Enterprise Security Plan

In: Computers and Technology

Submitted By tmgreyn
Words 1749
Pages 7
Enterprise Security Plan

Enterprise Security Plan
Smith Systems Consulting (SSC) is a major regional consulting company. Headquartered in Houston, Texas, the firm’s 350 employees provide information technology and business systems consulting to its clients in a wide variety of industries including manufacturing, transportation, retail, financial services and education. Smith Systems Consulting (SSC) is a service provider. It provides IT services for other companies. Security is essential for SSC because it not only requires security for itself, but SSC also has many customers depending on it to provide top level IT services, which also includes security.
Enterprise risks are a part of all business and how we address these risks determines how successful we are in the business world. Risks can be defined by “any exposure to the chance of injury or loss.” (Cheryl l. Dunn, 2005) Risks can be internal or they can come to us from outside sources in the form of external risks. Both types of risks pose a threat to the overall security of the enterprise. An Enterprise Security Plan (ESP) outlines possible risks by identifying the vulnerabilities within the business process and ranks the vulnerabilities for ease in developing a mitigation plan. The ESP also identifies technologies and policies that will help in the development of an operational plan that protects the business process and intellectual property of your corporation.
Within this ESP we have developed 3 different appendixes for the ease of review and to facilitate the corporate review. First Appendix will focus on the identifying vulnerabilities. The second appendix will indentify the vulnerabilities that will have posed the greatest threat and will also provide the logical justification matrix. The third appendix will address Enterprise Vulnerabilities. Within this appendix Smith Systems Consulting…...

Similar Documents

Security Plan

...1.0 Overview This remote access policy defines standards for connecting to the organizational network and security standards for computers that are allowed to connect to the organizational network. It also specifies how remote users can connect to the main organizational network and the requirements for each of their systems before they are allowed to connect. The remote access policy defines the method users can use to connect remotely such as VPN. It will specify when using the VPN, the VPN protocols used will be defined. Methods to deal with attacks should be considered in the design of the VPN system. 2.0 Purpose The purpose of this policy is to define standards for connecting to remote offices located in Atlanta, San Francisco, Chicago, and Dallas. These standards are designed to minimize the potential exposure to the remote offices from damages which may result from unauthorized use of resources. Damages include the loss of sensitive or confidential data, intellectual property, damage to public image, damage to critical internal systems, etc. 3.0 Approval Any remote access using VPN or any other remote access to the organizational network must be reviewed and approved by the appropriate supervisor. All employees by default will have account settings set to deny remote access. Only upon approval will the account settings be changed to allow remote access. 4.0 Remote Computer Requirements 1. An anti-virus product is required to be operating on the computer...

Words: 507 - Pages: 3

Security Plan

...The seven categories of the expanded CIA triangle are confidentiality, integrity, availability, authentication, accuracy, utility, and possession. I will now go over each and give them a little substance. I used the link provided in the instructor files which was very helpful by the way. Confidentiality “Confidentiality ensures that only those with the rights and privileges to access information are able to do so. When unauthorized individuals or systems can view information, confidentiality is breached.” (http://arapaho.nsuok.edu/~hutchisd/IS_4853/C6572_01.pdf) “In an organization, the value of confidentiality of information is especially high when it involves personal information about employees, customers, or patients. Individuals who deal with an organization expect that their personal information will remain confidential, whether the organization is a federal agency, such as the Internal Revenue Service, or a business.” ((http://arapaho.nsuok.edu/~hutchisd/IS_4853/C6572_01.pdf.) This is a concept true in the Army there are two different levels of security clearances for everyone. There is the secret and the top secret each requires a vigorous investigation into a person’s past to make sure they should have the level of clearance they are requesting. If a person doesn’t have at least a secret clearance they are not allowed to access the SIPRnet, which is the Secret Internet Protocol Router Network. This network protocol holds all of the units secure data and can...

