StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Security policy document - Term Paper Example

Cite this document
Summary
In the paper “Security policy document” the author examines security policy document which entails a document that contains rules/policies practices, laws and procedures for regulating accessibility to a computer network. The document further provides a clear blue print for computer network security management…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER97.6% of users find it useful
Security policy document
Read Text Preview

Extract of sample "Security policy document"

Security policy document Introduction Security policy document entails a document that contains rules/policies practices, laws and procedures for regulating accessibility to a computer network. The policy document help to regulate accessibility to organisation information by ensuring that both corporate and clients information is protected against authorised access. The document further provides a clear blue print for computer network security management. Therefore, to be efficient and effective in distribution operations, the Global Distribution, Inc. (GDI) may enforce computer network security by establishing a User accounts, passwords, data encryption to mention just but a few. For example, security of user accounts may be fostered by establishing a password that may require the user to sign in prior accessing the information in a particular account (Schlachter, 2005). Data encryption may be applied whereby; the data may be translated in unintelligible form to enhance data security. Further, Global Distribution Inc may enhance its financial security by utilizing Proactive DDOS threat mitigation program. The program may help to address financial risk that may occur due to Information technology down turn. It has been reported that Global distribution Inc has numerous accounts in Mexico Unites States and Canada. This means that there is need to integrate and enhance computer network security, data/information security, financial security, vendor’s security among other areas that security is paramount. Further to eliminate/reduce significant pikes in Network traffic, the Science DMZ should be employed. This is because the DMZ is able to transfer large amount of data simultaneously. However, it is vital to place the DMZ adjacent to the parameter of local area network in order to enhance speed and eliminate network trafficking, latency, slow performance and application time out within the Global Distribution Inc (Schlachter, 2005). The Most Important Assets for Global Inc that must be protected The most important assets of Global Inc Company which must be protected include but not limited to; Hardware assets such as communication tools and equipment within Global distribution Inc. Example of hardware assets include, computer hardware, input and storage devices, monitors screen among others. Further, Global Distribution Inc must protect its computer software assets against computer viruses such as Trojan, Malware among others. This may be done through installation of computer antivirus software to all organisation systems. Installation of antivirus software helps to detect and protect computer system against network viruses that may destroy organisation systems and data. The Global Distribution Inc must protect its data assets against destruction and authorised access. Data assets include; information files, data base, user manuals, system documentations, contract agreements and any other organisation information within the data base (Schlachter, 2005). Organisation data must be protected against unauthorised access. This means that information regarding cooperate and customer’s must be protected by ensuring that high level of confidentiality is maintained. This is when corporate information links out; an organisation may face threats from its competitors that may jeopardize its operations. Moreover, Global Inc must protect its employee’s skills, experience and dignity. This is because employees are the most important assets for any successful organisation. Without employees, an organisation may not be able to achieve its objectives. In addition, global Distribution Inc must protect its inventory assets whereby, any data that may help to recover inventory during occurrence of a disaster should be maintained. Intangible assets such as organisation goodwill/reputation and image must be protected. Goodwill is some time considered to be an intellectual property and therefore, records containing goodwill and other valuable information about the organisation must be protected from an authorised access. Further, intellectual property such as copy rights, patent rights, trademarks and organisation trade secrets should be protected against infringements as well as any form of manipulation. General Security Architecture for the Global Inc Company The General security architecture entails an integrated security design that helps to solve security threats/ risk that may emerge in an organisation. The security architecture further involves security principles that are documented so that they can guide an organisation. The Global Security Inc consist of three major components of security Architecture those components include; process, people and tools that have been integrated to protect the entire assets of Global Distribution Inc company. In terms of process, the company has a well structured and secure distribution channel across all its networks situated in Canada, United States and Mexico. In addition, the company has a well defined work process whereby, the organisation has various departments that have been integrated together for security purposes. Among those departments include; I.T department, finance department, Human resource department to mention just but a few. In terms of people, the organisation has employed more than three thousand and two hundred people in different departments. It has also been reported that the organisation has been experiencing continuous growth. The growth has been attributed to the technological creativity and innovation in the organisation. The number of employees has been increasing in order to help the organisation achieve its security goals and objectives (Schlachter, 2005). The Global Distribution Inc has a well organized security Architect that consist of the following components; Technology, Accessibility and Control of the border, Identification management, Validation, architectural adjustment, training, guidance before and during disaster occurrence, inclusion and exclusion. In terms of technology, Global Distribution Inc utilizes both computer software and hardware to manage its security architecture. The organisation recognises that people and technology are the most important Architecture in an organisation. This is because any technological