive training to all employees. Firstly, general security awareness training sessions should be conducted regularly, covering topics such as the importance of information security, identifying potential threats, and the organization’s policies and procedures. This training can be conducted in person, through online modules, or a combination of both. It should be mandatory for all employees, including interns.

Secondly, specialized training should be provided to interns specifically, as they have limited experience and may not be fully aware of security risks. This training should focus on the specific rules and regulations outlined in the organization’s Rules of Behavior, emphasizing the potential consequences of non-compliance.

Thirdly, ongoing monitoring and reinforcement of security policies and best practices are necessary. Regular security audits, awareness campaigns, reminders through email or posters, and even periodic quizzes can help keep security at the forefront of employees’ minds.

By implementing these training measures and encouraging a culture of security awareness, organizations can proactively strive for compliance with desired behaviors, reducing the likelihood of security policy violations by interns and other employees.

Need your ASSIGNMENT done? Use our paper writing service to score better and meet your deadline.

Click Here to Make an Order Click Here to Hire a Writer