Words: 889 - Pages: 4

Security Plan

... the subsequent problems could have in fact been avoided. Another issue with the organization of the VCPD, is the lack of professional qualifications among its members. “In most countries, candidates for the police force must have completed some formal education. Many police forces around the world have now developed a program where selectees with university degrees spend two to three years as a Constable before receiving promotion to higher ranks, such as Sergeants or Inspectors” (Cole & Smith, 2004). Police officers are also recruited from those with experience in the military or security services. In the United States state laws determine qualification standards regarding age, education, criminal record, and training, however some requirements may be mandated by local police agencies. VCPD’s organization and management, although functional, lacks the structure and diversity needed to facilitate and grow as a police department. The organizational strategy for an effective police department operates in three areas. 1. Strategic—the organization's overriding philosophy 2. Tactical—that philosophy in action 3. Personal—the philosophy manifested in the behavior of each officer. The organizational plan gives the officer permission to do what they do best, resulting in their courage and confidence to act.VCPD’s management should have a systems approach, a process where “each organizational area works together to process information in a logical manner for rational...

Words: 1902 - Pages: 8

Enterprise Security Plan

...Enterprise Security Plan Enterprise Security Plan Smith Systems Consulting (SSC) is a major regional consulting company. Headquartered in Houston, Texas, the firm’s 350 employees provide information technology and business systems consulting to its clients in a wide variety of industries including manufacturing, transportation, retail, financial services and education. Smith Systems Consulting (SSC) is a service provider. It provides IT services for other companies. Security is essential for SSC because it not only requires security for itself, but SSC also has many customers depending on it to provide top level IT services, which also includes security. Enterprise risks are a part of all business and how we address these risks determines how successful we are in the business world. Risks can be defined by “any exposure to the chance of injury or loss.” (Cheryl l. Dunn, 2005) Risks can be internal or they can come to us from outside sources in the form of external risks. Both types of risks pose a threat to the overall security of the enterprise. An Enterprise Security Plan (ESP) outlines possible risks by identifying the vulnerabilities within the business process and ranks the vulnerabilities for ease in developing a mitigation plan. The ESP also identifies technologies and policies that will help in the development of an operational plan that protects the business process and intellectual property of your corporation. Within this ESP we have developed 3...

Words: 1749 - Pages: 7

Enterprise Security Services

... danger is clear and the strategic responsibility of safeguarding organization’s information asset is no longer a job of only chief information officer (CIO). ISO/IEC 27001:2005 is known as the best Information Security Management Systems standard. This standard is published in October 2005 by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). This International Standard has been prepared to provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an Information Security Management System (ISMS). ISO/IEC 27001 was born as BS 7799 (British standard) in 1999. It was revised by BSI (British Standard Institute) in 2002, explicitly incorporating Plan-Do-Check-Act cyclic process concept, and was adopted by ISO/IEC in 2005. For an enterprise Information security is one of the most important areas to be focused on. It is the gatekeeper of the enterprise's information assets (Johnson, & Goetz 2007). That creates the requirement of the information security programme to protect organizational data, while enabling the enterprise to pursue its business objectives and to tolerate an acceptable level of risk in doing so. This tension between entrepreneurial risk and protection can be difficult to manage, but it is a critical part of a security professional's job. Providing information to those who should have it, is as significant as protecting it from those who should not......

