SAMPLE Security Policy
Introduction: GDI background and given problem
Global Distribution, Inc. (GDI) is a distribution company that manages thousands of accounts across Canada, the United States, and Mexico. A public company traded on the NYSE, GDI specializes in supply chain management and in coordinating the warehousing, staging, distribution, transportation, and wholesaler/VAR relationship for their customers.
GDI employs over 3,200 employees and has been experiencing consistent growth keeping pace with S&P averages (approximately 8%) for nearly six years. A well-honed management strategy built on scaling operational performance through automation and technological innovation has propelled the company into the big leagues; GDI was only recently profiled in Fortune Magazine.
The GDI security policy displays the company stand on the value and importance of GDI information infrastructure, and states that internally and externally that infrastructure is an asset, the property of the GDI, and is to be protected from unauthorized access, modification, disclosure, and destruction. (SANS, 2007) GDI is committed to protecting employees, partners, vendors and the company from illegal or damaging actions by individuals, either knowingly or unknowingly. When GDI addresses issues proactively and uses correct judgment, it will help set us apart from competitors and show our commitment to ethical practices. GDI will not tolerate any wrongdoing or impropriety at any time. GDI will take the appropriate measures act quickly in correcting the issue if the ethical code is broken. Any infractions of this code of ethics will not be tolerated. (Ethics Policy, 2008)
It will be prudent to take time to thoroughly review these proposed security policies that will explain exactly what being articulated in the previous paragraphs. I assure you, that with the outlined proposed security policies, our infrastructure will continue to function as a “guidance so that the organization can continue” to GDI’s
Global Distribution, Inc. (GDI) is a distribution company that manages thousands of accounts across Canada, the United States, and Mexico. A public company traded on the NYSE, GDI specializes in supply chain management and in coordinating the warehousing, staging, distribution, transportation, and wholesaler/VAR relationship for their customers.
GDI employs over 3,200 employees and has been experiencing consistent growth keeping pace with S&P averages (approximately 8%) for nearly six years. A well-honed management strategy built on scaling operational performance through automation and technological innovation has propelled the company into the big leagues; GDI was only recently profiled in Fortune Magazine.
The GDI security policy displays the company stand on the value and importance of GDI information infrastructure, and states that internally and externally that infrastructure is an asset, the property of the GDI, and is to be protected from unauthorized access, modification, disclosure, and destruction. (SANS, 2007) GDI is committed to protecting employees, partners, vendors and the company from illegal or damaging actions by individuals, either knowingly or unknowingly. When GDI addresses issues proactively and uses correct judgment, it will help set us apart from competitors and show our commitment to ethical practices. GDI will not tolerate any wrongdoing or impropriety at any time. GDI will take the appropriate measures act quickly in correcting the issue if the ethical code is broken. Any infractions of this code of ethics will not be tolerated. (Ethics Policy, 2008)
It will be prudent to take time to thoroughly review these proposed security policies that will explain exactly what being articulated in the previous paragraphs. I assure you, that with the outlined proposed security policies, our infrastructure will continue to function as a “guidance so that the organization can continue” to GDI’s
References: Hausman, K., Weiss, M., & Barrett, D. (2011). Comptia security sy0-301. (3rd ed.). Pearson Education, Inc. SANS Institute (2006). Email Use Policy Retrieved from http://www.sans.org/security-resources/policies/Email_Policy.pdf SANS Institute. (2007). Information security policy-A development guide for large and small companies. Retrieved from https://www.sans.org/reading-room/whitepapers/policyissues/information-security-policy-development-guide-large-small-companies-1331 SANS Institute. (2006). InfoSec Acceptable Use Policy. Retrieved from http://www.sans.org/security-resources/policies/Acceptable_Use_Policy.pdf SANS Institute. (n.d) Password Policy. Retrieved from http://www.sans.org/security-resources/policies/Password_Policy.pdf SANS Institute. (n.d) SANS Security Policy Project. Information Security Policy Templates. Retrieved from http://www.sans.org/security-resources/policies/ SANS Institute. (n.d.) Wireless Communication Policy. Retrieved from http://www.sans.org/security-resources/policies/Wireless_Communication_Policy.pdf SANS Institute. (2008) Workstation Security Policy. Retrieved from http://www.sans.org/security-resources/policies/computer.php Texas Christian University. (2013) Remote Access Policy. Retrieved from https://security.tcu.edu/RemoteAccessPolicy.htm