Information Security Policy Essay

4226 words - 17 pages

Axia College Material
Appendix B

Information Security Policy

Student Name: Brice Washington

Axia College

IT/244 Intro to IT Security

Instructor’s Name: Professor Smith

Date: 11/7/2011

Table of Contents

1. Executive Summary 1

2. Introduction 1

3. Disaster Recovery Plan 1

3.1. Key elements of the Disaster Recovery Plan 1

3.2. Disaster Recovery Test Plan 1

4. Physical Security Policy 1

4.1. Security of the facilities 1

4.1.1. Physical entry controls 1

4.1.2. Security offices, rooms and facilities 1

4.1.3. Isolated delivery and loading areas 2

4.2. Security of the information systems 2

4.2.1. ...view middle of the document...

Threats to the system would be hackers looking to disrupt our system and/or steal sensitive data. There are also natural threats like fires or power outages that can threaten the safety of our data as well.

With the proper implementation, we’ll be able to protect both our physical systems and logical systems and continue to grow as a business. The following information will hopefully help Bloom Design install a good information security policy.


1 Company overview

As relates to your selected scenario, give a brief 100- to 200-word overview of the company.

The Bloom Design Group offers interior design services to business and individual customers all over the world. Bloom has two offices, one in New York and one in Los Angeles. Bloom Design allows for customers to go on their website and experiment with different color designs and arrangements. Interior designers can access the site for client files, style guides and to order new materials. The designers can use a password to access the Bloom site so that they can do their business. The company also has a secure virtual private network or VPN that employees access remotely so they can work anytime anywhere.

2 Security policy overview

Of the different types of security policies—program-level, program-framework, issue-specific, and system-specific—briefly cover which type is appropriate to your selected business scenario and why.

For Bloom Design, I would use program specific policies. Program specific policies address areas of programme implementation company wide. Program framework covers everything from internet browsing to email policies. With a program framework policy we’ll state security goals and how we’ll achieve them. Program framework policy defines the elements that form the basis of the security program. I feel like this is the best choice because it will cover Bloom Design’s basis in many different aspects.

3 Security policy goals

As applies to your selected scenario, explain how the confidentiality, integrity, and availability principles of information security will be addressed by the information security policy.

1 Confidentiality

With a program framework policy designers access the Bloom website through a secure login. This way, only designers who know the passwords will be able to access client files and company style guides. This means designer’s designs, guides, and client details will remain confidential.

2 Integrity

Give a brief overview of how the policy will provide rules for authentication and verification. Include a description of formal methods and system transactions.

When a designer wants to access the site for client files or to upload new designs or access client files the integrity of the information is maintained by the person accessing the information. Clients would be able to access the design...

Other assignments on Information Security Policy

Nt 2580 Testing And Monitoring Essay

309 words - 2 pages . Passwords that meet security requirements but remain easily guessable are a hazard and could affect a network. The Solution: Implementing a change of password every so often. Implement the strategy that requires a combination of letters and numbers, and a minimum of a 30 day password renewal policy. Information on a laptop that is not encrypted would be a huge security issue. It would be likely that there would be some sort of damage in the event of “falling into the wrong hands.” The Solution: To prevent this from happening it is important to encrypt the drives and other sensitive information.

Cyber Security In Business Essay

1513 words - 7 pages Information Security and Enterprise Management. An information security policy documents executive management's direction on, and commitment to, information security. To be effective, you must communicate the security policy to everyone within your enterprise that handles your information or uses your systems. An effective information security policy encompasses the following: * Include a statement of direction from executive management

Principles Of Information Security

953 words - 4 pages institution should develop an institution-wide customer information security policy that each business unit will have to follow. In order to comply with the policy, each business unit will have to develop procedures, business practices, and internal controls that address the policy requirements. Adding security process into your leadership team’s behaviors can also help the culture effort. Make sure executives are apprised of incidents on a regular

