please find attached pdf for assinment work
Requirements:
Assignment #1 – Securing your CompanyRecent attacks of Twilio and Cloudflare are interesting comparisons in that the phishing scheme appeared to work well against one company, but failed against another! In large part, this was due to the policies and procedures required of their employees – even though both companies had account passwords stolen.https://www.itnews.com.au/news/twilio-phishers-went-after-cloudflare-but-failed-583775https://www.cpomagazine.com/cyber-security/twilio-hackers-behind-okta-phishing-campaign-that-breached-over-130-organizations/You are taking on the role of a Chief Information Security Officer (CISO) at a high profile technology company that deals with sensitive HIPAA (Healthcare), FERPA (Education), and other Personally Identifiable Information for local governments. Before you came in, the information security policies and procedures became very relaxed and were no enforced at all. As part of your new role, you’ve been asked to come up with new policies and procedures for authentication and access control to prevent information leakage. What will we do?Write a 2 page document highlighting the policies and procedures you’d like to implement in the company. You can also propose the purchase of new equipment or software for employees, if it supports one of the update policies and procedures (e.g. Hardware tokens, Password Managers, etc.). Along with the policy and procedure, write a summary of what this policy will do to prevent unauthorized users from authenticating on the systems, how it balances the desire of employees to havea simple system while maintaining important security policies (for example, if you proposed a 20-factor authentication… is it really necessary and if so, why?)Please consider both the Authentication methods and Access Control policies from each user’s computer system. (You should NOT consider physical security at this time).Why are we doing this?The role of a CISO is meant to protect the information systems and data within an organization. But recent attacks have shown that many companies have weak policies and procedures that lead to compromised systems. Using the recent news of attacks allows you to understand what succeeded and what failed. This also takes the concepts from last class to critically think about the security policies implemented in both your company and your personal life.Learning ObjectivesThis assignment makes use of multiple course objectives•Describe and explain information security threats, vulnerabilities, and attack types.•Identify information security requirements for organizations and systems.•Explain Integral parts of best practices in information security.•Indentify and discuss issues related to access control.