INFORMATION SECURITY POLICY
Table of Contents
Disaster Recovery Plan
Key elements of the Disaster Recovery Plan
Disaster Recovery Test Plan
Physical Security Policy
Security of the facilities
Physical entry controls
Security offices, rooms and facilities
Isolated delivery and loading areas
Security of the information systems
Unused ports and cabling
Security of laptops/roaming equipment
Access Control Policy
Network Security Policy
Sunica Music and Movies is a company that currently has four locations. This business is ready to improve the way they do business by implementing a computerized network that will allow for centralized accounting and inventory as well as starting a web-based e-commerce site. The following document provides an in-depth look at the implementation of policy and procedures that will help this transition to become successful. These policies will eliminate confusion and specify the types of security that will ensure the safe and secure operation of the business. Furthermore, the policies have measureable goals and methods of testing the policies to determine their effectiveness in providing confidential information while retaining the integrity of the data and making the data readily available. The disaster recovery plan provides a risk analyst that lists the possible threats to this company and the critical business processes that require protection. This plan also provides suggestions for preparing a backup site, and goals for getting the business back up and running. The security sections of the paper outline what steps are required to secure each store to ensure the safety of the employees and customers. Detailed steps describe the types of technology that maintains the integrity of the computer systems, how they will connect to each other, and who can access the network. 2.
The purpose of this section is to provide an overview of Sunica Music and Movies, as well as an overview of the purposed security policies with the goals these policies will provide. 2.1.
Sunica Music and Movies is a local multimedia chain with four locations. All locations have been operating independently, which creates much difficulty coordinating customer sales from store to store based on inventory. They have decentralized accounting and a jumbled inventory with no Internet-based commerce. They would like to set up a central database that would allow for centralize accounting and inventory, as well as too set up Internet based commerce to increase sales. All transactions and customer inventory browsing will be done through a web interface and custom intranet website. Web servers tied to the company accounting and transaction servers will allow for real time sales and inventory information to customers. 2.2.
Security policy overview
When looking at the different types of security policies, all four apply to this scenario. 1. This is a new setup that completely changes how this company has done business. Therefore, a program-level policy is necessary to create a management-sponsored computer security program "A program-level policy at the highest level." (Merkow and Breithaupt, 2006). 2. With a new setup, a program-framework policy, which establishes the overall approach to computer security, is necessary. 3. As issues will arise, an issue-specific policy will address specific areas of concern. 4. Further, as the new system is set up, management will find particular issues for a specific system, which creates the need for a system-specific policy. This new setup will include all four of the security policies. 2.3.
Security policy goals
The goals of the...
Please join StudyMode to read the full document