Premium Essay

Information Security Policy

In: Computers and Technology

Submitted By eli37303
Words 3916
Pages 16
Associate Level Material
Appendix B

What are the effects of international trade to GDP, domestic markets and university students? What are the effects of international trade to GDP, domestic markets and university students?University of Phoenix

IT/244 Intro to IT Security

Instructor’s Name:

Date: 03/25/12

Table of Contents

1. Executive Summary 1

2. Introduction 1

3. Disaster Recovery Plan 1

3.1. Key elements of the Disaster Recovery Plan 1

3.2. Disaster Recovery Test Plan 1

4. Physical Security Policy 1

4.1. Security of the facilities 1

4.1.1. Physical entry controls 1

4.1.2. Security offices, rooms and facilities 1

4.1.3. Isolated delivery and loading areas 2

4.2. Security of the information systems 2

4.2.1. Workplace protection 2

4.2.2. Unused ports and cabling 2

4.2.3. Network/server equipment 2

4.2.4. Equipment maintenance 2

4.2.5. Security of laptops/roaming equipment 2

5. Access Control Policy 2

6. Network Security Policy 3

7. References 3

Executive Summary

Due in Week Nine: Write 3 to 4 paragraphs giving a bottom-line summary of the specific measureable goals and objectives of the security plan, which can be implemented to define optimal security architecture for the selected business scenario.

This new strategy guide for Bloom Design Group provides a comprehensive strategy for providing a safe and secure work environment. Several new policies and procedures will be implemented as a result of these new ideas. Bloom Design Group will have little trouble in adhering to the promised plan based on the their assets and experienced personnel.

The goals implemented will include new user accounts and access policies and controls. These goals will allow for monitoring for all persons using the network and view all…...

Similar Documents

Premium Essay

On the Development of Comprehensive Information Security Policies for Organizations

...On The Development of Comprehensive Information Security Policies for Organizations The article selected for review is titled, “On the Development of Comprehensive Information Security Policies for Organizations.” The article is from the International Journal of Academic Research; the authors are Fahad T. Bin Muhaya, Fazl-e-Hadi, and Abid Ali Minhas. The article offers guidelines on the development of information security policies for organizations based on a proposed framework. The introduction of the article emphases the importance of protecting information, “Information security failures have gradually damage many progressing organizations; ruining its repute, reducing customer trust and ultimately lose its market share.” I believe is this a very strong introductory statement. The introduction of the article also implies that a new form of terroristic attacks may come from breaching organizations and accessing sensitive information. The authors further suggest that information security comprises of three elements which are human, organizational, and technological vulnerabilities. The article objective is clearly stated as a tool on how to develop or improve information security. The development approach when viewing an organizational structure is defined in the article as threats versus defense. The article identifies security policy issues at the environment, application, cryptography, network, and physical layers. This is a simple definition but I feel that......

Words: 565 - Pages: 3

Free Essay

Information Security Policy Essay

...typically store many versions of the same information so that new work can reuse old work. Some operations like Backup store extremely dismissed information. Deduplication lowers storage costs since fewer disks are needed, and shortens backup/recovery times since there can be far less data to transfer. In the context of backup and other near line data, we can make a strong supposition that there is a great deal of duplicate data. The same data keeps getting stored over and over again consuming a lot of unnecessary storage space disk or tape, electricity to power and cool the disk or tape drives, and bandwidth for replication, creating a chain of cost and resource inefficiencies within the organization. The way that Deduplication works, that the Deduplication segments the incoming data stream, uniquely identifies the data segments, and then compares the segments to previously stored data. If an incoming data segment is a duplicate of what has already been stored, the segment is not stored again, but a reference is created to it. If the segment is unique, it is stored on disk. For example, if a file or volume that is backed up every week creates a significant amount of duplicate data. Deduplication algorithms analyze the data and can store only the compressed, unique change elements of that file. This process can provide an average of 10-30 times or greater reduction in storage capacity requirements, with average backup retention policies on normal enterprise data. This means......

