Information Security Policy
Student Name: Ronald Stride
University of Phoenix
IT/244 Intro to IT Security
Instructor’s Name: Scott Smith
Date: January 27, 2013
Table of Contents
3.Disaster Recovery Plan1
3.1.Key elements of the Disaster Recovery Plan1
3.2.Disaster Recovery Test Plan1
4.Physical Security Policy1
4.1.Security of the facilities1
4.1.1.Physical entry controls1
4.1.2.Security offices, rooms and facilities1
4.1.3.Isolated delivery and loading areas2
4.2.Security of the information systems2
4.2.2.Unused ports and cabling2
4.2.5.Security of laptops/roaming equipment2
5.Access Control Policy2
6.Network Security Policy3
Sunica Music and Movies will be implementing a full security plan to ensure proper handling and access of data in our new system. Vulnerable customer information being properly protected is a top priority for us. An added benefit will be the security and accuracy afforded to employees through this protection.
Customers trust this organization with highly private personal and financial information. That makes it our responsibly to handle that information with the utmost respect and care. Through the controls and procedures outlined in this policy we can achieve those goals.
Employees have the right while being given access to this type of information to also be fully protected. The controls and procedures designated here will also facilitate that. For example leveled access removes temptation to lower level employees and protects them from being accused of infractions not ever in their control.
Here at Sunica we are ready to keep up with technology and build a better business model through that practice. However without a complete security outline and the enforcement of it we will not achieve this goal. It is highly recommended that this policy be carefully read and followed by all parties involved in this company. A signed copy will be required to be kept on file for all employees and customers will be made fully aware that their security is our top priority.
1 Company overview
Sunica Music and Movies is a small business that is making a move to keep up with technology. The goals of this company are to synchronize the many locations to work together as one and develop a web presence. To accomplish these goals they are going to link the stores with private business data on one side and a user interface for the public on the other. Inventory and accounting will be a large factor in their success but security will be a very important aspect as well. Since transactions are conducted online they will require security from the inside and outside of the system.
2 Security policy overview
As a small company a System-Specific policy will be appropriate. By clearly outlining data handling procedures for the system key factors like protection, detection and response can be maximized and provide an overall better level of security.
3 Security policy goals
This company handles private and financial data so prohibiting misuse of this information is vital. There will be layers of access consisting of manager, asst. manager and cashier level employees.
Credentials for each employee will be provided by management. Customers will create personal credentials to conduct transactions. Firewalls will keep things contained and immediate encryption will apply to personal financial information.
Back-ups will be...