Premium Essay

Aspects of an Effective Security Policy

In: Computers and Technology

Submitted By DeanPopma
Words 2348
Pages 10
Aspect of an Effective Security Policy

Outline
I. Introduction
A. Reason behind an effective security program
1. Reliance on information technology 2. Maintaining profitability B. Areas of concern for effective security programs 1. Information Security 2. Personnel Security 3. Physical Security
II. Responsibility
A. Chief Information Officer or Chief Information Security Officer 1. Feasibility for small businesses B. Employee responsibility III. Program implementation A. Risk assessment
B. Security Policy
C. Training 1. Insider Threat
IV. Disaster Recovery Plan A. Why have a DRP B. Seven steps of planning
V. Conclusion

Aspects of an Effective Security Policy
Today almost every business from large cooperation’s to your local small business owner, Aunt Nancy’s homemade quilts, rely heavily on information technology to develop sales strategies, promote their product by reaching out to consumers via social media, sell and distribute their goods, develop new products, and run daily operations from accounting to time cards. The scale at which they use technology may vary, but the need for each business large or small, to incorporate an effective security program is key to keeping their systems up and running while at the same time providing enough freedom to themselves or their employees to remain competitive and productive. In short too much security may result in a loss of business and profits, not enough security, the same thing can happen and much worse. For an effective security program to be establish and work, a business must incorporate a security policy that works for it. I will be covering some of the steps required by any business to successful incorporate a security program. Keep in mind that no two businesses are alike and so no one security policy will work for every business. So the…...

Similar Documents

Premium Essay

Security Policy

...Security Policy CMGT 441 Security Policy Current Loan Process      McBride currently has two methods of applying for a loan: in-person or online. Either method eventually will return the same results; however, the online application method is faster as customers do not physically have to show up to an office to complete the paperwork. The obvious benefits of completing the loan application online far outweigh the physical appearance; however, there are a few downsides. The major downside is that should customers have questions about any portion of the loan application or loan process, they must either wait until their application has been received and turned over to a loan officer or contact one of eight offices via telephone. Current Security Issues Security of information is a major concern for businesses, but when dealing with the Internet, additional security threats emerge. Because McBride uses both an office setting and an online environment setting to accept loan applications, different security issues are related to each one. In-Person Almost all of McBride’s offices lack proper security features that will protect client information from getting stolen. All buildings located in each of the eight offices lack any sort of surveillance equipment. Because of this, hallways, offices, cubicles, and the parking area are not monitored for potential criminal activity. There are also no security measures in place that protect against unauthorized access into...

Words: 891 - Pages: 4

Premium Essay

Security Policy

...Riordan Manufacturing Security Policy Smith Systems Consulting has been hired to evaluate and consult on the creation of a new information technology security policy to span the complete enterprise infrastructure. This document will serve as a recommendation for Riordan Manufacturing as it pertains to the enterprise wide information security strategy. Riordan Manufacturing currently has three locations within the United States and one location in Hangzhou, China. All of these locations have been evaluated and are considered part of the enterprise security policy. The review of the current information technology security policy was conducted based on the idea of improvement with respect to current technology trends and best practices. An evaluation of the enterprise infrastructure as a whole, as it pertains to information technology security, was also conducted. These evaluations were the starting point for Smith Systems Consulting to design a security strategy to best fit Riordan Manufacturing. The existing security policy consists of location-based data access to on-site servers and on-site access to Unix servers for ERP and MRP systems. Also, it was evident that there are a number of servers and data to be accessed from different operating systems that are deployed throughout the locations. The management of the existing security strategy is one that requires each individual to be assigned access permissions manually throughout their term of employment. This strategy......

Words: 304 - Pages: 2

Premium Essay

Security Policies

...IT Security and Compliance Policy | IS3350/Security Issues; Roger Neveau; 3/12/2013; Mike Taylor, Instructor | This document is the Final Project for IS3350 Security Issues, creating and improving security policies for LenderLive Network | | Table of Contents Introduction2 Risk Analysis2 SWOT Analysis2 Physical Security5 Data Classification6 Regulatory Compliance8 Intellectual Property…………………………………………………………………………………………………………………………….10 Training……………………………………………………………………………………………………………………………………..............11 Security Breach……………………………………………………………………………………………………………………………………..12 Appendix A SWOT Analysis…………………………………………………………………………………………………………………..14 Appendix B Definitions………………………………………………………………………………………………………………………….17 Appendix C Roles…………………………………………………………………………………………………………………………………..18 Works Cited…………………………………………………………………………………………………………………………………………..19 Introduction An effective IT Security policy protects the organization against possible threats to the infrastructure and data that the organization has. It will provide and maintain its ability to provide confidentiality, integrity, availability, and security of the client’s data within the organization’s environment. Overview The IT Security and Compliance policy for LenderLive Network Inc. will detail the policies, procedures, and guidelines that the organization will adhere to, to ensure compliance of the Graham-Leach-Bliley Act (GLBA) and Federal Trade Commission’s Safeguards Rule. It......

