It 244 Final

Only available on StudyMode
  • Download(s) : 63
  • Published : January 27, 2013
Open Document
Text Preview
Associate Level Material
Appendix B

Information Security Policy

Student Name: Ronald Stride

University of Phoenix

IT/244 Intro to IT Security

Instructor’s Name: Scott Smith

Date: January 27, 2013

Table of Contents

1.Executive Summary1

2.Introduction1

3.Disaster Recovery Plan1

3.1.Key elements of the Disaster Recovery Plan1

3.2.Disaster Recovery Test Plan1

4.Physical Security Policy1

4.1.Security of the facilities1

4.1.1.Physical entry controls1

4.1.2.Security offices, rooms and facilities1

4.1.3.Isolated delivery and loading areas2

4.2.Security of the information systems2

4.2.1.Workplace protection2

4.2.2.Unused ports and cabling2

4.2.3.Network/server equipment2

4.2.4.Equipment maintenance2

4.2.5.Security of laptops/roaming equipment2

5.Access Control Policy2

6.Network Security Policy3

7.References3

Executive Summary

Sunica Music and Movies will be implementing a full security plan to ensure proper handling and access of data in our new system. Vulnerable customer information being properly protected is a top priority for us. An added benefit will be the security and accuracy afforded to employees through this protection.

Customers trust this organization with highly private personal and financial information. That makes it our responsibly to handle that information with the utmost respect and care. Through the controls and procedures outlined in this policy we can achieve those goals.

Employees have the right while being given access to this type of information to also be fully protected. The controls and procedures designated here will also facilitate that. For example leveled access removes temptation to lower level employees and protects them from being accused of infractions not ever in their control.

Here at Sunica we are ready to keep up with technology and build a better business model through that practice. However without a complete security outline and the enforcement of it we will not achieve this goal. It is highly recommended that this policy be carefully read and followed by all parties involved in this company. A signed copy will be required to be kept on file for all employees and customers will be made fully aware that their security is our top priority.

Introduction

1 Company overview

Sunica Music and Movies is a small business that is making a move to keep up with technology. The goals of this company are to synchronize the many locations to work together as one and develop a web presence. To accomplish these goals they are going to link the stores with private business data on one side and a user interface for the public on the other. Inventory and accounting will be a large factor in their success but security will be a very important aspect as well. Since transactions are conducted online they will require security from the inside and outside of the system.

2 Security policy overview

As a small company a System-Specific policy will be appropriate. By clearly outlining data handling procedures for the system key factors like protection, detection and response can be maximized and provide an overall better level of security.

3 Security policy goals

1 Confidentiality

This company handles private and financial data so prohibiting misuse of this information is vital. There will be layers of access consisting of manager, asst. manager and cashier level employees.

2 Integrity

Credentials for each employee will be provided by management. Customers will create personal credentials to conduct transactions. Firewalls will keep things contained and immediate encryption will apply to personal financial information.

3 Availability

Back-ups will be...
tracking img