It 244 Appendix B

Only available on StudyMode
  • Download(s) : 178
  • Published : December 22, 2012
Open Document
Text Preview
Associate Level Material
Appendix B

Information Security Policy
Student Name: Dennis H Jarvis Jr.
University of Phoenix
IT/244 Intro to IT Security
Instructor’s Name: Scott Sabo
Date: 12/21/2012
* Table of Contents
1.Executive Summary1
2.Introduction1
3.Disaster Recovery Plan1
3.1.Key elements of the Disaster Recovery Plan1
3.2.Disaster Recovery Test Plan1
4.Physical Security Policy1
4.1.Security of the facilities1
4.1.1.Physical entry controls1
4.1.2.Security offices, rooms and facilities1
4.1.3.Isolated delivery and loading areas2
4.2.Security of the information systems2
4.2.1.Workplace protection2
4.2.2.Unused ports and cabling2
4.2.3.Network/server equipment2
4.2.4.Equipment maintenance2
4.2.5.Security of laptops/roaming equipment2
5.Access Control Policy2
6.Network Security Policy3
7.References3

Executive Summary
Due in Week Nine: Write 3 to 4 paragraphs giving a bottom-line summary of the specific measureable goals and objectives of the security plan, which can be implemented to define optimal security architecture for the selected business scenario.

This disaster plan was put together to try and protect valuable information should it be attacked by hackers or threatened by a natural disaster. As this company grows, so will the value of the network and the information it retains. We want to ensure to the customer and the employee that this information is safe and not vulnerable to an attack. This plan was devised to help protect against failures such as the complexity of the system, accidental failure or a breech by hostile intent.

Awareness of these kinds of attacks is the key and to be prepared on the part of management and the user. They must be made aware of the consequences of their actions while using the network and accessing the data. The users of the network and system need to be prepared in case of an attack and have knowledge of the steps that need to be taken in order to make it secure.

This plan shall be discussed often and updated as needed in order to keep up on demand and the ever changing environment. The system will be continually monitored of usage of the data and network. This plan will also be monitored for potential improvements in performance and usability while keeping the system safe and secure.

Introduction
Due in Week One: Give an overview of the company and the security goals to be achieved. Company overview
As relates to your selected scenario, give a brief 100- to 200-word overview of the company.
Sunica music and movies is a chain store that sells music and movies, currently having four locations. These stores are not connected by the internet or network of any kind. They are absolutely isolated from each other and cannot communicate with each other about customer sales or store inventory. These stores need to be connected with each other to keep track of inventory so they can increased sales. These stores also need to be made available to the public online to increase sales and availability of stocked items and new releases through their web site. The web site needs to be simple and they need to communicate with each other in order to be more efficient, keep track of stock, and to be able to keep the correct amount of stocked items to be sold and ordered.

Security policy overview
Of the different types of security policies—program-level, program-framework, issue-specific, and system-specific—briefly cover which type is appropriate to your selected business scenario and why.

I believe that the best policy for my company would be Issue Specific. Since there are only four chain stores and each store would store its own information and be connected via internet the policy would be specific to each system. I would also assume there would be wifi available that would have certain group rules for public access.

Security policy goals
As applies to your...
tracking img