Information Security Policy

Only available on StudyMode
  • Download(s) : 193
  • Published : September 18, 2011
Open Document
Text Preview
Appendix B


Table of Contents
1.Executive Summary1
3.Disaster Recovery Plan5
3.1.Key elements of the Disaster Recovery Plan5
3.2.Disaster Recovery Test Plan6
4.Physical Security Policy8
4.1.Security of the facilities8
4.1.1.Physical entry controls8
4.1.2.Security offices, rooms and facilities8
4.1.3.Isolated delivery and loading areas9
4.2.Security of the information systems9
4.2.1.Workplace protection9
4.2.2.Unused ports and cabling9
4.2.3.Network/server equipment10
4.2.4.Equipment maintenance10
4.2.5.Security of laptops/roaming equipment10
5.Access Control Policy11
6.Network Security Policy14

1.Executive Summary

Sunica Music and Movies is a company that currently has four locations. This business is ready to improve the way they do business by implementing a computerized network that will allow for centralized accounting and inventory as well as starting a web-based e-commerce site. The following document provides an in-depth look at the implementation of policy and procedures that will help this transition to become successful. These policies will eliminate confusion and specify the types of security that will ensure the safe and secure operation of the business. Furthermore, the policies have measureable goals and methods of testing the policies to determine their effectiveness in providing confidential information while retaining the integrity of the data and making the data readily available. The disaster recovery plan provides a risk analyst that lists the possible threats to this company and the critical business processes that require protection. This plan also provides suggestions for preparing a backup site, and goals for getting the business back up and running. The security sections of the paper outline what steps are required to secure each store to ensure the safety of the employees and customers. Detailed steps describe the types of technology that maintains the integrity of the computer systems, how they will connect to each other, and who can access the network. 2.Introduction

The purpose of this section is to provide an overview of Sunica Music and Movies, as well as an overview of the purposed security policies with the goals these policies will provide. 2.1.Company overview

Sunica Music and Movies is a local multimedia chain with four locations. All locations have been operating independently, which creates much difficulty coordinating customer sales from store to store based on inventory. They have decentralized accounting and a jumbled inventory with no Internet-based commerce. They would like to set up a central database that would allow for centralize accounting and inventory, as well as too set up Internet based commerce to increase sales. All transactions and customer inventory browsing will be done through a web interface and custom intranet website. Web servers tied to the company accounting and transaction servers will allow for real time sales and inventory information to customers. 2.2.Security policy overview

When looking at the different types of security policies, all four apply to this scenario. 1. This is a new setup that completely changes how this company has done business. Therefore, a program-level policy is necessary to create a management-sponsored computer security program "A program-level policy at the highest level." (Merkow and Breithaupt, 2006). 2. With a new setup, a program-framework policy, which establishes the overall approach to computer security, is necessary. 3. As issues will arise, an issue-specific policy will address specific areas of concern. 4. Further, as the new system is set up, management will find particular issues for a specific system, which creates the need for a system-specific policy. This new setup will include all four of the security policies. 2.3.Security policy goals

The goals of the...
tracking img