...P01 - Information Security Policy Document Reference Date Document Status Version Revision History P01 - IS Policy Final 1.0 Table of Contents 1. 2. 3. 4. 5. 5.1. 5.2. 5.3. 5.4. 5.5. 5.6. 5.6.1. 5.6.2. 5.6.3. 5.6.4. 6. 6.1. 6.2. Policy Statement ....................................................................................................................... 3 Review and Update of the Policy Statement .......................................................................... 3 Purpose ...................................................................................................................................... 3 Scope.......................................................................................................................................... 3 Information Security Framework ........................................................................................... 3 Reporting Structure for the Business .......................................................................................... 3 Associated Teams....................................................................................................................... 4 Annual Policy Review................................................................................................................ 4 Policy Breaches .......................................................................................................................... 4 Individual Policies ......................
Words: 1892 - Pages: 8
...SECURITY POLICY TEMPLATE A security policy is the essential basis on which an effective and comprehensive security program can be developed. This critical component is the primary way in which the agency security plan is translated into specific, measurable, and testable goals and objectives. The security policies developed must establish a consistent notion of what is and what is not permitted with respect to control of access to your information resources. They must bond with the business, technical, legal, and regulatory environment of your agency. The following is a recommended outline of the components and characteristics of a security policy template. A sample Acceptable Use Policy using this outline is attached for your reference as Appendix A. Section 1 – Introduction: A purpose should be stated in the introduction section. This should provide the reader with a brief description of what this policy will state and why it is needed. The security stance of your agency should be stated here. Section 2 – Roles and Responsibilities: It is important that the policy detail the specific responsibilities of each identifiable user population, including management, employees and residual parties. Section 3 – Policy Directives: This section describes the specifics of the security policy. It should provide sufficient information to guide the development and implementation of guidelines and specific security procedures. Section 4 – Enforcement, Auditing...
Words: 321 - Pages: 2
...CMIT320 Security Policy Paper Week 3 Table of Contents Introduction: GDI background and given problem……………………………………… 1 Important Assets…………………………………………………………………………. 2 Security Architecture for GDI…………………………………………………………… 3 Twenty Possible Security Policies………………………………………………………. 4 Details and Rationale of the Twenty Security Policies………………………………….. 5 Twelve Security Policies that should be Applied to GDI……………………………….. 6 Conclusion……………………………………………………………………………..… 7 References……………………………………………………………………………….. 8 Outline I. Introduction a. Briefly discuss the background of GDI. b. Also, discuss about the given problem of the IT security, infrastructure, cost, etc. II. Discuss the important assets of the company that need protection c. Asset identification: “Identity and quantify the company’s assets” (Meyers, 2009, p. 215) i. Important assets include: 1. Computer network equipment (Meyers, 2009, p. 215) 2. Data (Meyers, 2009, p. 215) 3. Servers, printers 4. Routers, firewalls, switches, wireless devices, etc. d. Access control methods: sensitivity, integrity, availability (Meyers, 2009, p. 157). e. Risk and threat assessment: “Identify and access the possible security vulnerabilities and threats” (Meyers, 2009, p. 215). f. Identify solutions and countermeasures: “Identify a cost-effective solution to protect assets” (Meyers, 2009, p. 215)...
Words: 573 - Pages: 3
...Question 3 Which of the following is a weakness that allows a threat to be realized or to have an effect on an asset? Answer Risk Threat Vulnerability Downtime 2.5 points Question 4 In which domain of a typical IT infrastructure do service level agreements (SLAs) figure prominently? Answer LAN LAN-to-WAN WAN Remote Access 2.5 points Question 5 Which domain of a typical IT infrastructure includes cabling, servers, and wireless access points? Answer User Workstation LAN Remote Access 2.5 points Question 6 An AUP is part of a layered approach to security and it supports confidentiality. What else supports confidentiality? Answer Threat monitoring Vulnerability assessments Data classification standards Security awareness policies 2.5 points Question 7 Which law requires all types of financial institutions to protect customers' private financial information? Answer GLBA SOX FISMA CIPA 2.5 points Question 8 Which of the following is any weakness in a system that makes it possible for a threat to cause it harm? Answer Risk Backdoor Vulnerability Exploit 2.5 points Question 9 What is a characteristic of VoIP? Answer Uses the same physical network as data Offers economy of scale Both...