Unit 9 Lab Recommend It Security Policies To Help Mitigate Risk

350 words - 2 pages to school computers - Open connections on the WLAN. - The principals traveling notebook can carry a virus - wireless access security 3. Given the potential risks that you identified, what IT security policies would you recommend be created by the school to help mitigate each of the identified risk exposures you listed in #above? I would say create an AUP and a policy that implements the encryption of the file servers. First and

Security Awareness

2691 words - 11 pages Information Security - Security Awareness Abstract: 3 Security Awareness 4 Regulatory Requirements for Awareness and Training 7 References 13 Abstract: Information security means protecting information and information systems (IS) from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. A policy can be described as a set of principles intended to manage

Information Systems Security

286 words - 2 pages Colten Ruff 4/24/13 Information Systems Security Unit 4 assignment 1- Enhance an Existing IT Security Policy Framework 1.0 Purpose The purpose of this policy is to define standards for connecting to Richman Investment's network from any host. These standards are designed to minimize the potential exposure to Richman Investment from damages which may result from unauthorized use of Richman Investment resources. Damages include the loss


259 words - 2 pages necessary for the protection of a multilevel computer system; identifying the role of management and policy issues in computer security. This report/paper significantly expanded the scope of computer security to include the following: securing the data, limiting random and unauthorized access to said data, and involving personnel from multiple levels of the organization in matters pertaining to information security. 3. Consider the information

Information Security

253 words - 2 pages information security context? It refers to how the info supplied by users will be protected. Is the data confidential, or will it be accessed by anyone? Will it be protected from others? Can you expect reasonably that your personal/confidential information will be protected? 3. (Whitman & Mattord, 2011, p. 114) How does the Sarbanes-Oxley Act of 2002 affect information security managers? 4. (Whitman & Mattord, 2011, p. 114) How is due


2440 words - 10 pages significant Information Technology (IT) security vulnerabilities. AS products and services are at the forefront of the industry and the protection of such is very important as they are an industry leader. The vulnerabilities that will be discussed are the firewall configuration, virtualization of their hardware assets and defining security policy regarding the timeliness of firewall configuration and updates. Company Overview Aircraft Solutions


999 words - 4 pages of [AGENCY] Information Resources access privileges, civil, and criminal| | |prosecution. | |Supporting Information |This Security Policy is supported by the following Security Policy Standards. | |Reference # |Policy Standard detail

Is3230 Unit 2 Assignment 1

307 words - 2 pages Selecting Security Countermeasures IS3220 As a technology associate in the information system department at Corporation Tech I have reviewed the new network design and identified possible security threats and appropriated countermeasures. Entering the internet without proper security can be harmful in many ways. The first thing that should be added is a firewall. Firewalls can prevent unwanted traffic from infiltrating the network. This is

Similar Documents

Security Policy Essay

304 words - 2 pages Riordan Manufacturing Security Policy Smith Systems Consulting has been hired to evaluate and consult on the creation of a new information technology security policy to span the complete enterprise infrastructure. This document will serve as a recommendation for Riordan Manufacturing as it pertains to the enterprise wide information security strategy. Riordan Manufacturing currently has three locations within the United States and one

Ethical Issues Arising From The Intersection Of Law, Compliance & Investigations

417 words - 2 pages There are several ethical issues that arise in information security. The security is one of most issue of concern for every business organization. Ethics is a term which is used to distinguish between right or wrong things. Ethical issues in computer security includes cybercrimes, computer hacking and information warfare. In an Internet world, many banking organizations are attacked by attackers and millions of credit card details stolen every

The Internet Essay

989 words - 4 pages data, it needs to put adequate security tools in place such as developing policies and procedures for staff to secure very sensitive information where the business is concern. An effective network security policy is the foundation of an adequate information security environment which protects the business’s confidential data such as its finances and staff salary. A network security policy is the basic document that defines the expectations

Document Essay

315 words - 2 pages ensure confidentiality by implementing__________? 9) Encrypting e-mail communications is needed if you are sending confidential information within an e-mail message through the public Internet? 10) Using security policies, standards, procedures, and guidelines helps organizations decrease risks and threats? 11) A data classification standard is usually part of which policy definition? 12) The SSCP professional