The purpose of this paper is to create a policy that will ensure Firion 's compliancy with governmental regulations concerning cyber security as well for the protection of the company and its customers.
Introduction
Firion is a “corporation which develops, produces, and markets specialized jackets used in waste disposal and other safety-related applications” (UMUC, 4). Like most modern companies, Firion utilizes technology for increased efficiency in production, networking among employees, and to store and maintain important data. For example, databases contain employee and customer information as well as sensitive information about the research concerning Firion’s new glove designs and coatings. It is of extreme importance …show more content…
The Sarbanes-Oxley Act is organized into eleven titles and protects from errors in accounting to fraudulent practices. IT and financial departments are affected due IT departments the daunting task of having to produce and preserve a archive of corporate files in a way that is lucrative and that complies with the requirements set forth by the legislation. The Sarbanes-Oxley Act states that all records can only be saved for five years. SOX allow enough information about transactions that would allow one to identify where misstatements due to fraud or human error could occur. There is information and controls set forth to detect or prevent fraud ("What is sox," …show more content…
The missing of a formal acceptable use policy (AUP) did not give user or management a guideline on the day-to-day activities. The incident involving Laura requesting trial software without getting proper security review and authorization shows the lack of security awareness and proper request for exception procedure. According a report from Ernst & Young, over 75% of security breaches are caused by activities by internal users (H. M. P. S. & Wijayanayake, 2009). Misuse of computer resources in work place not only reduced productivities but also bring additional risk to company’s reputation. Activities like surfing the web and participating in social networking sites might bring questionable contents to the work place. These contents can be seen as a form of sexual harassment. The Melissa virus, founded in 1999, was originally planted in an alt.sex Usenet newsgroup message. The billions of dollars of productivity lost and the negative publicity can tarnish the image and the business of Firion. Without a formal review on software request, the IT security organization will not be able to design a security solution to cover the user base. This gap will allow both internal and external intruders to plant software or Trojan to disrupt services or stealing