Below is a list of “ingress-egress filtering policies” for Richman Investments. Pick one or more of these policies that an ISS Security Control Assessment/Audit Process might find “violations” during an “audit” and why that policy (and the associated auditing, testing, and monitoring) is essential in mitigating cybersecurity threats and vulnerabilities.

• No peer-to-peer file sharing or externally reachable File Transfer Protocol (FTP) servers
• No downloading executables from known software sites
• No unauthorized redistribution of licensed or copyrighted material
• No exporting internal software or technical material in violation of export control laws
• No introduction of malicious programs into networks or onto systems
• No accessing unauthorized internal resources or information from external sources
• No port scanning or data interception on the network
• No denying service or circumventing authentication to legitimate users
• No using programs, scripts, or commands to interfere with other network users
• No sending unsolicited email-messages or junk mail to company recipients
• No accessing adult content from company resources
• No remote connections from systems failing to meet minimum security requirements