1. Identify, select and devise the top 5 security policies that are essential for Norman Joe’s. Hint: You may refer to security policies from the external sources such as the SANS policy library....

Contents
Introduction:    2
1. Update security policy library    2
a. Security policies Norman Joe needs to have    2
c. Explanation of each policy    3
2. Security Program Update Part 1: Risk Management Framework    4
a. Risk Assessment, Risk Appetite and Risk Treatment for Norman Joe    4
b. Risk Management Framework most appropriate for Norman Joe    5
3. Security Program Update Part 2: Risk Management Plan    5
a. Access control policy    5
b. Data security solutions for three different data states    6
c. Authentication method    6
d. Use of SSO in Norman Joe to manage authentication    7
e. Six phases of developing an incident response plan for the company    7
References:    8
Introduction:
Norman Joe has to implement proper cybersecurity that network and system remains protected from digital attacks. Strong infrastructure through multiple networks and program layers will be a useful tool for the management in providing defense for the sensitive information of the entity. A package of various tools can be helpful for the entity to handle the malware.
1. Update security policy library
a. Security policies Norman Joe needs to have
Normal Joe should implement such security policy so that the efficiency of the entity can be enhanced. The main aim should be protection of the vital information. The security policy should be in line with the overall organizational policy so that disciplinary action can be taken if required.
· Virus and Spyware Protection policy: Such policies are required to detect the virus and then either repair it or permanently remove it (Almunia 2012). Suspicious behaviours can be easily identified using this policy and insight can be obtained on download.
· Firewall Policy: Such policy will actually provide protection to the network and system of the entity while it gets connected to the Internet. it is very important in order to detect external attacks from cybercriminals. Unwanted traffic network sources can be easily removed.
· Intrusion Prevention Policy: Such policy will help in detecting attacks to the network from external sources and then block such source. The content of the data packages and malware can be checked using this policy.
b. Comprehensively justified for inclusion
The policy of cyber security is to be included in the organizational policy of Norman Joe so that data can be saved from any kind of damage or theft. The data can be the sensitive information of the entity as well as about the consumers and employees of the entity (Tikkinen-Piri et al. 2018). The reason for such damage can be cloud service configuration, which needs to be reduced so that the network and system can be protected. The security needs to be implemented throughout the whole organization and for that if needed all the employees need to be educated. Required amount of investment is to be made and regular monitoring is necessary. Even though the initial investment is high yet the overall cost of cybersecurity risk assessment will decrease.
c. Explanation of each policy
Virus and Spyware Protection policy: Norman Joe needs this policy to protect its computers against riskware, file virus, spyware as well as from other type of viruses so that web traffic cannot breach the security of the entity. User security should be the top priority of any entity and this should be manual scanning and automatic updates to ensure absolute protection (Bennett 2011). as they write us types gets updated, it is important that virus protection measures also updates. It would management is absolutely important in Norman due so that the results of information transaction between managed host and policy manager can be scanned and monitored.
Firewall Policy: This policy is necessary to ensure that network traffic types are specified so that the firewall features are defined as per the policy of multiple profiles in firewall software. For specific...