Information Security Policy – Bloom Design Group

Only available on StudyMode
  • Download(s) : 468
  • Published : July 14, 2010
Open Document
Text Preview
Information Security Policy – Bloom Design Group
Axia College

Executive Summary
Write 3-4 paragraphs describing the goals of the security plan, assumptions, and project constraints.

There are sufficient resources and timeframes needed to complete this project. Appropriate Bloom Design Group staff will be available to inform all employees of the security precautions. The project will conform to the requirements set forth by The Sarbanes-Oxley (SOX) Act of 2002. All employees, business associates and vendors will be made aware of the security policies set forth in this document that must be carried out until further notified. The security standards set forth to carry out this plan have been trialed and proven accurate for this policy.

Project goals, time frames and deadlines must all be met in order for the security plan to work effectively. This project is depending on the shared resources of the company, financial or otherwise. The project must comply with SOX Act of 2002 and any other City, State and Federal laws that apply. Dealing with offices that are geographically dispersed could hinder coordination and communication. Procedures must be put in place to educate and inform all employees, business associates and vendors affected by the standards set forth in Bloom Design Group Policy. Introduction

Overview of the company and the security goals to be achieved. The Bloom Design Group is a company that offers interior design services to businesses and individuals throughout the world. Bloom has a corporate office in New York and a second office in Los Angeles. The company’s Web site features a virtual decorating tool, which offers clients the chance to play with different color and design schemes. This tool allows their clients to get an idea of what a design project would look like once it is completed, before actually making color and design decisions. The Web site also gives interior designers access to their client files and company style guides, as well as the ability to electronically process orders for design materials and furniture. The designers use a secure login and a password to gain access to the Web site and its features. The company's workforce spends all its time working remotely and accessing the corporate network using a secure VPN.

The Sarbanes-Oxley Act affects corporate operations by creating new standards for corporate accountability as well as new penalties for acts of wrongdoing. It changes how corporate boards and executives must interact with each other and with corporate auditors. It removes the defense of "I wasn't aware of financial issues" from CEOs and CFOs, holding them accountable for the accuracy of financial statements. The Act specifies new financial reporting responsibilities, including adherence to new internal controls and procedures designed to ensure the validity of their financial records.

Physical Security Policy
Security of the facilities
Physical entry controls -
1.Restricted Areas / Work Areas
2.Escort Requirements / Visitor Control
3.Fences, Gates, Turnstiles, Mantraps
4.Security Guards / Dogs
6.Key and Combination Locks – All doors entering or exiting the building and all secured areas should have a key or combination lock installed. 7.Lighting – High security areas should have some type of lighting as a deterrent, such as streetlights, floodlights or searchlights.

Security offices, rooms and facilities
The users will have distinguished usernames that will be issued by the IT department, and the password must meet the restrictions presented in the access control policy. Prior to being issued a mobile network device, all users will sign paperwork identifying the company asset number they are being charged with and their acknowledgement to the understanding of the rules governing the device’s use. Motion detectors, Sensors, Alarms and Security Cameras – Strategically placed...
tracking img