Words: 4428 - Pages: 18

Security Plan

...Security plan The security plan is based on the fact that the institution is working on a stringent and anything expensive would be unfair and might seem unreasonable. The security plan is as a result of the increasing population at the institution. Its also facilitated by the fact that Physical plant intrusion eg burglary A watch tower should be raised above the MPSETC this will ensure that everything around the institution can be seen well. The street lighting should also be raised with the lighting focusing around the whole institution. Plant intrusion can most likely happen at night and that is why it is important to make sure that the education and training center is well lit and guarded at night. Mpsetc ought to employ more security officers to watch over this area from the proposed towers. Doing this will also be very cheap as it does not require any complex resources. Property damage interior and exterior eg vandalism and theft Personal security eg assault, personal property loss/damage The top priority of the Maryland Department of Public Safety and Correctional Services is to ensure the safety of our staff and the incarcerated offenders in our care. That we have been able to drive down department-wide serious assaults on our correctional officers by 60 percent since FY 2007 is evidence of that, as is the 53 percent drop in inmate serious assaults during that time. We've lowered total assaults on staff by 34 percent at North Branch Correctional Institution...

Words: 550 - Pages: 3

Enterprise Security Plan Cmgt/430

...Enterprise Security Plan CMGT/430 Enterprise Security Plan This Enterprise Security Plan (ESP) for Riordan Manufacturing employees the levels of security required to protect the network and resources utilized to communicate. It is intended purpose is to formulate a means to counterattack against security risk from potential threat. The ESP servers as a way to identify risks and to ensure a contingency plan is in place to protect the availability, integrity, and confidentiality of the Riordan organization's information technology (IT) system. The ESP benefits all employees however it is most beneficial to information resource managers, computer security officials, and administrators as it is a good tool to use for establishing computer security policies. The ESP in its basic form is a systematic approach to addressing the company’s network, its capability, the threats it is susceptible to and a mitigation strategy that addresses those threats if and should they occur. In addition to addressing the threats the ESP will also make provisions for establishing contingency plans in case of a disaster. The information covered by this plan includes all information systems, IT resources, and networks throughout the Riordan global organization owned or operated by employees in the performance of their job duties, whether written, oral, or electronic. Further it establishes an effective set of security policies and controls required to identify and mitigate vulnerabilities...

Words: 2085 - Pages: 9

Cmgt 430 Week 5 Riordan Manufacturing Enterprise Security Plan

...This file includes CMGT 430 Week 5 Riordan Manufacturing Enterprise Security Plan Presentation Computer Science - General Computer Science When specifying security policies for an enterprise, setting security on an individual-by-individual basis provides the tightest and most personalized security. The tradeoff, however, is the increased amount of administration effort in setting up the security and maintaining it on an ongoing basis. You have been brought in as a consultant from Smith Systems Consulting to advise Riordan Manufacturing on what it will take to establish adequate enterprise security policies. You will need to prepare a 3-5 page paper that highlights why they should establish separation of duties via role assignment and how this will provide safeguards to protecting the data in their information systems. Refer to the Ferraiolo et al. article (2003), and examine the concepts of role graphs. Develop a similar role graph for the human resource information systems (HRIS) used by Riordan Manufacturing. Refer to Figure 7 of the article as a point of reference Consider there are four primary roles: HR clerk, HR supervisor, HR Manager and IT support staff. Write 3-5 page paper discussing the roles in terms of required access, restrictions, and policies of all types that would need to be implemented. Include your role in graph the paper. major concern within enterprise environments is trust management. This concern crosses multiple domains...

Words: 350 - Pages: 2

Disaster Recovery Plan / Enterprise Continuity Plan

...DRP / ECP Disaster Recovery Plan Enterprise Continuity Plan This presentation will explore the different parts and pieces necessary for a successful Disaster Recovery Plan / Enterprise Continuity Plan. More specifically, this presentation will provide information needed to garner and bolster support for such a plan from the university’s executive team. A well prepared, maintained and rehearsed recovery and/or continuity plan should have the ability to keep the university up and running throughout any type of disruptive event. DRP/ECP Team Members & Roles ● ● ● ● ● ● ● ● ● ● Crisis Management Team Administrative Support Team Damage Assessment Team Recovery Coordination Team Corporate Communications Team Human Resources Support Team Site Restoration Team Transportation Support Team System Restoration Team Voice Recovery Team and End-User Tech Support Team The Crisis Management Team should be a cohort of upper level management that will be responsible for all significant decision making in response to the current event. Only specific members of the Crisis Management team should be authorized to declare an emergency and decide on the appropriate action. Key responsibilities of this group include: analyzation of preliminary reports, disaster declaration, determination of appropriate response, activation of contingency plans and notification of team leaders (Hiles, 2010). The Administrative Support Team includes representatives from all major departments who can...

