University of Phoenix / Axia College
IT244 Intro to IT Security
November 1st, 2009
The overall objective of the Bloom Design Group Information Security Policy is to create a program that will promote an environment of secure data within the Bloom Design Group community from attacks or threats of attack against productivity, intellectual property rights, reputation or client and employee privacy intellectual. As it is recognized and noted the important and vital role that technology has in the modern work place, it is paramount to the Bloom Design Groups future to ensure that all data and personal information (client and employee) is ultimately secure and free from harm. The following policy applies exclusively to all users and those Bloom Design Group designates as “guest users” within the Bloom Design Group network and all types (analog or digital) of data resources. The policy will detail all user and “guest user” responsibilities to eliminate unauthorized and unwanted access to the Bloom Design Group’s network and related data. The information security policy is designed to be compliant with all regulations of Sarbanes-Oxley Act of 2002 and all other governmental laws that were created specifically to regulate types of information and technology. Introduction
The Bloom Design Group is an interior design company that offers services to businesses and individual clients throughout all seven continents. One of the many services and features that Bloom offers is an online virtual design studio; this tool is located on the company’s website. The design tool allows clients to experiment with color schemes and design ideas in order to view realistic visuals of a finished project. The website also offers designers the ability to access client files and Bloom’s original design and style guide, as well as the ability to process orders for furniture and design materials as they are needed. The Bloom Design Group has its corporate headquarters located in New York and a satellite office in Los Angeles, the majority of Bloom’s employees work remotely via a secure VPN (Virtual Private Network); as such it is possible for Bloom to have an office virtually anywhere at any time. For the Bloom Design Group there are three main areas that will be focused on to improve information security. The three areas of focus are as follows; physical site security, access control and network security. Physical Security Policy
One of the most under-rated areas for information security is within the actual physical security of the facility or business. This approach refers to the security of the building and the areas where the information is stored and the information system they are stored on. Security of the facilities
Physical Entry Controls – All entry points into the buildings will be changed to a keyless entry system using individual specific P.I.N. (Personal Identification Number), this will allow users access to areas that are job specific. Entry to the server room and other designated areas will be controlled by a bio-metric system that will only allow entrance to authorized personnel only. Both of the above described methods will provide a detailed report of individuals who enter and exit.
Offices, Server Rooms and Facilities – The two offices of the Bloom Design Group (New York and Los Angeles) will have keyless entry into the buildings and closed circuit video cameras at all entry and exit points. Server rooms and other designated areas will have bio-metric access to ensure authorized entry to secure areas. The server room will also have rack mounted servers; these racks can in turn be locked to avoid theft. The server room will also have non-absorbent fire-suppression system and a built in HVAC system that will keep the server room at an optimal room temperature. The facilities themselves must be look at and it must be determined...