Words: 1036 - Pages: 5
...Performing a Vulnerability Assessment 3 Enabling Windows Active Directory and User Access Controls 4 Using Group Policy Objects and Microsoft Baseline Security Analyzer for Change Control 5 Performing Packet Capture and Traffic Analysis 6 Implementing a Business Continuity Plan 7 Using Encryption to Enhance Confidentiality and Integrity 8 Performing a Web Site and Database Attack by Exploiting Identified Vulnerabilities 9 Eliminating Threats with a Layered Security Approach 10 Impementing an Information Systems Security Policy# Lab Title 1 Performing Reconnaissance and Probing using Common Tools 2 Performing a Vulnerability Assessment 3 Enabling Windows Active Directory and User Access Controls 4 Using Group Policy Objects and Microsoft Baseline Security Analyzer for Change Control 5 Performing Packet Capture and Traffic Analysis 6 Implementing a Business Continuity Plan 7 Using Encryption to Enhance Confidentiality and Integrity 8 Performing a Web Site and Database Attack by Exploiting Identified Vulnerabilities 9 Eliminating Threats with a Layered Security Approach 10 Impementing an Information Systems Security Policy# Lab Title 1 Performing Reconnaissance and Probing using Common Tools 2 Performing a Vulnerability Assessment 3 Enabling Windows Active Directory and User Access Controls 4 Using Group Policy Objects and Microsoft Baseline Security Analyzer for Change Control 5 Performing Packet Capture and Traffic Analysis 6 Implementing a Business Continuity...
Words: 426 - Pages: 2
...SA SERIES SSL VPN APPLIANCES PRODUCT LINE PRESENTATION Submitted by: RADIUS Consulting Ghana Limited AGENDA 1. SSL VPN Market Overview 2. SSL VPN Use Cases 3. Access Control and AAA 4. End-to-End Security 5. Junos Pulse 6. Secure Meeting 7. Business Continuity with SSL VPN 8. Hardware, Management and High Availability 2 www.radiusconsultingghana.com Copyright © 2010 Juniper Networks, Inc. www.juniper.net BUSINESS CHALLENGE: GRANT ACCESS VS. ENFORCE SECURITY Maximize Productivity with Access... Allow partner access to applications (Extranet portal) Increase employee productivity by providing anytime, anywhere access (Intranet, E-mail, terminal services) …While Enforcing Strict Security Allow access only to necessary applications and resources for certain users Mitigate risks from unmanaged endpoints Customize experience and access for diverse user groups (partners, suppliers, employees) Enable provisional workers (contractors, outsourcing) Enforce consistent security policy Support myriad of devices (smartphones, laptops, kiosks) …And the Solution Must Achieve Positive ROI Minimize initial CAPEX costs Lower ongoing administrative and support OPEX costs 3 www.radiusconsultingghana.com Copyright © 2010 Juniper Networks, Inc. www.juniper.net THE SOLUTION: JUNIPER NETWORKS SA SERIES SSL VPN APPLIANCES Mobile User – Cafe Secure SSL access to remote users from any device or location Easy access from Web-browsers – no client software to manage...
Words: 3503 - Pages: 15
...electrical disturbances, and hardware failures. LAN-to-WAN Domain Solutions Effective logical access control starts with defining system-specific security policies that clearly and concisely state what protection mechanisms are to be enforced in order to achieve security requirements for a system. Thus the security policies are formalized by security models and implemented by security mechanisms providing access controls that minimize both internal and external threats. Some of the controls that could be used after a sound security policy is in place are: Encryption of data Multi-Protocol Label Switching Implementing a proxy server for remote services Use of firewalls Protocol implementation IP address rules Port filtering Adding a DMZ for anonymous users Using Dual-Homed ISP connections in case the primary ISP fails Using an IDS & IPS Data leakage security appliances Web-content filtering Traffic monitoring devices LAN-to-WAN configuration Change management (to avoid unauthorized changes to the network infrastructure) Secured location of critical LAN-to-WAN devices FCAPS for network management Network Access Control (NAC) defining requirements for accessing the network Redundant routers and firewalls to avoid bottlenecks in the network Backup and Recovery policies and solutions Use of VPNs for remote access Load-balancing techniques Use of...
