Cyber Security Policies For Businesses Training Ppt

Slide 2

This slide lists cyber security policies that every organization must have. These are: Acceptable Use Policy; Change Management Policy; Remote Access Policy; Password Management Policy; Vendor Management Policy; Network Security Policy; Data Retention Policy; Identity Access Management Policy; Security Awareness & Training Policy, and Clean Desk Policy. 

Slide 3

This slide tells us what is included in an Acceptable Use Policy (AUP). The AUP defines the inappropriate use of information systems and the risk it may cause. Improper behavior may compromise the network system and result in legal consequences 

Instructor’s Notes: The AUP also covers acceptable behavior while handling confidential or private information, general use, and inappropriate use.

Slide 4

This slide talks about change management policy. A company's change management policy ensures the management and approval of changes made to an information system

Instructor’s Notes: The change management policy covers hardware, software, database, and application changes to system configurations.

Slide 5

This slide tells us what is included in a Remote Access Policy. The remote access policy is designed to reduce potential exposure from damages that may be caused due to unauthorized use of resources.

Slide 6

This slide gives information about password management policy. This policy offers guidance on developing, implementing, and reviewing a documented process for appropriately creating, changing, and safeguarding strong and secure passwords. his critical action is used to verify user identities and obtain access to company systems or information.

Slide 7

This slide tells us what is included in a Vendor Management Policy. This policy validates a vendor’s compliance and addresses the procedure for hiring them. The organization should assess the vendor’s ability to create, receive, maintain, or transfer confidential data on the behalf of the company.

Slide 8

This slide discusses network security policy. A network security policy ensures the confidentiality, integrity, and availability of information on an organization's systems. The policy follows aa specific process for conducting information system and network activity reviews periodically.

Slide 9

This slide introduces the concept of Data Retention Policy. This policy outlines the types of data the organization must retain and for how long. The policy also states how the data should be stored and destroyed.

Slide 10

This slide tells us what is included in an Identity Access Management Policy. The organization must create and document a process for establishing, documenting, reviewing, and modifying access to systems and sensitive data.

Slide 11

This slide gives information about Security Awareness and Training Policy. All employees of the organization should receive security awareness training to carry out their duties effectively and protect business information

Instructor’s Notes: The policy must also highlight the personnel responsible for creating and conducting the training.

Slide 12

This slide gives information about clean desk policy. A clean desk policy is a company directive that outlines how employees should leave their workspaces when they leave office.

Slide 13

This slide discusses the importance of a clean desk policy. Clean Desk Policies help limit the exposure of sensitive data to unauthorized users, such as outside vendors or cleaning staff, and avoid security breaches.

Slide 14

This slide gives information about the implementation of a clean desk policy. An effective clean desk policy must include the following features: Clarity, availability, electronic documentation, tools, reminders, and enforcement.