...Enterprise Security Plan CMGT/430 Enterprise Security Plan This Enterprise Security Plan (ESP) for Riordan Manufacturing employees the levels of security required to protect the network and resources utilized to communicate. It is intended purpose is to formulate a means to counterattack against security risk from potential threat. The ESP servers as a way to identify risks and to ensure a contingency plan is in place to protect the availability, integrity, and confidentiality of the Riordan organization's information technology (IT) system. The ESP benefits all employees however it is most beneficial to information resource managers, computer security officials, and administrators as it is a good tool to use for establishing computer security policies. The ESP in its basic form is a systematic approach to addressing the company’s network, its capability, the threats it is susceptible to and a mitigation strategy that addresses those threats if and should they occur. In addition to addressing the threats the ESP will also make provisions for establishing contingency plans in case of a disaster. The information covered by this plan includes all information systems, IT resources, and networks throughout the Riordan global organization owned or operated by employees in the performance of their job duties, whether written, oral, or electronic. Further it establishes an effective set of security policies and controls required to identify and mitigate vulnerabilities that...
Words: 2085 - Pages: 9
...threats and risks they could face seriously. Security Risk Management (SRM), Business Continuity Management (BCM) and Emergency Planning (EP) assist in achieving this by putting in place effective risk identification and management measures. Effective management of risk can make the difference between success or failure of business operations during and after difficult events. Threats can include man made threats, such as terrorist attacks, or naturally occurring threats such as earthquakes. Effective risk identification and management is essential to any business, especially with the current uncertainty in the world’s economic climate. In order for businesses to survive, during times of increased strain on business operations, it is essential that an alignment between security and business operations can be achieved. This can be achieved by the security department not only widening the remit to cover more risks, but changing how the department works and relates to the rest of the business; including shared responsibility for things such as Corporate Governance, Information Assurance, Business Continuity, Reputation Management and Crisis Management. The problem is security departments now have more responsibilities in an increasingly complex and fast moving world. Security Risk management is no longer an activity just for companies who work in high-risk areas or with exposure to significant security threats. Therefore, security is no longer viewed as a stand-alone activity...
Words: 5764 - Pages: 24
...GIAC Enterprises Security Controls Implementation Plan Group Discussion and Written Project John Hally, Erik Couture 08/07/2011 GIAC Enterprises – Security Controls Implementation Plan Table of Contents Executive Summary Introduction Security Controls Implementation Plan Incident Response Weekend Plan Conclusions References 3 3 4 6 9 9 2 GIAC Enterprises – Security Controls Implementation Plan Executive Summary The cyber-threat landscape has evolved significantly in recent years. From primarily a threat of denial of service and website vandalism in years past, to the currently advanced and well resourced adversaries employing complex technologies to achieve financial and political benefit. At GIAC Enterprises, we have observed huge increases in suspicious network activity directed at our corporate networks, sometimes even targeting key individuals. Due to the huge global increase in demand for fortune cookie messages, it is reasonable to expect that this undesired attention will only increase in the coming months and years as cyber-criminals and possibly corporate spies attempt to closely monitor our business activities and steal vital business information. This paper presents the recommendations of the tiger team, which was recently formed, with the goals of: 1. Developing a strategy for the implementation of the SANS Top 20 Security Controls, and in particular the creation of an incident response capability; and 2. Identifying and eradicating any possible...
Words: 3167 - Pages: 13
...Framework Computer Security Division Information Technology Laboratory NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 1 Managing Enterprise Risk Key activities in managing enterprise-level risk—risk resulting from the operation of an information system: Categorize the information system Select set of minimum (baseline) security controls Refine the security control set based on risk assessment Document security controls in system security plan Implement the security controls in the information system Assess the security controls Determine agency-level risk and risk acceptability Authorize information system operation Monitor security controls on a continuous basis NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 2 Risk Management Framework Starting Point CATEGORIZE Information System Define criticality/sensitivity of information system according to potential worst-case, adverse impact to mission/business. MONITOR Security State Continuously track changes to the information system that may affect security controls and reassess control effectiveness. SELECT Security Controls Select baseline security controls; apply tailoring guidance and supplement controls as needed based on risk assessment. Security Life Cycle AUTHORIZE Information System Determine risk to organizational operations and assets, individuals, other organizations, and the Nation; if acceptable, authorize operation. IMPLEMENT Security Controls Implement security controls within...
Words: 723 - Pages: 3
...Your Company Security Plan for Unclassified Data Version 1.3 March 20, 2012 Developed By: Your Committee Committee Your Company Important Disclaimer: The Aerospace Industries Association of America, Inc. (“AIA”) has no intellectual property or other interest in this Aerospace Industry Guideline for Developing a Security Plan for Unclassified Data. By developing this Aerospace Industry Guideline for Developing a Security Plan for Unclassified Data Plan and making it freely available to anyone, AIA assumes no responsibility for this Guideline’s content or use, and disclaims any potential liability associated therewith. Executive Overview From time to time an AIA member company may be requested to provide the DOD, a prime contractor or an industry partner an Information Technology Security Plan for unclassified data. This security plan could be required at the enterprise, program or application level depending on the unique requirements of the request. This request might be challenging for those members that have never been required to provide such a document. This “Aerospace Industry Guideline for Developing a Security Plan for Unclassified Data” provides a template and guidance to assist member companies in the development of a security plan to meet their customers or partners needs. Please keep in mind that this document is provided as a guideline and not a mandatory standard. AII member companies are encouraged to use this guideline. Use...
