C3 LA-B B3 Policy

Every employee has specific data security responsibilities based on their role, and concerns should be reported to a designated data security officer.

Employees are responsible for ensuring that they understand and comply with data security policies.

Allowing employees to download and install any software they need can lead to the installation of unauthorised and potentially harmful software on company devices. While completely banning software installation may seem like a safe option, it can restrict employee productivity. Seeking approval from a supervisor can create unnecessary bureaucracy and delays. Therefore, the best policy is to only allow the use of approved software, as determined by the company's IT department, to ensure that all software is secure and compliant with data security policies.

This is the best example of a security parameter for device hardening because outdated operating systems are more vulnerable to attacks. Ensuring that all devices are updated with the latest operating system version can help protect against known vulnerabilities and reduce the risk of a security breach.

Leaving default usernames and passwords is a major security risk because attackers can easily gain access to the device. Therefore, it is important to change default usernames and passwords during device hardening. Enabling firewalls, disabling unnecessary services, and installing anti-virus software are all examples of security parameters that should be considered during device hardening to improve data security.

Disaster recovery is not the sole responsibility of the IT department. Every employee in the organisation has a role to play in ensuring that disaster recovery plans are in place and that they are followed in the event of a disaster. All employees should be trained on what to do in case of a disaster, and there should be clear guidelines in place for disaster recovery. This will help to minimize the impact of a disaster on the organization and ensure that business operations can be restored as quickly as possible.

Reporting security breaches or suspicious activity to the IT department as soon as possible is crucial in mitigating potential damage caused by a security incident. Keeping a backup of all data on personal devices and storing passwords and sensitive data in easily accessible locations can actually increase the risk of a security breach. Sharing login credentials with colleagues is also a security risk as it makes it difficult to trace who has accessed what data.

Reporting any suspicious activity or security breaches immediately can help to prevent further damage and limit the impact of a security incident. Making backups of files is also important, but they should be stored in a secure location. Keeping passwords written down and sharing login credentials are both DON'Ts and can compromise the security of the organisation's data.

Storing backup media in an unlocked cabinet poses a significant security risk, as it makes it easy for unauthorised individuals to access and steal sensitive data. It is important to ensure that backup media is stored securely, such as in a locked cabinet or off-site location. Backing up all important data on a regular basis, scheduling backups during off-peak hours, and using encrypted media for backup storage are all recommended best practices for a data security policy.