change may not only affect employees and organisation process but also the entire organisation process. The organisation has a well defined access and border control whereby, the company employs least privileged principle which holds that users should be provided with necessary authority to perform their duties/ responsibility. Further Global security Inc control its resources and Information technology via three layers namely; discrete, granular and broad layers whereby, each layer defined the limits for users. The organisation further classifies information into three categories namely: public information, private and proprietary information. Public information entails in formation has no access restriction such information include; the list of prices charged by the organisation. On the other hand private information has restriction and can only be accessed by defined members of Global distribution Inc. Finally, proprietary information entails sensitive information that Global Distribution Inc cannot share with any organisation because it may cause security threats. Maintaining in formation privacy/confidentiality helps to enhance security by ensuring that user get access to information that may only help them to execute their duties more efficiently and effectively (Schlachter, 2005). The Global distribution Inc has a well defined and integrated identification management. Identification management entails company policies, technology and procedures that enable users to access technology and online resources. Global distribution Inc has established a clear security roles and responsibilities for its users. Further the company has defined the users of security architecture. Some of those users include: Corporate managers for Global Inc Company, employees who are responsible for security management, owners of data within global Inc, custodians, managers responsible for monitoring organisation goals, end-users/clients, security custodians as well as internal auditors. The company has integrated the Architectural element of adjustment and validation. This means that the company has developed security borders that prevent unsecure access to corporate information. In addition, Global Inc has established mechanism to deal with security architectural changes that are brought by technological dynamism. Moreover, the company has designed security architecture that ensures all the I.T components, emails, financial reports and clients’ confidential data have been protected against all forms of risk. The I.T Auditor internal auditor in the I.T department has designed a program that helps to identify different users and their information needs. This helped to determine those people who should be included or excluded from the different section of Information technology environment (Schlachter, 2005). The real-time security measures that must be put in place monitoring and preventative measures that must be put in place The real-time security measures that must be put in place include: establishment of corporate strategy. This strategy may help the organisation to determine/establish measures that can be put in place to deal with system security misuse from both internal and external violations. Secondly, base line information should be gathered. The Global Distribution Inc should take proactive measures that recognise any form of intrusion as well as breach of security. This may help to detect hackers before they execute their criminal acts. Global Distribution Inc should further monitor intrusions. This means that the I.T personnel should follow up any techniques employed by hackers to access organisation information files. The organisation may employ tools like Tripe wire, Netstalker, TX among other monitoring to detect and monitor any attempt by hackers. Additionally, the intrusion data should be properly analyze in case an organisation has suspected any form of intrusion into the organisation system. This may be done by carrying out a comparison assessment of the current organisation security state and comparing it with base line state. When an organisation has identified the intruder, the best solution may involve carrying out repairs of the damage system files and eliminate any flaws that cause intrusion. In case an organisation has made a decision to prosecute the hacker relevant authorities should be informed and monitoring procedures should be established to prevent the occurrence of such event in the future. This may help to ensure that organisation security is maintained Specific policies that could be applied An organisation may adopt the following policies to ensure organisation security is maintained: the entire personal data should be processed fairly and legally to ensure that personal data secure without breaching personal rights to confidentiality. Another principle involve that personal data shall be retrieved only for lawful purposes whereby, no information that will be processed against the intended purpose of that particular information. In addition, personal data shall be kept free from errors and mistakes and kept updated. Any data processed for a particular purpose shall not be kept for a period longer than intended. This means that the data shall be processed and utilized for the purpose in which it was processed for and utilized within the specified period. Measures shall be taken against unauthorised and unlawful data processing. In addition, measures shall be applied against unlawful destruction of personal data. This means that the policy shall protect individuals and organisation against those who destroy their data in order to hide or damage the evidence. Further, the data shall be processed in accordance to Data processing Act established by the law. Additionally, no transfer of data/information that will take place from one country to the other without being granted maximum protection of data owner’s information rights Reference List Internal Institute of Auditors. (2007). Elements of a Good Security Architecture. Retrieved< http://www.theiia.org/intAuditor/itaudit/archives/2007/february/elements-of-a-good-security-architecture/> Schlachter.G. (2005). Network Monitoring within a DMZ. Retrieved :< http://www.tavve.com/wp-content/uploads/2011/05/network-monitoring-within-dmz.pdf. . Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Security policy document Term Paper Example | Topics and Well Written Essays - 1750 words”, n.d.)
Retrieved from https://studentshare.org/social-science/1631003-security-policy-document
(Security Policy Document Term Paper Example | Topics and Well Written Essays - 1750 Words)
https://studentshare.org/social-science/1631003-security-policy-document.
“Security Policy Document Term Paper Example | Topics and Well Written Essays - 1750 Words”, n.d. https://studentshare.org/social-science/1631003-security-policy-document.
  • Cited: 0 times