Words: 2423 - Pages: 10

Database Security Plan

... CSS330-1404B-01: Database Security Phase 5 IP: Auditing Policies Database Security Project Plan Reginald “Reggie” Lee Colorado Technical University Online Professor Anita Arceneaux  December 22, 2014 Figure 1: (Microsoft.com, 2014) Table of Contents Database Security Architecture 3 Differences between a database and a DBMS 3 Types of database designs 4 Network Infrastructure for Database Security 5 Common Security Threats for Database Servers: 6 Additional Security Mechanisms for Protecting Database Server 9 User Account Security 11 1. New Schema for HR Database 11 2. Corporate Directory & Manager Information Views: 12 3. Created Users: 14 4. Created Roles: 15 5. Implemented the Following Access Control List using SQL: 15 6. Implementation and Utilization of Roles: 16 7. HR Database SQL 16 Database Vulnerabilities 29 Auditing Techniques 47 Example database Trigger 50 Creating and Implementing a Database Audit 50 Access Reports 61 Logon Activity History 63 Complete Audit Trail 65 DML History 67 Auditing Policies 69 SQL Server 2014 Audit Report Generation 78 Database Security Architecture Differences between a database and a DBMS When discussing the database management systems (DBMS) and databases, the lines can become blurred between the two. Many people consider a DBMS and a database to be one in the same. However, nothing could be further from the truth as they are two separate distinct entities that...

Words: 8566 - Pages: 35

Security Plan

...Your Company Security Plan for Unclassified Data Version 1.3 March 20, 2012 Developed By: Your Committee Committee Your Company Important Disclaimer: The Aerospace Industries Association of America, Inc. (“AIA”) has no intellectual property or other interest in this Aerospace Industry Guideline for Developing a Security Plan for Unclassified Data. By developing this Aerospace Industry Guideline for Developing a Security Plan for Unclassified Data Plan and making it freely available to anyone, AIA assumes no responsibility for this Guideline’s content or use, and disclaims any potential liability associated therewith. Executive Overview From time to time an AIA member company may be requested to provide the DOD, a prime contractor or an industry partner an Information Technology Security Plan for unclassified data. This security plan could be required at the enterprise, program or application level depending on the unique requirements of the request. This request might be challenging for those members that have never been required to provide such a document. This “Aerospace Industry Guideline for Developing a Security Plan for Unclassified Data” provides a template and guidance to assist member companies in the development of a security plan to meet their customers or partners needs. Please keep in mind that this document is provided as a guideline and not a mandatory standard. AII member companies are encouraged to use this guideline...

Words: 2097 - Pages: 9

Riordan Enterprise Security Policies

...Riordan Enterprise Security Policies Tim L. Robinson CMGT/430 September 12th, 2011 Instructor: Dave Fedorchak Riordan Enterprise Security Policies Because Riordan’s facilities include three locations in the United States and one in China Smith Systems Consulting views Riordan Manufacturing as an enterprise business. However, an unfortunate reality exists because Riordan’s existing security policies are either nonexistent or inadequate at best for an organization of this size. Consequently, Riordan should seriously consider implementing better security throughout the entire enterprise by defining and creating a Separation of Duties (SoD). In fact, many organizations including the Department of Defense use SoD to decrease security vulnerabilities and discourage collusion by employees for a number of reasons (Gligor, 1998). Therefore, Smith Systems Consulting provides the recommendations and reasoning herein to encourage Riordan to adopt the concepts of Role-Based Access Control (RBAC) to create a SoD throughout the enterprise to reduce risk exposure and enhance Riordan’s enterprise security. Role-Based Access Control Since 2010, research by the National Institute of Standards (NIST) provides indisputable evidence that RBAC has become an increasingly common choice of enterprises with 500 or more employees (National...

