COMP 1843 Principles of Security

Tutorial 4
Name: Vương Quốc Anh
ID moodle: 001340603
Student ID: GCC220062
1. Do you agree that InfoSec policy serves as a countermeasure? if so then
please explain.
Yes, I agree that InfoSec policies are vital countermeasures to ensure the
security of an organization's assets, information, and systems. These policies
provide a structured framework for managing security risks and defining
acceptable behaviors and practices related to information security. By clearly
outlining guidelines, procedures, and responsibilities, InfoSec policies help
prevent unauthorized access, data breaches, and other security incidents. They
also promote compliance with regulatory requirements and industry best
practices. Overall, InfoSec policies play a crucial role in mitigating security
threats and protecting an organization's critical assets.
2. What recommendations are suggested for adoption of an effective security
policy?
To adopt an effective security policy, the following recommendations are
suggested:
Clearly Define Objectives: The policy should clearly define its objectives,
including maintaining confidentiality, ensuring availability, and maintaining
integrity of resources.

Involve Key Stakeholders: Collaboration among IT, security, legal, HR, and
other relevant departments is essential to ensure that the policy addresses all
necessary aspects and is aligned with organizational goals.
Tailor Policies to Organization: Policies should be customized to the specific
needs, size, and industry of the organization. One size does not fit all when it
comes to security policies.
Regular Review and Update: Security threats and technologies evolve over
time, so policies should be reviewed and updated regularly to remain effective
and relevant.

Employee Awareness and Training: Employees should be educated about the

policies and their importance through training programs and awareness
campaigns. They should understand their roles and responsibilities in
maintaining security.

Enforce Compliance: Compliance with security policies should be enforced

consistently across the organization. Clear consequences for non-compliance
should be defined.

Monitor and Measure Effectiveness: Regular monitoring and evaluation of

security measures and incidents can help identify areas for improvement and
ensure that the policies are effective in achieving their objectives.