Information Security Policy

Best Essays
Appendix B

INFORMATION SECURITY POLICY

Table of Contents
1. Executive Summary 1
2. Introduction 2
3. Disaster Recovery Plan 5
3.1. Key elements of the Disaster Recovery Plan 5
3.2. Disaster Recovery Test Plan 6
4. Physical Security Policy 8
4.1. Security of the facilities 8
4.1.1. Physical entry controls 8
4.1.2. Security offices, rooms and facilities 8
4.1.3. Isolated delivery and loading areas 9
4.2. Security of the information systems 9
4.2.1. Workplace protection 9
4.2.2. Unused ports and cabling 9
4.2.3. Network/server equipment 10
4.2.4. Equipment maintenance 10
4.2.5. Security of laptops/roaming equipment 10
5. Access Control Policy 11
6. Network Security Policy 14
7. References 16 1. Executive Summary

Sunica Music and Movies is a company that currently has four locations. This business is ready to improve the way they do business by implementing a computerized network that will allow for centralized accounting and inventory as well as starting a web-based e-commerce site. The following document provides an in-depth look at the implementation of policy and procedures that will help this transition to become successful.
These policies will eliminate confusion and specify the types of security that will ensure the safe and secure operation of the business. Furthermore, the policies have measureable goals and methods of testing the policies to determine their effectiveness in providing confidential information while retaining the integrity of the data and making the data readily available.
The disaster recovery plan provides a risk analyst that lists the possible threats to this company and the critical business processes that require protection. This plan also provides suggestions for preparing a backup site, and goals for getting the business back up and running.
The security sections of the paper outline what steps are required to secure each store to ensure the safety of the employees and customers. Detailed



References: Merkow, Mark & Breithaupt, Jim. (2006). Information Security: Principles and Practices. Published by Prentice Hall. Retrieved August 19, 2011

You May Also Find These Documents Helpful

  • Powerful Essays

    Information Security Policy

    • 2658 Words
    • 11 Pages

    Information Security Policies are a very important part of a company’s protection; these policies are put in place to protect the company and well as the clients. It is important to maintain a constant watch over all security departments daily to ensure that everything is in working order. The policy below is a great way to keep track of the steps needed to protect your company and clients. Romana Aftab 338 deare street 337-256-5555 337-256-5556 Alfred Beals Jr 2011 Information Security…

    • 2658 Words
    • 11 Pages
    Powerful Essays
  • Better Essays

    Role of Information Security Policy The Role of Information Security Policy The failure of organizations to implement a comprehensive and robust information security program can mean the untimely demise for some and costly setbacks for others. At the heart of information security is security policy. Without security policy there can be no security program. Without people, security policies would not exist. They would not be written, implemented, and enforced. Security policies and the adoption…

    • 1099 Words
    • 5 Pages
    Better Essays
  • Satisfactory Essays

    Introduction Student Name: Rodrick J. Maynard Axia College IT/244 Intro to IT Security Instructor’s Name: Ridwan Bari Date: May 1, 2011 Introduction WAN that is short for Wide Area Network this type of connectivity is a critical and key part for businesses especially ones that use voice and video over IP and the centralization of applications. It allows companies to use real-time traffic based applications to e-mail messages and inter-office voice communications…

    • 608 Words
    • 3 Pages
    Satisfactory Essays
  • Powerful Essays

    appropriate security for all Information Technology data, equipment, and processes in its domain of ownership and control. This obligation is shared, to varying degrees, by every member of the company. This document will: 1. Enumerate the elements that constitute IT security. 2. Explain the need for IT security. 3. Specify the various categories of IT data, equipment, and processes subject to this policy. 4. Indicate, in broad terms, the IT security responsibilities…

    • 1111 Words
    • 5 Pages
    Powerful Essays
  • Powerful Essays

    Critique of current Chicago information security policy Enterprise Information Security Policy (EISP) Areas similar to standards discussed Overview of the corporate philosophy on security Documents the Introduction and Purpose of the Information security policy of Chicago It provides a reasonable framework that helps the reader to understand the intent of the document Overview  The City of Chicago (City) intends to manage its information technology and information assets to maximize their efficient…

    • 2909 Words
    • 12 Pages
    Powerful Essays
  • Better Essays

    and Policies of Information Security Computer networks have allowed activity that none dreamed possible hundreds of years ago; however, millions of attempts to compromise the security of computer systems are made on a daily basis. Knowing and using the 12 principles of information security allows security professionals to mitigate most threats to data security. By understanding the different types of security policies, effective policies can be put into place that ensure better information security…

    • 841 Words
    • 4 Pages
    Better Essays
  • Better Essays

    Information Security

    • 1359 Words
    • 4 Pages

    Information Security American Public University Professor Michael Brown August 10, 2012 One of the biggest issues in the Information Technology field these days is information security. Today almost anything can be found on the internet. Even like how to videos on how to put in a window, break-into a house, or even hack computers. The digital age has many perks but it also has many down falls to it as well. The perks that we enjoy so much from the internet also leaves us open to identity…

    • 1359 Words
    • 4 Pages
    Better Essays
  • Powerful Essays

    Information Security

    • 874 Words
    • 4 Pages

    (assuring the security of utility services) related to information security? Information security is the protection of information and it is critical elements, including the systems and hardware that used, store, and transmit that information, Thus, assuring the security of utility services are critical elements in information system. 4. What type of security was dominant in the early years of computing? The type of security was dominant in the early years of computing security was entirely physical…

    • 874 Words
    • 4 Pages
    Powerful Essays
  • Good Essays

    information security

    • 528 Words
    • 3 Pages

    Information security Information Security Attributes: or qualities, i.e., Confidentiality, Integrity and Availability (CIA). Information Systems are composed in three main portions, hardware, software and communications with the purpose to help identify and apply information security industry standards, as mechanisms of protection and prevention, at three levels or layers: physical, personal and organizational. Essentially, procedures or policies are implemented to tell people (administrators…

    • 528 Words
    • 3 Pages
    Good Essays
  • Good Essays

    Security Policy

    • 966 Words
    • 4 Pages

    Law and Policy Case Stud Project: Law and Policy Case Study Date: 4/9/2013 Policies define a set of rules and procedures that all employees must abide by. It exist, first and foremost, to inform employees of what is and is not acceptable behavior in the organization. Information security is there to make sure that all of the organization's data are safe and secure against attacks. It sets up protocols to follow in order to achieve maximum data integrity, availability, and confidentiality…

    • 966 Words
    • 4 Pages
    Good Essays