Words: 1129 - Pages: 5

Voip Security in the Enterprise

...Introduction Voice over IP (VoIP) is the transmission of voice over packet-switched IP networks, as of right now it is one of the most prominent emerging trends in the revolution of telecommunications (Thermos, 2009). Almost everyone one is driven by technology in one way or the other. With this drastic growth in technology over the pass years and with this rapid growth in advancement it as also presented many ground-breaking improvements; which have contributed significantly to the simplification of day-to-day activities. Nevertheless, this advancement may have a negative effect on the way we communicate using these technology we have come to love. However, with the demand for communication technology on the rise so is the need for additional security. This paper will look at the implementation of VoIP and the necessary security needed in the Enterprise for transmission of safe commination. In addition, this paper will also explain the many advantages and disadvantages (risk) of using a technology such has VoIP in the Enterprise. Implementation Tips VoIP can be very successful in the enterprise if it is done properly using the right techniques and technology that is the right fit for the organization. On the other hand, it can be very unsuccessful and a huge failure. Some companies when considering implementing voice over IP they fail to first make sure that the system is working properly before putting aside their grandfathered system, such as private branch exchange...

Words: 1279 - Pages: 6

Security Plan

...The Security Plan The name of my target environment is Western Cash Advance. Western Cash Advance is an establishment that issues individuals payday loans. A payday loan is when someone is issued a loan until their next payday and a personal check is used as collateral. There is cash on hand in this business on a daily basis because they only issue cash to their customers as well as except only cash for payments. This store is normally run by two people but on many occasions there is only one employee in the store at a time. The basic floor plan to this business is an office space in a small strip mall that consists of three stores. The size of the store is approximately 900 sq. feet. It is one room that has a sectional desk where customers are assisted and another desk in the back of the room. The lobby consists of one big round table and six chairs that are situated around the lobby. There is a door on the back wall that leads to a hallway. In the hallway there is a bathroom and two storage closets. This business has a very basic open floor plan. When it comes to the current security features it is very limited. When going by the three models in physical security, which is the dynamic D’s, lines of defense, and internal/external threat identification, this business definitely needs some improvement (Clifford, 2004). The only security features that this establishment contains are a security alarm system, one motion detector, and one panic button. The outer perimeter has...

Words: 937 - Pages: 4

Riordan Manufacturing Enterprise Resource Plan

...Riordan Manufacturing Enterprise Resource Plan BSA 400 June 18, 2012 John Shrewsbury Riordan Manufacturing Enterprise Resource Plan Riordan products are manufactured to the highest quality standard that have satisfied customers since 1991, and was founded by a chemist name Dr Riordan. Currently Riordan Manufactures headquarters are located in San Jose, California with three plants that are located in Albany, Ga., Pontiac, MI., and Hangzhouz, China. Each plant is responsible for different production lines. The R & D department which is located at headquarters is responsible for the research of medical equipment. Albany, Ga. Plant is responsible for the production of plastic bottles. Pontiac, MI. is responsible for the production of custom plastic fabrication. Hangzhouz, China is responsible for the production of electric fans. With each plant having a different inventory and a different production line, Hugh McCauley, COO, and Mark Neitzel, VP Operations submitted a service request for an Enterprise Resource Plan so that all information that is generated throughout the different locations integrated into one computer system. With this service request, it would allow visibility of all raw materials, and finished product inventory. Statement of Scope and Goals Project Overview Riordan Manufacturing desires a new ERP (enterprise resource planning) system to replace the existing computer systems. The COO, Hugh McCauley, and by the VP of Operations, Mark Neitzel...

Words: 4225 - Pages: 17