Words: 4550 - Pages: 19

Premium Essay

Security Policy

...sure all of the security policy is enforced by mechanisms that are strong enough. There are many organized methodologies and risk assessment strategies to assure completeness of security policies and assure that they are completely enforced. In complex systems, such as information systems, policies can be decomposed into sub-policies to facilitate the allocation of security mechanisms to enforce sub-policies. However, this practice has pitfalls. It is too easy to simply go directly to the sub-policies, which are essentially the rules of operation and dispense with the top level policy. That gives the false sense that the rules of operation address some overall definition of security when they do not. Because it is so difficult to think clearly with completeness about security, rules of operation stated as "sub-policies" with no "super-policy" usually turn out to be rambling rules that fail to enforce anything with completeness. Consequently, a top level security policy is essential to any serious security scheme and sub-policies and rules of operation are meaningless without it. If it is important to be secure, then it is important to be sure all of the security policy is enforced by mechanisms that are strong enough. There are many organized methodologies and risk assessment strategies to assure completeness of security policies and assure that they are completely enforced. In complex systems, such as information systems, policies can be decomposed into sub-policies to......

Words: 374 - Pages: 2

Free Essay

Security Policy

...Law and Policy Case Study September 15, 2013 Introduction In the field of information security, there are many types of law. As senior managers, it is important to be knowledgeable of the legal environment. Once this information is learned and retained, then it will increase access and understanding of information security. Laws and practices that are related to information security will be discussed and how these laws impact organizations today and ensures confidentiality, integrity, and availability, of information and information systems. Governance policy will be discussed and recommendations for development of governance policy in an organization. Analysis The law in information security is very broad. There are different types of laws in information security. Civil law, criminal law, administrative law, and constitutional law are all part of law in information security. Civil law deals with law associated with individuals and organizations. Criminal laws are laws that effect society and are prosecuted by the state. Cornell University defines administrative law as “Branch of law governing the creation and operation of administrative agencies. Of special importance are the powers granted to administrative agencies, the substantive rules that such agencies make, and the legal relationships between such agencies, other government bodies, and the public at large (Cornell, 2010).” Constitutional law deals with how law...

Words: 824 - Pages: 4

Premium Essay

Security Policy

...TABLE OF CONTENTS 1. POLICY STATEMENT ..................................................................2 2. ACCESS CONTROL.....................................................................3 4. DOCUMENTED DATA SECURITY POLICY.................................4 1. POLICY STATEMENT It shall be the responsibility of the I.T. Department to provide adequate protection and confidentiality of all corporate data and software systems, whether held centrally, on local storage media, or remotely, to ensure the continued availability of data and programs to all authorized members of staff, and to ensure the integrity of all data and configuration controls. Summary of Main Security Policies 1.1. Confidentiality of all data is to be maintained through discretionary and mandatory access controls, and wherever possible these access controls should meet with C2 class security functionality. 1.2. Access to data on all laptop computers is to be secured through encryption or other means, to provide confidentiality of data in the event of loss or theft of equipment. 1.3. The use of unauthorized software is prohibited. In the event of unauthorized software being discovered it will be removed from the workstation immediately. 1.4. Data may only be transferred for the purposes determined in the corporate data- protection policy. 1.5. All disk drives and removable media from external sources must be virus checked before they are used within the corporation. 1.6. Passwords......

Words: 1364 - Pages: 6

Premium Essay

Security Policy

... |MCSD IT Security Plan  | |Type: |MCSD Procedural Plan | |Audience: |MCSD IT Employees and Management | |Approval Authority: |Assistant Superintendent for Technology & Personnel | |Contact: |mail to: bakatsm@marlboroschools.org   | |Status: |Proposed: |January 17, 2010 | | |Approved: |TBA |   [pic] MARLBORO CENTRAL SCHOOL DISTRICT Information Technology Security Plan                  January 17th, 2010 Table of Contents Introduction................................................................................................................ 3 Information Technology Security Safeguards........................................................... 4 Physical Security....................................................................................................... 5 Personnel Security..................................................................................................... 5 Data Communications Security...............