Words: 1234 - Pages: 5

Premium Essay

Security Policy

...Document Information | |Title: |MCSD IT Security Plan  | |Type: |MCSD Procedural Plan | |Audience: |MCSD IT Employees and Management | |Approval Authority: |Assistant Superintendent for Technology & Personnel | |Contact: |mail to: bakatsm@marlboroschools.org   | |Status: |Proposed: |January 17, 2010 | | |Approved: |TBA |   [pic] MARLBORO CENTRAL SCHOOL DISTRICT Information Technology Security Plan                  January 17th, 2010 Table of Contents Introduction................................................................................................................ 3 Information Technology Security Safeguards........................................................... 4 Physical Security....................................................................................................... 5 Personnel......

Words: 3526 - Pages: 15

Premium Essay

Heart Healthy Information Security Policy

...Introduction to Policy Augmentation Process Due to the fact that both HIPAA and HITECH are non-prescriptive security frameworks HITRUST common security framework (CSF) was leveraged to augment the Heart-Healthy Insurance Information Security Policy. Moreover, HITRUST CSF was chosen as it maps to various other information security frameworks applicable to Heart-Healthy Insurance Company (i.e. HIPAA, HITECH, PCI, ISO 27000-series, etc.). Furthermore, CSF compliance worksheet is an intelligent tool that allows for control mapping to the aforesaid security frameworks based on the scope of assessment (i.e. type of organization, number of insured members, number of system users, number of transactions, etc.). New-User Policy Augmentation Using the aforesaid CSF-based logic, the following security controls are applicable to the new user protocols of Heart-Healthy Insurance overarching security policy: • Heart-Healthy users will be granted accessed to the system on need-to-know bases and on the principle of least privilege. • Users will be given access rights based on their job roles and responsibilities as well. • Common job roles will be defined in order to receive standard user access, critical and non-critical access rights will be removed within 24 hours after a user has changed roles or has left the company. • All Heart-Healthy employees requesting remote access or dial-in-services must sign the acknowledgement of understanding and accept the use policy and rules of......

Words: 524 - Pages: 3

Premium Essay

Final Information Security Policy

...1. Executive Summary 2 2. Introduction 3 2.1 Company Overview 3 2.2 Security Policy Overview 4 2.3 Security policy goals 4 2.3.1 Confidentiality 4 2.3.2 Integrity 5 2.3.3 Availability 5 3. Disaster Recovery Plan 6 3.1 Risk Assessment 6 3.1.1Critical Business Processes 7 3.1.2 Internal, external, and environmental risks 7 3.2 Disaster Recovery Strategy 8 3.3 Disaster Recovery Test Plan 8 3.3.1 Walk-throughs 8 3.3.2 Simulations 9 3.3.3 Checklists 9 3.3.4 Parallel testing 9 3.3.5 Full interruption 9 4. Physical Security Policy 10 4.1 Security of the building facilities 10 4.1.1Physical entry control 10 4.1.2 Security offices, rooms and facilities 11 4.13.Isolated delivery and loading areas 12 4.2 Security of the information systems 12 4.2.1Workplace protections 12 4.2.2Unused ports and cabling 13 4.2.3 Network/server equipment 13 4.2.4 Equipment maintenance 13 4.2.5 Security of laptops/roaming equipment 13 5. References 14 Executive Summary The objective of this proposal is to present the information security policy created for Bloom Design Group. The issue of a company’s network security continues to be crucial because the results of data loss or significant system failure can be disastrous for a company. An alarming number of companies fail to realize how vulnerable their network is to internal, external, and environmental risks. One of the top priorities of an organization should be......

