Scribd Logo
Hochladen

Willkommen bei Scribd!

  • Implementation Enforcement Compliance Plan

    Hochgeladen von

    api-502019278
    25 Ansichten5 Seiten

    Originaltitel

    implementation enforcement compliance plan

    Copyright

    © © All Rights Reserved

    Verfügbare Formate

    DOCX, PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden

    Copyright:

    © All Rights Reserved
    Als DOCX, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    25 Ansichten5 Seiten

    Implementation Enforcement Compliance Plan

    Hochgeladen von

    api-502019278

    Copyright:

    © All Rights Reserved
    Als DOCX, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 5

    Implementation, Enforcement, and

    Compliance Plan

    HIC Inc.

    Version 1

    October 28, 2019


    HIC Inc. Cameron W Assignment 7 Page 1

    Implementation, Enforcement, and Compliance Plan

    Introduction:

    HIC Inc. defines Implementation, Enforcement, and Compliance Plans as company standards on

    how to implement, enforce and comply with HIC Inc.’s corporate policies to safeguard users,

    employees, and customer's confidentiality, integrity, and availability. The primary objective of the

    Implementation, Enforcement, and Compliance Plan is to identify how HIC Inc. will distribute,

    enforce, and train employees about the security policies in place. A secondary goal is to ensure all

    security policies remain upheld to company standards and requirements.

    Compliance Officer:

    HIC Inc.’s Chief Information Security Officer (CISO) is acting as Compliance Officer whose

    primary goal concerning security policy is to create, distribute, and manage HIC Inc.’s security

    policy documents. Managing security policy documents includes staying up to date with current

    with global compliance and policy changes, maintaining the policy, altering the policy, developing

    resources and support documents for policies, and enforcement of the policy.

    Monitoring and Reporting:

    Monitoring and Reporting are required, and essential systems that ensure policies are practical and

    effective. Using Monitoring and Reporting, the CISO can determine if the policies are being

    followed by personnel and provide information on policy violations. Monitoring and Reporting

    also provide vital information on how to adjust a policy to improve its success.

    HIC Inc. will use automated systems to monitor and report on policy violations and provide

    information on policy effectiveness. HIC Inc. will also perform random audits on personnel to

    ensure individuals are up to update and aware of the security policies in position. With the use of
    HIC Inc. Cameron W Assignment 7 Page 2

    automated systems and random audits, HIC Inc. will ensure the organization meets compliance

    such as HIPAA and PCI DSS.

    HIC Inc. will have annual reviews of all policies and compare the reviews to the previous year's

    baselines. Baselines will be created at the end of the year to track and record the organization's

    overall policy posture. The use of these baselines will provide information into each random audit,

    and automated system reports to develop effective policies that improve security compliance and

    requirements.

    Communication:

    HIC Inc. will provide each employee with easy access to all security policies through the online

    company portal. Employees can obtain the current security policies at any moment through the

    portal with the knowledge the policy on the portal is the active policy. All new employee

    orientation will provide new employees all active policy and will be required to read and sign off

    on all active security policies, acknowledging each policy and agreeing to comply with the

    policies.

    A change to a security policy will be documented and emailed to all employees who are affected

    by this change. Updates on every change of policy are on the company portal. The policy on the

    portal is considered active, and each employee must read and acknowledged the new policy.

    Questions on all policy changes should are to be directed to the direct manager.

    Training:

    All HIC Inc. employees are required to participate in an annual Security Awareness and Training

    program, designed to improve and meet security regulatory compliance and requirements. Each

    employee will receive an online Security Awareness Training class through their email that will be
    HIC Inc. Cameron W Assignment 7 Page 3

    required to complete in two weeks upon the distribution date. All employees will be informed of

    the training program one month prior. All employees must complete the required training within

    the two weeks and must obtain passing scores covering company policies and core security

    concepts.
    HIC Inc. Cameron W Assignment 7 Page 4

    References

    Bosworth, S., Kabay, M.E., and Whyne, E. (2014). Computer Security Handbook, Sixth

    Edition. Hoboken, NJ: John Wiley & Sons.

    Johnson, R. (2015). Security Policies and Implementation Issues, Second Edition.

    Burlington, MA: Jones & Bartlett Learning.

    Das könnte Ihnen auch gefallen