USA: +1(669)289-8683 
Sign in
Assignment #1 – Securing your CompanyRecent attacks of Twilio and Cloudflare are interesting comparisons in that the phishing scheme
appeared to work well against one company, but failed against another! In large part, this was due to
the policies and procedures required of their employees – even though both companies had account
passwords stolen.
https://www.itnews.com.au/news/twilio-phishers-went-after-cloudflare-but-failed-583775
https://www.cpomagazine.com/cyber-security/twilio-hackers-behind-okta-phishing-campaign-thatbreached-over-130-organizations/
You are taking on the role of a Chief Information Security Officer (CISO) at a high profile technology
company that deals with sensitive HIPAA (Healthcare), FERPA (Education), and other Personally
Identifiable Information for local governments. Before you came in, the information security policies
and procedures became very relaxed and were no enforced at all. As part of your new role, you’ve
been asked to come up with new policies and procedures for authentication and access control to
prevent information leakage.
What will we do?
Write a 2 page document highlighting the policies and procedures you’d like to implement in the
company. You can also propose the purchase of new equipment or software for employees, if it
supports one of the update policies and procedures (e.g. Hardware tokens, Password Managers, etc.).
Along with the policy and procedure, write a summary of what this policy will do to prevent
unauthorized users from authenticating on the systems, how it balances the desire of employees to have
a simple system while maintaining important security policies (for example, if you proposed a 20factor authentication… is it really necessary and if so, why?)
Please consider both the Authentication methods and Access Control policies from each user’s
computer system. (You should NOT consider physical security at this time).
Why are we doing this?
The role of a CISO is meant to protect the information systems and data within an organization. But
recent attacks have shown that many companies have weak policies and procedures that lead to
compromised systems. Using the recent news of attacks allows you to understand what succeeded and
what failed. This also takes the concepts from last class to critically think about the security policies
implemented in both your company and your personal life.
Learning Objectives
This assignment makes use of multiple course objectives
• Describe and explain information security threats, vulnerabilities, and attack types.
• Identify information security requirements for organizations and systems.
• Explain Integral parts of best practices in information security.
• Indentify and discuss issues related to access control.
