1.Lab- Developing a Security Policy Framework Implementation Plan

2. Discussion: Risk Mitigation Learning Objectives and Outcomes Explain a risk mitigation strategy that reduces risks for an organization. Assignment Requirements Company M designs, manufactures, and sells electronic door locks for commercial buildings. The company has approximately 1,500 employees in three locations around the United States and generates $50 million in annual revenues. Over 5,000 wholesalers and distributors access the Company M business-to-business (B2B) Web site to place orders and track fulfillment. In the past year, Company M experienced 22 information security incidents, most of which involved lost or stolen laptops, tablet PCs, and smartphones. In addition, the company dealt with four serious malware events that originated from an unpatched server, an insecure wireless network used in the manufacturing plant, an insecure remote connection used by a sales person, and a headquarters employee who downloaded a game from the Internet to her workstation. Three of the malware incidents resulted in files that were erased from the companys sales database, which had to be restored, and one incident forced the B2B Web site to shut down for 24 hours. Form small groups and discuss the following: Identify and discuss technological and financial risks that Company M faces. Which domains of the IT infrastructure were involved during the four malware events? What types of security policies should Company M institute to mitigate those risks? At the end of the discussion, write a summary of your learning from the discussion Self-Assessment Checklist I identified technological and financial risks faced by the company in the scenario. I identified domains of the IT infrastructure that were affected by the malware incidents. I recommended types of security policies the company should institute to mitigate risk. I participated in the discussion with my peers.