Security and compliance are interconnected in important ways. What happens if you have a policy, but you cannot assure compliance? There is no automated enforcement mechanism. You cannot be sure if policy is followed or not.

technical writing

Description

Security and compliance are interconnected in important ways. What happens if you have a policy, but you cannot assure compliance? There is no automated enforcement mechanism. You cannot be sure if policy is followed or not. To gain a deeper appreciation for the relationship between security and compliance, consider the following scenario: In an organization, managers are allowed to add users to Active Directory groups, which potentially grant them access to sensitive data on file shares. There are security policies and regulations that state that this access must be reviewed quarterly to ensure that only approved people have access to certain types of sensitive data. Sometimes, when people change jobs, their access may not be removed properly, so controls need to be put in place to demonstrate that the organization is doing a good job of meeting security and regulatory requirements. Access requirements can change frequently, and at a large organization this can become very difficult to manage. When an employee moves from one job to another in the same organization, someone must change their level of access to certain resources. A manager should approve this change, and there should be quarterly metrics that show how managers are reviewing access levels for employees, and modifying access, as needed. For this Discussion, in 250–400 words, address the following: For the given scenario, recommend two policies that you would create for managers approving new access and for monitoring that access. In recommending these policies, make sure they are appropriate for the employees and are in accordance with the organizational policy for approving and monitoring access. Discuss the artifacts you would generate, as a part of these policies, to demonstrate compliance.

Instruction Files

Related Questions in technical writing category


Disclaimer
The ready solutions purchased from Library are already used solutions. Please do not submit them directly as it may lead to plagiarism. Once paid, the solution file download link will be sent to your provided email. Please either use them for learning purpose or re-write them in your own language. In case if you haven't get the email, do let us know via chat support.