CHECK THESE SAMPLES OF Security policy document

Security Policy Document for the ABC Electronics Company

Security policy document for the ABC Electronics Company A security policy is a compilation of documents that develops a company's understanding of its property, as well as, its worth, the threats or risks to which these properties along with its worth might be bare.... A security policy is a compilation of documents that develops a company's understanding of its property, as well as, its worth, the threats or risks to which these properties along with its worth might be bare....
3 Pages (750 words) Assignment

The Assumption from the Network Diagram

Another assumption from the topology would be the company is using an out dated network security policy.... Other assumption shall be there no security measures which have been employed in the network thus the numerous attacks and defacing.... It uses access lists and other methods to ensure the security of the private network.... Proxy is another security measure that can be deployed.... It would also have all the servers well placed in order to ensure data security, availability, integrity and confidentiality...
5 Pages (1250 words) Case Study

EISA: Evaluating and Meeting the Security Needs

The Security policy document should recommend severe punishment for an employee who engages in such a heinous act.... The settings are configured using Microsoft group policy and active directory.... To ensure stability of the department's… Various researches have proven that the employees in the department contribute a whole lot to the security of the department's information asset.... The paper gives an analysis of the information security EISA: Evaluating and Meeting the security Needs Number The security of an organization's information technology infrastructureis highly crucial....
2 Pages (500 words) Research Paper

Information Security Guidelines for ABC Hospital

For addressing all issues related to information security via a single policy is not possible, however, to cover all aspects related to information security, a set of information Security policy document focusing on different group of employees within the organization is more suitable.... Policy is considered to be an essential tool for any organization, However, information security policy is customized by company to company and department to department.... This paper will discuss different factors that must be taken in to account when constructing and maintaining an information security policy....
3 Pages (750 words) Research Paper

Security Concerns of Existing Social Networking Applications

This paper “security Concerns of Existing Social Networking Applications” explores such concerns to the university and gives recommendations on how they can be averted.... It suggests if the university should adapt commercially available social networking software or develop a new networking application....
10 Pages (2500 words) Dissertation

Importance of Information Security Policy

These are all factors that should be factored in when developing an effective information Security policy document.... This coursework "Importance of Information security policy" focuses on Information security policy that ensures the credibility of information by safeguarding it from unauthorized infiltration.... The importance of information security policy is essential to all business models.... nbsp;… Information security policy is a compilation of guidelines, procedures and processes, which ensure the safety of information in a business or an organization....
9 Pages (2250 words) Coursework

Information Security Policies

This research report discusses the development of information Security policy document for University of Wales, Newport, City Center Campus's New Digital Forensic and information technology laboratory setup.... The new technology is aimed at improving the following areas of the organization: Effective data detection Enhanced data security Better data quality No PlagiarismStudents work assessment Quality knowledge production New mobile technology Easy way of workingBetter data collection Easy management of the data Less confects among data formatsEasy data sharing among all division of the corporate Less or no dirty data METHOD AND APPROACH For the sake of development of the information Security policy document for University of Wales, Newport, City Center Campus, we will address the following main questions:Main technology needs Possible issues in data Security needsPossible attacks sides Security Attacks nature What technology we having currently What type of facilities are required How can be obtain main objectivesSecurity management needs Security handling tools and technology OBJECTIVE OF SECURITY POLICY As developing a high-quality Security policy document will be able to offer the basic support for flourishing accomplishment of security associated projects in the future, this is without a hesitation the initial evaluation that has to be formulated in an attempt to minimize the risk of illegal utilization of some of the precious university's information resources....
9 Pages (2250 words) Assignment

Integrated Library System for Top-Mark Library

As the paper "Integrated Library System for Top-Mark Library" outlines, the top-mark library is located in Australia and has been in existence for over thirty years.... Its major concern is offering library services such as lending books and other reading materials to students and the entire public....
11 Pages (2750 words) Assignment
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us