Security Plan - Knowledge and Information Security

Only available on StudyMode
  • Download(s) : 431
  • Published : November 3, 2008
Open Document
Text Preview
Contents

CONTENTS4
EXECUTIVE SUMMARY6
RESPONSIBLE PERSONNEL7
CHIEF SECURITY OFFICER7
ELECTRONIC SECURITY MANAGER7
PHYSICAL SECURITY MANAGER7
RISK MANAGEMENT OFFICER7
ASSESSMENT OF RISK8
PHYSICAL8
ELECTRONIC9
DATA ACCESS SECURITY10
GENERAL SECURITY10
USER AUTHORISATION10
USER AUTHENTICATION11
SECURE DATABASE11
PHYSICAL FILES11
ELECTRONIC INTRUDER DETERRENCE – VIRUSES AND MALWARE12
SOCIAL ENGINEERING12
FILE SHARING12
WIRELESS NETWORKS13
STAFF VETTING AND SEPARATION PROCEDURES13
GENERAL STATEMENT13
STAFF SCREENING13
SEPARATION PROCEDURES13
PERSONNEL SECURITY14
GENERAL STATEMENT14
PASSIVE MONITORING14
POSITIVE MONITORING14
PHYSICAL SECURITY15
GENERAL STATEMENT15
AUTHORITY FOR ACCESS15
ACCESS CRITERIA15
INTRUSION DETECTION SYSTEMS16
EQUIPMENT SECURITY16
MONITORING SERVICES17
SECURITY BREACH NOTIFICATION17
INCIDENT RESPONSE17
CHANGE IN CULTURE17
INCIDENT TRACKING17
INCIDENT RESPONSE TEAM18
DISASTER RECOVERY18
GENERAL STATEMENT18
BACKUP FILES18
SECURITY AWARENESS TRAINING19
GENERAL STATEMENT19
INITIAL19
PERIODICAL19
CONTENT19
General19
Specific20
GENERAL SECURITY AWARENESS TRAINING20
CONCLUSION AND RECOMMENDATIONS22
BIBLIOGRAPHY23

Executive Summary
Given the extent of, and the nature of the organisation, the effective operation of the information technology systems is vital to the continuation of business. However, a corporation of 600 staff poses unique security challenges, many of which are satisfied with the implementation of an operational training program completed by all staff. This plan was developed, in part, to address issues identified in the security audit of 2007. Some of the issues raised have been addressed through the implementation of the Technical Systems and Information Technology Security Policy presented independently of this plan. Other issues of concern include incident response, disaster recovery, and business continuity. General lack of staff awareness of security issues is also a concern. This plan was formulated to be an integral part of the organisation’s security policy; it identifies potential threats to physical and electronic information security, designs guidelines in all areas of the organisational operations to minimise risk, and suggests an appropriate training scheme to be completed by both current and future employees at all levels.

Responsible Personnel
Chief Security Officer
Paul Maluga
Extension: 8080
The Chief Security Officer (CSO) is responsible for the oversight of the security system and coordinating security activities. The CSO is also responsible for staff security activities including security screening and security awareness training. Electronic Security Manager

James Brown
Extension: 8020
The Electronic Security Manager (ESM) oversees the electronic protection of the network and the administration of the database. Physical Security Manager
Andrew Ryan
Extension: 8035
The Physical Security Manager (PSM) is responsible for maintaining physical integrity of the organisation, its employees, and equipment. Risk Management Officer
Veronica Kales
Extension: 8050
The Risk Management Officer (RMO) is responsible for oversight of the disaster recovery centre as well as investigating alleged security breaches.

Assessment of Risk
Any organisation may become a target of persons wanting to acquire that information for personal, financial, or competitive advantage. The threats to an organisation’s information security may be both physical and electronic. Physical

(Hagen, Rong & Sivertsen, 2008)
Building security is meant to safeguard personnel, property, and equipment. Properly instituted, it prevents illegal access to organisational assets. Threats to the physical security include: 1)Covert security breaches aimed at gaining access to information repositories a)Unauthorised physical access to premises to gain information. During covert...
tracking img