Words: 3568 - Pages: 15

Premium Essay

Information Security Policy for E-Government in Saudi Arabia: Effectiveness, Vulnerabilities

...Information Security Policy for E-government in Saudi Arabia: Effectiveness, Vulnerabilities and Threats [Name of the Writer] [Name of the Institute] Executive Summary Introduction: In many countries, the implementation of the E-Government has proved to be useful in providing efficient services to the consumers. This increases the speed of the work and does not cause any unnecessary delays. All these aspects matters for the efficient service of the Government work. In the end, it proves to be beneficial for both Government and the citizens living in Saudi Arabia. Therefore, in this study, all the issues related to the Information Security Policy will be discussed in detail. The research study is worth for a number of reasons. Firstly, it will help in assessing the degree of effectiveness of the present security policy, security holes in the policy, and threats not addressed by the policy. It, in turn, would help in coming up with measures of ensuring that the policy is security-oriented, which increases citizens’ confidence in using e-government services. Literature Review: The primary purpose of producing literature review is to support the findings of this study via the theoretical justifications obtained from literature. The review revealed that in Saudi Arabia, there is the absence of agencies to monitor the accountability of e-government services. Most of the workers of offices in Saudi Arabia lack professionalism, and this is a great weakness in the......

Words: 10327 - Pages: 42

Premium Essay

Heart-Health Insurance Information Security Policy Proposal

...6 May 2011 Heart-Health Insurance Information Security Policy Proposal A review of the current New Users and Password Requirements policies and the proposed changes to these policies with justifications are listed below. Current Policies: New Users “New Users are assigned access based on the content of an access request. The submitter must sign the request and indicate which systems the new user will need access to and what level of access will be needed. A manager’s approval is required to grant administrator level access.” Current Policies: Password Requirements “Passwords must be at least eight characters long and contain a combination of upper- and lowercase letters. Shared passwords are not permitted on any system that contains patient information. When resetting a password, users cannot reuse any of the previous six passwords that were used. Users entering an incorrect password more than three times will be locked out for at least 15 minutes before the password can be reset.” A: Revised Policies: New Users “New Users are assigned appropriated access based on their role within the organization and their need to access specific data and/or data stores. The user and supervisor must submit a signed request and indicate which systems (Roles) the new user will need access to and what level of access will be required. To grant administrator level access an additional signature from a manager is required. New Users are required training on workforce awareness, password......

Words: 1042 - Pages: 5

Premium Essay

On the Development of Comprehensive Information Security Policies for Organizations

...Annotated Bibliography Assignment 1 Gary L. Williams Information Assurance Research Literature RSC 830 January 20, 2015 Dr. Emily Darraj Annotated Bibliography Assignment 1 The purpose of this assignment is to examine the topic cybersecurity via an annotated bibliographic review of multiple dissertations. This assignment will work toward the identification of a future dissertation topic within this field and also towards the identification of research material in support of the final dissertation. The annotated bibliographic reviews contained within this paper will work to provide information that will support my future research and provide experience in garnering and explaining the salient tenants of research material. NOTE: This paper will not include proper APA formatting as citations have been bolded to ensure the professor can discern where citations begin and end. Curtis, S. K. (2012). Commitment to cybersecurity and information technology governance: A case study and leadership model. (Doctoral dissertation). Retrieved from the ProQuest dissertation and thesis database. (UMI No. 3569139) The problem as described by the author in this quantitative study is senior managers are not using web analytic technology (WAT) and there is a lack of literature describing why this is the case. The purpose of this study is to “examine how management consultants perceive WAT” (p. 22). This study has seven hypotheses. Unified theory of acceptance use of......

Words: 3359 - Pages: 14

Premium Essay

Unit 1 - Information Security Policy

...Running Head: UNIT 1 ASSIGNMENT Unit 1 - Information Security Policy Regina Sykes Kaplan University Abstract ------------------------------------------------- This paper will provide information on the purpose of a security policy and components of a security policy. Additionally, this paper contains information on a specific organization and the unique important items the organization choose to establish security policies around. Lastly, this paper provides information around the major areas of concern, missing or incomplete information in the policy and areas that are ill-advised in an identified organization’s security policy. Unit 1 - Information Security Policy Introduction Many organizations rely on the use of networks and computers to manage the business. Along with the use of networks and computers to manage the business there is also the need to establish a plan to secure the technology both the network and computers . A security policy is the plan developed with instructions from senior leadership instructing decision makers in the organization on how to protect the organization’s assets (Mattord & Whitman, 2012). There are various components of a security policy which include, statement of policy, equipment usage and access control, prohibited uses regarding equipment, who manages the systems, policies around violations of the policy, modifications and review section and lastly, limits of liability (Mattord & Whitman, 2012). Part 1 ...