Words: 271 - Pages: 2
...Information Security Policy Gennie Diamond Axia College of University of Phoenix IT/244 – Intro to IT Security October 10, 2010 Executive Summary The goals of this information security policy will be to state the principles and guidelines for protecting the confidentiality, integrity, and availability of sensitive information and resources for XYZ Energy. This policy will set forth requirements for securing the network’s confidential information and data communications infrastructure, in addition to defining detailed policies in the areas of physical security, access control, and network security. Assumptions of the security plan defines physical security at each site for the environment around the network including entry control at each facility, the need and responsibilities of security staff, and issues around security in common areas. Information system security defines workplace protection and guidelines for storage, protection, and maintenance of hardware and network equipment. Access control policies address user enrollment and all network access privileges, along with identification and authentication process policies. Finally, network policies are defined for granting and managing network access while still protecting sensitive company data. Project constraints can include, but are not limited to, availability of resources needed to provide appropriate security for each defined security goal; time restraints for meeting these goals;...
Words: 1790 - Pages: 8
...Department of Defense (DoD) Ready The task is establish security policies for my firm of approximately 390 employees and make them Department of Defense (DoD) compliant. To achieve this goal, a list of compliance laws must be compiled to make sure we me the standard. I will outline the controls placed on the computing devices that are being utilized by company employees. I will develop a plan for implementation of the new security policy. The task of creating a security policy to make my firm DoD complaint starts with knowing what laws to become complaint with. There an array of laws to adhere to, but I have listed the majors laws that the firm must comply with. The following is a list of laws that the firm must become complaint with Defense Federal Acquisition Regulation Supplement (DFARS). The DFARS contains requirements of law, DoD-wide policies, delegations of FAR authorities, deviations from FAR requirements, and policies/procedures that have a significant effect on the public (DPAP, 2014). The following is a list of standards for handling unclassified DoD information retrieved from Hogan Lovells website (2016). • prohibiting the posting of any DOD information on websites unless they are restricted to users that provide user ID/password, digital certificate, or similar credentials • using the “best level of security and privacy available” for transmissions of any DOD information transmitted via email, text messaging, and similar technologies; • transmitting...
Words: 2282 - Pages: 10
...1 CMGT 244 Week #2 DQ 2 CMGT 244 Week #2 DQ 3 CMGT 244 Week #2 DQ 4 CMGT 244 Week #2 DQ 5 WEEK 3 CMGT 244 Week #3 DQ 1 CMGT 244 Week #3 DQ 2 CMGT 244 Week #3 DQ 3 CMGT 244 Week #3 DQ 4 CMGT 244 Week #3 DQ 5 WEEK 4 CMGT 244 Week #4 DQ 1 CMGT 244 Week #4 DQ 2 CMGT 244 Week #4 DQ 3 CMGT 244 Week #4 DQ 4 WEEK 5 CMGT 244 Week #5 DQ 1 CMGT 244 Week #5 DQ 2 CMGT 244 Week #5 DQ 3 CMGT 244 Week #5 DQ 4 CMGT 244 Week 1 DQs CMGT 244 Week 2 DQs CMGT 244 Week 2 Assignment CMGT 244 Week 3 DQs CMGT 244 Week 3 Assignment Establishing a Secure Computer Room CMGT 244 Week 4 DQs CMGT 244 Week 4 Assignment Intro to OSI Model CMGT 244 Week 5 DQs CMGT 244 Week 5 Final Project Information Security Policy for the Bloom Design Group Paper CMGT 244 Week 5 Information Security Policy for the Bloom Design Group Presentation PPT A++ graded !! CMGT 244 ENTIRE COURSE http://www.homeworkproviders.com/shop/cmgt-244-entire-course/ CMGT 244 ENTIRE COURSE Product Description CMGT 244 Week #1 DQ 1 CMGT 244 Week #1 DQ 2 CMGT 244 Week #1 DQ 3 CMGT 244 Week #1 DQ 4 CMGT 244 Week #1 DQ 5 CMGT 244 Week #1 DQ 6 WEEK 2 CMGT 244 Week #2 DQ 1 CMGT 244 Week #2 DQ 2 CMGT 244 Week #2 DQ 3 CMGT 244 Week #2 DQ 4 CMGT 244 Week #2 DQ 5 WEEK 3 CMGT 244 Week #3 DQ 1 CMGT 244 Week #3 DQ 2 CMGT 244 Week #3 DQ 3 CMGT 244 Week #3 DQ 4 CMGT 244 Week #3 DQ 5 WEEK 4 CMGT...