Words: 3526 - Pages: 15

Free Essay

Security Policy

...University of Maryland University College CMIS 102 - Introduction to Problem Solving & Algorithm Design Section 6383 (WebTycho) Assignment 4 – Flow Control Statements 8 points Due by Saturday, April 3, 2010 at Midnight   This program is to be submitted via the WebTycho Assignments folder no later than the date and time shown above to avoid losing points per the rules stated in the Syllabus. Do not mail, e-mail or fax this assignment to the instructor or TA! It is your responsibility to review the policies for the assignments and projects specified in the syllabus and adhere to all guidelines. These rules are meant to apply equally to everyone. Please do not ask for special exceptions! There is no extra ‘make-up work’ for points lost on this exercise.   This programming exercise requires you to demonstrate your understanding and mastery of: |Functional Programming |Modules | |Step-wise refinement |Flow control statements | |Selection and Repetition structures |Program documentation | 1. (5 points): Complete the Programming Exercise: Maximum of three floating points. The code template is provided below 2. (3 points): Test your code with the numbers shown in the table below, See if you get the expected answer Develop a test suite for your code. Test......

Words: 485 - Pages: 2

Premium Essay

Final Information Security Policy

...1. Executive Summary 2 2. Introduction 3 2.1 Company Overview 3 2.2 Security Policy Overview 4 2.3 Security policy goals 4 2.3.1 Confidentiality 4 2.3.2 Integrity 5 2.3.3 Availability 5 3. Disaster Recovery Plan 6 3.1 Risk Assessment 6 3.1.1Critical Business Processes 7 3.1.2 Internal, external, and environmental risks 7 3.2 Disaster Recovery Strategy 8 3.3 Disaster Recovery Test Plan 8 3.3.1 Walk-throughs 8 3.3.2 Simulations 9 3.3.3 Checklists 9 3.3.4 Parallel testing 9 3.3.5 Full interruption 9 4. Physical Security Policy 10 4.1 Security of the building facilities 10 4.1.1Physical entry control 10 4.1.2 Security offices, rooms and facilities 11 4.13.Isolated delivery and loading areas 12 4.2 Security of the information systems 12 4.2.1Workplace protections 12 4.2.2Unused ports and cabling 13 4.2.3 Network/server equipment 13 4.2.4 Equipment maintenance 13 4.2.5 Security of laptops/roaming equipment 13 5. References 14 Executive Summary The objective of this proposal is to present the information security policy created for Bloom Design Group. The issue of a company’s network security continues to be crucial because the results of data loss or significant system failure can be disastrous for a company. An alarming number of companies fail to realize how vulnerable their network is to internal, external, and environmental risks. One of the top priorities of an organization should be......

Words: 3568 - Pages: 15

Premium Essay

Security Policy

...Subject: Management Information Systems Assignment: Security Poli Cooney Hardware Ltd Security Policy Table Of Contents * Introduction * Purpose * Why do we need a Security Policy * What is a Security Policy * Building Issues * IT Policy * Risk Analysis (Identifying The Assets) * Risk Management(Identifying The Threats) * Personal Security * Health And Safety * Auditing * Security Threats * Network Policy * Delivery Of Goods * Conclusion * Introduction Information Security has come to play an extremely vital role in today’s fast moving but invariably technically fragile business environment. Consequently, secured communications and business are needed in order for both Cooney Hardware Ltd. and our customers to benefit from the advancements the internet has given us. The importance of this fact needs to be clearly highlighted, not only to enhance the company’s daily business procedures and transactions, but also to ensure that the much needed security measures are implemented with an acceptable level of security. It’s sad to see that the possibility of having our data exposed to a malicious attacker is constantly increasing everyday due to the high number of ‘security illiterate’ staff also having access to sensitive and sometime even secret business information. * Purpose The purpose of this policy is to secure and protect the assets owned by Cooney Hardware Ltd, one of the biggest hardware...

Words: 2252 - Pages: 10

Premium Essay

Security Policy

...Abstract 3 Security Policy Part 1 4 Computers 4 Switches 4 Personal Drives 5 Patient Database 5 Department Shared Folders 6 Network Configuration 6 Thumb Drives 7 Email Account 7 Account Management 7 Wireless Network 8 Security Policy Part 2 8 Missing 9 Incomplete 9 Inaccurate 10 Ill advised 10 References 12 Abstract This paper is based on two companies and their security policies. Some companies have a security policy that is complete and some companies have a security policy that is incomplete. The company that has a complete security policy will be able to activate that policy when a security violation occurs. The users and network administrator will know exactly what to do to mitigate the incident. The policy should have a corrective action section that will guide the people involved on how to handle the incident. Then there are those companies that have an incomplete plan so when a security violation occurs the whole company is in an up roar because they do not know what to do. These companies will have to mitigate the incident as they go and when this happens the process is not complete leaving things left undone. The best practice for every company is to have a complete and accurate security plan that is reviewed annually. The Security Policy Security Policy Part 1 I work for a hospital so network security is very important when it comes to keeping patient data safe. Ten things that are subject to compromise are: computers, switches,......