Words: 2121 - Pages: 9

Premium Essay

Information Systems Security Policy

...Inc. Enterprise Information Security Policy (MEIP) Revision 8.0 August, 2013 ________________________________________________________________________ 1 MICROS Systems, Inc. Enterprise Information Security Policy Version 8.0 Public Table of Contents Overview – Enterprise Information Security Policy/Standards: I. Information Security Policy/Standards – Preface……………....5 I.1 Purpose …………….……………………………………………...5 I.2 Security Policy Architecture ………………….………………….6 I.3 Relation to MICROS Systems, Inc. Policies……………………..6 I.4 Interpretation………………………………………………….…..7 I.5 Violations…………………………………………………….….....7 I.6 Enforcement…………………………………………….................7 I.7 Ownership………………………………………………................7 I.8 Revisions…………………………………………………………..7 II. Information Security Policy - Statement………………………..8 MICROS Enterprise Information Security Policy (MEIP): 1. Information Security Organization Policy (MEIP-001)...……....9 2. Access Management Policy (MEIP-002)…………………………10 3. Systems Security Policy (MEIP-003)...…….…………………......11 4. Network Security Policy (MEIP-004)…………………………….12 ________________________________________________________________________ 2 MICROS Systems, Inc. Enterprise Information Security Policy Version 8.0 Public 5. Application Security Policy (MEIP-005)…..………………………13 6. Data Security/Management Policy (MEIP-006)……………….14-15 7. Security Incident Handling Policy......

Words: 4971 - Pages: 20

Free Essay

Information Security Policy Review

...Insurance Information Security Policy Review In an effort to ensure Heart-Healthy Insurance’s Information Security Policy is up to date, complies with current regulatory requirements, takes advantage of industry standards, utilizes recognized frameworks, is relevant, and meets the requirements of all relevant regulations and standards, a review of the current Information Security Policy has been performed. The following recommendations on how users are provided access to the information systems used by Heart-Healthy Insurance and the password requirements for each system will ensure that the company’s policy is in compliance with all relevant federal regulations and industry standards. As an insurance company, Heart-Healthy Insurance works with and stores personal health information, financial information, and credit card information of clients and business partners. Data of this type is required to be protected by the United States Federal Government under several privacy acts. Heart-Healthy Insurance must also be Payment Card Industry Data Security Standard (PCI-DSS) compliant due to the fact the company takes credit cards to pay for premiums and deductibles. Below is information on each privacy act and security standard that Heart-Healthy Insurance must be in compliance with. The Payment Card Industry Data Security Standard (PCI-DSS) The Payment Card Industry Data Security Standard (PCI-DSS) was developed “to encourage and enhance cardholder data security and......

Words: 1355 - Pages: 6

Premium Essay

Information Security Policy

... WATERWORLD WATERPARKS Information Security Policy Version 1.0 Revision 191 Approved by John Smothson Published DATE March 23, 2011 CONFIDENTIAL/SENSITIVE INFORMATION This document is the property of WATERWORLD WATERPARKS. It contains information that is proprietary, confidential, sensitive or otherwise restricted from disclosure. If you are not an authorized recipient, please return this document to WATERWORLD WATERPARKS, Attention: IT Director. Dissemination, distribution, copying or use of this document in whole or in part by anyone other than the intended recipient is strictly prohibited without prior written permission of WATERWORLD WATERPARKS Executive Management. Revision History Changes | Approved By | Date | Initial Publication | John Smothson | 3-23-2011 | | | | | | | | | | | | | | | | | | | | | | | | | | | | Table of Contents 1 Introduction and Scope 8 1.1 Introduction 8 1.2 Payment Card Industry (PCI) Compliance 8 1.3 Scope of Compliance 8 2 Policy Roles and Responsibilities 10 2.1 Policy Applicability 10 2.2 Information Technology Manager 10 2.3 Information Technology Department 11 2.4 System Administrators 12 2.5 Users – Employees, Contractors, and Vendors 12 2.6 Human Resource Responsibilities 12 2.6.1 Information Security Policy Distribution 13 2.6.2 Information Security Awareness Training 13 2.6.3 Background Checks 13 3 IT Change Control Policy 15 3.1 Policy Applicability and Overview 15 3.2 Change Request......

