Discuss how businesses can aim for compliance with behaviors.

The purpose of this assignment is to examine noncompliance of security policies and possible ways to handle these violations. In addition, students will develop a security policy document, called Rules of Behavior, in order to clarify the security policies.
Prompt
The chief information security officer (CISO) reaches out to you again and complains about the interns who appear to be violating many security policies. They do not lock their workstations, download illegal music, connect their personal devices to the organization’s computers, spend too much time on social media, and even download pornography to the organization’s computers. The CISO asks you to address these violations by developing two-page security document (Rules of Behavior) stating at least 15 rules about what activities employees are not allowed to conduct on the network. See the Department of Justice RoB template as a sample. Additionally, write three supplementary paragraphs to discuss what types of training should occur in order to keep these violations from occurring in the future. How can you proactively aim for compliance with these behaviors?
Specifically, the following critical elements must be addressed:
Address violations committed by the interns.
State at least 15 rules about network conduct.
Propose future training possibilities with three supplementary paragraphs.
Discuss how businesses can aim for compliance with behaviors.
ANSWER
**Rules of Behavior for Network Conduct**
**Addressing Violations Committed by Interns**
The interns’ violations of security policies are serious and could have a number of negative consequences for the organization, including:
* **Data breaches:** If interns download illegal music or pornography, or connect their personal devices to the organization’s computers, they could inadvertently introduce malware or viruses that could compromise sensitive data.
* **Productivity loss:** If interns spend too much time on social media or other non-work activities, they could be less productive and could miss deadlines.
* **Damage to reputation:** If interns violate security policies and their actions are discovered, it could damage the organization’s reputation and make it less attractive to potential customers and partners.
**Rules About Network Conduct**
The following are 15 rules about network conduct that employees should be required to follow:
1. Keep all workstations locked when unattended.
2. Do not download illegal music, movies, or software.
3. Do not connect personal devices to the organization’s computers without permission.
4. Do not use the organization’s network for personal use, such as social media, shopping, or gaming.
5. Do not open suspicious emails or attachments.
6. Do not click on links from unknown senders.
7. Use strong passwords and change them regularly.
8. Report any suspicious activity to the IT department immediately.
9. Be aware of the organization’s Acceptable Use Policy and follow all applicable rules and regulations.
10. Do not use the organization’s network to access or transmit child pornography or other illegal content.
11. Do not use the organization’s network to harass or bully other employees or customers.
12. Do not use the organization’s network to spread malicious code or viruses.
13. Do not use the organization’s network to violate the privacy of other employees or customers.
14. Do not use the organization’s network to engage in any activity that could damage the organization’s reputation or violate its intellectual property rights.
15. Abide by all other rules and regulations set forth by the organization’s IT department.
**Future Training Possibilities**
To help prevent future violations of security policies, the organization should provide employees with regular training on network security best practices. This training should cover topics such as:
* The importance of strong passwords and password management
* How to identify and avoid phishing emails
* How to protect against malware and viruses
* How to report suspicious activity
* The organization’s Acceptable Use Policy and other relevant rules and regulations
In addition to general security training, the organization could also provide more specialized training to certain groups of employees, such as interns. This training could focus on specific areas of security that are relevant to the interns’ job duties.
**Proactive Compliance**
The organization can proactively aim for compliance with security behaviors by implementing a number of measures, such as:
* **Regularly auditing employee activity:** The IT department should regularly audit employee activity on the network to identify any suspicious or unauthorized activity.
* **Implementing technical controls:** The IT department should implement technical controls, such as firewalls and intrusion detection systems, to help protect the network from unauthorized access and attack.
* **Creating a culture of security awareness:** The organization should create a culture of security awareness by emphasizing the importance of security in all aspects of the workplace. This can be done through training, communication, and rewards and recognition programs.
By taking these steps, the organization can help to ensure that its employees are aware of and following security policies. This will help to protect the organization’s data and systems from unauthorized access, attack, and misuse.