The Case Document referenced 10 security gaps, such as lack of security awareness, training to fight phishing and social engineering attacks, and lack of configuration policies to reduce unintentional threats.
This assignment will include a list of access control policies addressing remote access, encryption and hashing (to control data flow), auditing network accounts, configuration change management (to reduce unintentional threats), segregation of duties, mandatory vacation (to mitigate intentional threats), personally identifiable information (PII) breaches, media protection, and social engineering. This milestone focuses on security functionality. Keep in mind that each policy should be no longer than one page.
For additional details, please refer to the Milestone Two Rubric document, the Final Project Document, and the Case Document in the Assignment Guidelines and Rubrics section of the course.