Words: 532 - Pages: 3
...244 Week #2 DQ 2 CMGT 244 Week #2 DQ 3 CMGT 244 Week #2 DQ 4 CMGT 244 Week #2 DQ 5 WEEK 3 CMGT 244 Week #3 DQ 1 CMGT 244 Week #3 DQ 2 CMGT 244 Week #3 DQ 3 CMGT 244 Week #3 DQ 4 CMGT 244 Week #3 DQ 5 WEEK 4 CMGT 244 Week #4 DQ 1 CMGT 244 Week #4 DQ 2 CMGT 244 Week #4 DQ 3 CMGT 244 Week #4 DQ 4 WEEK 5 CMGT 244 Week #5 DQ 1 CMGT 244 Week #5 DQ 2 CMGT 244 Week #5 DQ 3 CMGT 244 Week #5 DQ 4 CMGT 244 Week 1 DQs CMGT 244 Week 2 DQs CMGT 244 Week 2 Assignment CMGT 244 Week 3 DQs CMGT 244 Week 3 Assignment Establishing a Secure Computer Room CMGT 244 Week 4 DQs CMGT 244 Week 4 Assignment Intro to OSI Model CMGT 244 Week 5 DQs CMGT 244 Week 5 Final Project Information Security Policy for the Bloom Design Group Paper CMGT 244 Week 5 Information Security Policy for the Bloom Design Group Presentation PPT A++ graded !! CMGT 244 ENTIRE COURSE http://www.homeworkproviders.com/shop/cmgt-244-entire-course/ CMGT 244 ENTIRE COURSE Product Description CMGT 244 Week #1 DQ 1 CMGT 244 Week #1 DQ 2 CMGT 244 Week #1 DQ 3 CMGT 244 Week #1 DQ 4 CMGT 244 Week #1 DQ 5 CMGT 244 Week #1 DQ 6 WEEK 2 CMGT 244 Week #2 DQ 1 CMGT 244 Week #2 DQ 2 CMGT 244 Week #2 DQ 3 CMGT 244 Week #2 DQ 4 CMGT 244 Week #2 DQ 5 WEEK 3 CMGT 244 Week #3 DQ 1 CMGT 244 Week #3 DQ 2 CMGT 244 Week #3 DQ 3 CMGT 244 Week #3 DQ 4 CMGT 244 Week #3 DQ 5 WEEK 4 CMGT 244 Week #4 DQ 1 CMGT 244 Week #4 DQ 2 CMGT 244 Week...