Words: 2464 - Pages: 10

Premium Essay

Security Policy

...Security Policy Marc Johnson CMGT/441 December 21, 2014 Praful Dixit Security Policy for McBride Financial Services Information Technology (IT) Security Policy I. SCOPE This IT Security Policy has been undertaken In order to safeguard sensitive, confidential, and proprietary information that is passed through the network of McBride Financial Services. The safety and security of such information is vital to the success of McBride Financial Services and any sensitive information that is compromised would be harmful to McBride Financial Services and its efforts as an organization. Use of information technology networks by employees of McBride Financial Services is permitted and encouraged where such use supports the goals and objectives of the organization. However, McBride Financial Services has a policy for the security of the information that is shared trough these networks. Employees must ensure that they: * Comply With the current IT Security policy, * Use information technology networks in an acceptable, safe, and responsible manner, and * Do not create unnecessary risk to McBride Financial Services by their misuse of information technology networks. II. POLICY STATEMENT All members, employees, guests, and individuals are responsible for adhering to this IT policy and maintaining the security of proprietary information shared on the information technology networks of McBride Financial Services. This IT Security Policy is......

Words: 711 - Pages: 3

Premium Essay

Effective Information Security

...Effective Information Security Requires a Balance of Social and Technology Factors MIS Quarterly Executive Vol. 9 No. 3/ Sept 2010 Team 3 Article 12 Review, BUS ADM 744 Kirt Oaks, Deepika Gopukumar, Nutan Narway, Gregory Gohr *Note: The superscript number refers to the references mentioned at the end of the document. INFORMATION SECURITY HAS BECOME A STRATEGIC ISSUE: With growing threats of cyberterrorism and evolving government regulations information security is at the forefront of many organization’s priorities. Such actions as hiring of security executives, restructuring the information security structure within a company or increasing budgets for security have helped companies to feel more secure and pass that on to their shareholders and customers. Companies have prevalently relied on technology based solutions, but that is only part of the solution. There needs to be a connection between the security entity and the business. This will allow for the budgets and policies to be more in line with the business requirements. A technically focused information security strategy was followed in the past. Since security was technically focused, organizations placed the information security group as part of low level function which operated independently from business which in turn did not serve the business effectively. To overcome this, current information security strategy follows a socio-technical security strategy which is strategically focused or business driven....

Words: 2168 - Pages: 9

Premium Essay

Security Policy

...Medical General Hospital Security Policy Introduction Information is an essential asset and is vitally important to Medical General Hospital business operations and long-term viability. Medical General Hospital must ensure that its information assets are protected in a manner that is cost-effective and that reduces the risk of unauthorized information disclosure, modification, or destruction, whether accidental or intentional. The Medical General Hospital Security Policy will adopt a risk management approach to Information Security. The risk management approach requires the identification, assessment, and appropriate mitigation of vulnerabilities and threats that can adversely impact Medical General Hospital information assets and patient records. Objectives • To keep all private patient files confidential • Allow only doctors and nurses access to private documents of patient • Setup username and passwords for employees • Setup badges for contactors and janitors • To comply with all security measures • To make sure private information about company files are prohibited • To make sure all printed documents that can be a threat to the company are shredded and not thrown in trash. • To make sure all staff shutdown workstation after using at the end of the day • To enforce that Surveillance cameras are monitored 24hrs a day 7days a week • To make sure visitors check in at the front before seeing the patient’s • Protect all data from......

Words: 5676 - Pages: 23

Premium Essay

Different Aspects on Immigration Policies

...DIFFERENT ASPECTS ON IMMIGRATION POLICIES Andrei P. Vlad LRSP 305 Public Sector Management Instructor: Professor Paola Brooks October, 14, 2011 University of Mary Washington I hereby declare upon my word of honor that I have neither given nor received unauthorized help on this work. Different Aspects on Immigration Policies The debate about U.S.A having a better protected border is a common issue well known by all of us. The border is assaulted everyday with hundreds maybe thousands of illegal immigrants hard working or not, educated or illiterate, but also tons of drugs who go straight to our streets destroying millions of families over the years. A better protected border is imperative. My personal intention is not to discuss about the immigration issues in general, but rather cope with the much intriguing problem of a better immigration policy and how it relates with the current political trends. The U.S.A. need well prepared and hard working individuals, that will be the pylon of a healthy economy, but first we need a better policy to support it. The need for extra work and extra taxes can be nourished from the already present illegal immigrants we have, as well a good program for bringing new trained individuals interested in living the 'American dream'. "Instead of 'enforcement only', we should offer unauthorized immigrants a chance to come forward, register, pay a fine, learn English, pass background checks, and legalize their status"......

Words: 1804 - Pages: 8