New security policy created for e-mail will ensure e-mails are used for business purpose and limits personal usage of e-mails. Policy also permits Softsearch to monitor employee’s e-mails if required. Controls implemented by e-mail policy will help prevent confidentiality breach. However, e-mail policy does not govern attachments within e-mails. Policy should be enhanced to include e-mail attachment specific statement to prevent employees from opening attachments from unknown source & forwarding such attachments within the company network.
Internet policy prohibits employees from visiting indecent, illegal and pornographic sites, participate in online gaming, streaming videos, download pirated software. These measures will reduce Softsearch network’s exposure to virus and hacking attempts. In addition to these prohibitions for internet usage, policy should be enhanced to include prohibitions for social media websites (Facebook, Twitter etc.), online blog, online document stores (Google Drive, DropBox etc) to ensure no private company information is shared.
This may expose that can be sent to external e-mail addresses. This may expose Softsearch with confi confidentially if private information is sent to external e-mail addresses. E-mail policy should be enhanced to include statement regarding no attachment policy for external e-mail addresses.
Employee’s can e-will be able to and internet usage addresses softsearch policSoftsearch new policy addresses issues with e-mail E-mail usage policy clearly dictates
B. Case Study Analysis
OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation) risk-assessment methodology was used to analyses Softsearch Case study.
Scope of this risk analysis is limited to how Softsearch network will establish partner network