It Appendix B

Only available on StudyMode
  • Download(s) : 1056
  • Published : March 14, 2011
Open Document
Text Preview
Axia College
IT/244 Intro to IT Security
Date: January 6, 2011
* Table of Contents
1.Executive Summary1
3.Disaster Recovery Plan1
3.1.Key elements of the Disaster Recovery Plan1
3.2.Disaster Recovery Test Plan1
4.Physical Security Policy1
4.1.Security of the facilities1
4.1.1.Physical entry controls1
4.1.2.Security offices, rooms and facilities1
4.1.3.Isolated delivery and loading areas2
4.2.Security of the information systems2
4.2.1.Workplace protection2
4.2.2.Unused ports and cabling2
4.2.3.Network/server equipment2
4.2.4.Equipment maintenance2
4.2.5.Security of laptops/roaming equipment2
5.Access Control Policy2
6.Network Security Policy3

Executive Summary
Due in Week Nine: Write 3 to 4 paragraphs giving a bottom-line summary of the specific measureable goals and objectives of the security plan, which can be implemented to define optimal security architecture for the selected business scenario. Enter your text here

Company overview

The Bloom Design Group, which has two offices, the main office located in New York and a second office in Los Angeles. The website features a virtual decorating tool which gives the user the ability to play with color and design schemes. This site also gives the client access to company styles and guides and the ability to process orders electronically. The website will have a password and user login. Security policy overview

I would have to say programme framework and issue specific. Programme Framework because you will need to keep up with the security of the mission, which is design. Issue specific because the organization of The Bloom Design Group

Security policy goals
Reduce the loss of data, data corruption and maintain the mission critical database. Keep errors to a minimum. Public, business and customer information should be confidential by employees and other insiders. Integrity

It will address responsibilities of officials and offices throughout the organization, to include the role of the line manager, application owners, users and the IT organization. It will determine between the responsibilities of computer services providers and the managers of applications using the computer service. For instance, non conformance can be due to a lack of knowledge or training. Have employees read and sign the organizations position on what is prohibited from using the Internet. Keep the trade secrets.

The system will have back- up and recovery using each office. The one in New York will have Los Angeles back-up and recovery and via versa. The quality of service should not be interrupted by having it set up this way.

Disaster Recovery Plan
Risk Assessment
Critical business processes
There are five steps that are mission critical for businesses to follow for the continuity plan: 1) Ask questions to the company or organization. For instance; what critical aspects of the business do they wanted included in the plan? This could be done by an audit analysis of the company’s assets which include employees, the facilities, the applications, and the IT systems. Also which types of threats are at risk, either man-made or natural? 2) As a result to step 1 creates the business impact assessment. The BIA measures the operating and financial loss to the organization resulting from a disruption to critical business. 3) The person or persons who came up with the BIA has to sell this concept to the senior management and get financial back up. 4) After approval and back up, each department will need to understand their role in the plan and support and help maintain it. 5) The last item is implementing the plan. This is conducted through testing, training, and ongoing review and support of the BCP, both with the practical terms and financial.

Internal, external, and environmental risks
Physical Security...
tracking img