Words: 522 - Pages: 3
...Our Company Network Security Plan Developed August 2010 Andre Bryant Table of Contents Security Threats and Risks 3 Types of Threats 3 Mitigation Strategies 3 Security Policies 3 Physical Access 3 Data Access 3 Security Laws 3 Law 1: 3 Law 2: 4 Law 3: 4 Disaster Recovery 4 Backup Policies 4 Testing 4 Security Threats and Risks Types of Threats • Trojan Horses • Viruses • Hackers Mitigation Strategies • Firewalls • VPN access and protocols • Strong Technology policy with strict accountability Security Policies Physical Access Technology policy will allow the IT assign identification numbers to each employee. These numbers will assign access to each employee as well as track employee internet usage. This will also allow restriction to certain sites that are not filtered by the system. Data Access All traffic will be filtered through the firewall. We will also implement a network usage list that will let all users know what areas are restricted (hp.com). Security Laws Law 1: As part of our company’s network security policy, we are requiring the use of IMAP exclusively. IMAP and SMTP must be routed through a firewall (hp.com). Law 2: No trafficking or usage of copyrighted or restricted files or software. The penalty for violation of this policy could result in immediate termination (klariti.com). Law 3: ...
Words: 319 - Pages: 2
...vulnerability. You as a network administrator working for Ken 7 Windows Limited have been given the task of reviewing the current network security policy and recommending the best network security control to satisfy the policy. You can select from a short list of network security controls. For each policy statement, select the best control to ensure Ken 7 Windows Limited fulfills the stated requirements. Select from these security controls: a. Place a firewall between the Internet and your Web server. b. Place a firewall between your Web server and your internal network. c. Enforce password complexity. d. Implement Kerberos authentication for all internal servers. e. Require encryption for all traffic flowing into and out from the Ken 7 Windows environment. f. Separate wired and wireless network entry points into separate logical networks. g. Require all personnel attend a lunch and learn session on updated network security policies. Security policy statements: 1. More and more users are using the Ken 7 Windows network to access social media sites g during business hours, causing the network to slow down. Users should not use Ken 7 network resources for social media access. f 2. Most Ken 7 personnel own mobile phones and PDAs that can connect to the Internet. Ken 7 network administrators are concerned that personal device access may pose a security threat to Ken 7 network resources. Personal devices must not be allowed to connect to the Ken 7 Windows network. b 3. Anonymous users...
Words: 330 - Pages: 2
...cy/index.html Retrieved on February 27, 2014 nist.gov. (2011).NIST Policy on Information Technology Resources Access and Use. Retrieved from http://www.nist.gov/director/oism/itsd/policy_accnuse.cfm Retrieved on February 27, 2014 HHS, 2007. HIPAA Security Series. Retrieved from http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/adminsafeguards.pdf Retrieved on March 8, 2014Task 1Heart Healthy Information Security Policy:The information security policy is divided into two major parts – the policy for any new user entering the organization and the password management:New Users:All the new users will get appropriate access and rights, which will be reflective of their responsibilities in the organization. These accesses will enable the user to access all the required data files and information to complete their tasks. While assigning the rights and accesses to the new user a a document should be signed between the new user and the supervisor which will detail all the roles and responsibilities that the user will perform and also the corresponding access and rights. In case the user requires any administrator access then signature of the respective manager will be required. All the new users will have to undergo an orientation program and some additional training which will tell them about the work place, work culture, security policies, information security policies etc. The additional trainings will focus on password management, remote device protection, file downloads...
Words: 283 - Pages: 2
...sections of an Information Security Policy. Final Project Timeline You should budget your time wisely and work on your project throughout the course. As outlined below, the assignments in the course are designed to assist you in creating your final project Information Security Policy. If you complete your course activities and use the feedback provided by the instructor, you will be on the right track to successfully complete your final project of creating an Information Security Policy. □ Week One: Introduction Review the two company profiles provided in your syllabus and select the one you will use for your final project company. You design the Information Security Policy for this company throughout the course. Once you have decided which company you are using, it may not be changed; therefore, considerable thought should be put into this decision. Next, decide which type of information security policy—program-level, program-framework, issue-specific, or system-specific—is appropriate for your final project company. Assignment: Final Project Information Security Policy: Introduction Complete and submit Appendix C. Note. Section 1 Introduction of Appendix C corresponds to Section 2 of Appendix B in the final compilation due in Week Nine. In completing Appendix C, provide an overview of your final project company, describe the type of security policy that is appropriate for your scenario, and explain your security goals in terms of confidentiality...
Words: 899 - Pages: 4
