Companies generally reference NIST standards when assessing their risk management. Based on your learning this week, what do you think would be your top NIST consideration when starting to craft a risk management policy for a small to medium sized company? Is it possible in your estimation to anticipate all possible threats and contingencies in advance of an attack?
- Describe the main elements of an acceptable use policy. Determine the factors that organizations need to consider when developing their acceptable use policy.
- Determine the special considerations that need to be taken into account when developing the acceptable use policy for different types of users (i.e., employees, system administrators, security personnel, contractors, guests, and auditors).
- Imagine that your supervisor has asked you to draft a brief statement about best practices for user domain policies that will be presented to the executive board. Create five best practices for user domain policies.
- Select the best practice that you would emphasize the most during this presentation to the executive board and explain why.