Words: 28277 - Pages: 114

Premium Essay

Information Security Policy in Malaysia.

...Introduction Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. The terms information security, computer security and information assurance are frequently used interchangeably. These fields are interrelated and share the common goals of protecting the confidentiality, integrity and availability of information; however, there are some subtle differences between them. These differences lie primarily in the approach to the subject, the methodologies used, and the areas of concentration. Information security is concerned with the confidentiality, integrity and availability of data regardless of the form the data may take: electronic, print, or other forms. Governments, military, financial institutions, hospitals, and private businesses amass a great deal of confidential information about their employees, customers, products, research, and financial status. Most of this information is now collected, processed and stored on electronic computers and transmitted across networks to other computers. Should confidential information about a businesses customers or finances or new product line fall into the hands of a competitor, such a breach of security could lead to lost business, law suits or even bankruptcy of the business. Protecting confidential information is a business requirement, and in many cases also an ethical and legal requirement. For the individual,......

Words: 6195 - Pages: 25

Premium Essay

Information Security Policy

... Information Security Policy Student Name: Brice Washington Axia College IT/244 Intro to IT Security Instructor’s Name: Professor Smith Date: 11/7/2011 Table of Contents 1. Executive Summary 1 2. Introduction 1 3. Disaster Recovery Plan 1 3.1. Key elements of the Disaster Recovery Plan 1 3.2. Disaster Recovery Test Plan 1 4. Physical Security Policy 1 4.1. Security of the facilities 1 4.1.1. Physical entry controls 1 4.1.2. Security offices, rooms and facilities 1 4.1.3. Isolated delivery and loading areas 2 4.2. Security of the information systems 2 4.2.1. Workplace protection 2 4.2.2. Unused ports and cabling 2 4.2.3. Network/server equipment 2 4.2.4. Equipment maintenance 2 4.2.5. Security of laptops/roaming equipment 2 5. Access Control Policy 2 6. Network Security Policy 3 7. References 3 Executive Summary Due in Week Nine: Write 3 to 4 paragraphs giving a bottom-line summary of the specific measureable goals and objectives of the security plan, which can be implemented to define optimal security architecture for the selected business scenario. With advancements in technology there is a need to constantly protect one’s investments and assets. This is true for any aspect of life. Bloom Design is growing and with that growth we must always be sure to stay on top of protecting ourselves with proper security. For Bloom......

Words: 4226 - Pages: 17

Premium Essay

Information Security Policy

...Axia College Material Information Security Policy Axia College IT/244 Intro to IT Security Dr. Jimmie Flores April 10, 2011 Table of Contents 1. Executive Summary 1 2. Introduction 1 3. Disaster Recovery Plan 1 3.1. Key elements of the Disaster Recovery Plan 1 3.2. Disaster Recovery Test Plan 1 4. Physical Security Policy 1 4.1. Security of the facilities 1 4.1.1. Physical entry controls 1 4.1.2. Security offices, rooms and facilities 1 4.1.3. Isolated delivery and loading areas 2 4.2. Security of the information systems 2 4.2.1. Workplace protection 2 4.2.2. Unused ports and cabling 2 4.2.3. Network/server equipment 2 4.2.4. Equipment maintenance 2 4.2.5. Security of laptops/roaming equipment 2 5. Access Control Policy 2 6. Network Security Policy 3 7. References 3 Executive Summary There are several threats to the security of networks and data. While there is no definite way to prevent all of the incidents that can befall a network, by developing a proactive security plan that will encompass many of the known threats data loss and corruption can be minimized. Sunica obtains different levels of customer information and records large amounts of financial information on their network. The best way to prevent the......

Words: 4350 - Pages: 18