Words: 2097 - Pages: 9
...Emerging Cybersecurity Policies in the Federal Government 3 Emerging Policies and Practices 4 Defense in Depth (DID) 5 Security Risk Frameworks 6 Test Driven Development 8 Business Service Frameworks 9 Acceptance and Preparation for Failure 11 The Federal Government and these Emerging Policies and Practices 13 The Feds and Defense in Depth 14 The Feds and Security Risk Frameworks 14 The Feds and Test Driven Development 16 The Feds and Business Service Frameworks 17 The Feds and Acceptance and Preparation for Failure 19 How could the Feds continue to improve 20 References 22 Emerging Cybersecurity Policies in the Federal Government One of the largest and most important enterprises there is to protect in the cyber security realm are the various networks that make up the federal government. This massive undertaking to secure the systems, networks, and data of the various governmental agencies is a never ending uphill battle. The requirements of the federal government enterprise to be globally far reaching, as well as user friendly, scalable, and multi-functional lie in direct contrast with the additional requirements for the data the federal government enterprise harbors to be secure with extremely high availability, integrity and confidentiality. This balancing act of usability versus security is common among all enterprises, but it is radically highlighted within the federal government sector due to...
Words: 6354 - Pages: 26
...Enterprise Security Plan University Of Phoenix CMGT 430 Carol Eichling March 26, 2014 Enterprise Security Plan Huffman trucking company is a national transportation company. The company’s 1,400 employee’s work in its logical hubs located in Los Angeles, California, St. Louis, Missouri, and Bayonne, New Jersey; its central maintenance facility is in Cleveland, Ohio; and as drivers of its 800 road tractors. (University of Phoenix, 2005) Team A has been consulted to create an enterprise security plan that will identify the information security challenges within Huffman trucking company network and establish mitigation plans to offset those challenges. The enterprise security plan will address some of the top vulnerabilities and risks that Huffman trucking company has the potential of experiencing. The plan will also include a list of physical and logical vulnerabilities within the company, and a specific list of remediation or mitigation steps for those vulnerabilities or threat pairs. “Enterprise security planning (ESP) is the aligning of information security policies and practices and applicable security technologies with the business rules and the evolving information models and technical architectures being used by a government or business”. (Erutal, L., Braithwaite, T., Bellman, B., 2012 pg. 144) As we started our examination of Huffman trucking vulnerabilities and risk, we took a strategic look at their assets and the possible vulnerabilities that could have an...
Words: 1665 - Pages: 7
...SECURING WI-FI ROGUE ACESS WITHIN AN ENTERPRISE SETTING Securing Wi-Fi Rogue Access within an Enterprise Setting Daniel Joel Clark A Capstone Presented to the Information Technology College Faculty of Western Governors University in Partial Fulfillment of the Requirements for the Degree Master of Science in Information Security Assurance January 9, 2014 1 SECURING WI-FI ROGUE ACESS WITHIN AN ENTERPRISE SETTING 2 A1 - Abstract Since 1999 wireless devices have become a necessity in enterprises. While increasing convenience, connectivity, and productivity, they also pose an unprecedented threat to network security guarding, which has literally taken to the airwaves. This paper will deal with vulnerabilities and risks regarding access points (APs) in a wireless network (WLAN) connecting to a wired local area network (LAN) in enterprises. Data for this paper will come from published academic papers, industry publications including white papers and surveys, and industry specialists. It will also include definitions of terms, policy and procedures that affect access points, and current practices regarding rogue APs. A case study will be presented for a fictional enterprise with multiple locations that has standard procedures, policies, and protocols in place, but recent events have questioned their ability to control access points with the discovery of rogue devices hidden in several office locations. Industry warnings about access points span the...
Words: 18577 - Pages: 75
...SUPPORT@ACTIVITYMODE.COM CMGT 442 ENTIRE COURSE Information Systems Risk Management Week 2 Individual Assignment Service Request SR-HT-001 (Huffman Trucking Benefits Election System) Prepare a 3- to 5-page paper describing the considerations necessary to address the possible security requirements and the possible risks associated with the Benefits Elections Systems being requested by the Service Request, SR-HT-001 for Huffman Trucking Company. Week 3 Individual Assignment Security Monitoring Prepare a 3- to 5-page paper describing the security monitoring activities that should be conducted in an organization with both internal IT (payroll, human resources, inventory, general ledger, and so on) and e-commerce (Internet sales and marketing) applications. The paper will include the rationale supporting each monitoring activity you propose and any recommended course of action to be taken when a significant risk is identified. Week 4 Individual Assignment Outsourcing Risks Prepare a 3- to 5-page paper that identifies the possible risks to an organization in each of the following outsourcing situations: a) the use of an external service provider for your data storage; b) the use of an enterprise service provider for processing information systems applications such as a payroll, human resources, or sales order taking; c) the use of a vendor to support your desktop computers; and d) the use of a vendor to provide network support. The paper will include a risk mitigation strategy...
Words: 2578 - Pages: 11
...Week 4 Learning Team Presentation To Buy This material Click below link http://www.uoptutors.com/CMGT-430/CMGT-430-Week-4-Learning-Team-Presentation An enterprise security plan is more than just a list of vulnerabilities and risks. It must present them in a meaningful way along with suggestions for specific steps to mitigate each of the most important vulnerabilities or risk pairs it finds. Your task this week is to produce the basics of that full presentation. Part 1 Compile a full draft of the final Enterprise Security Plan document. This will not be complete, but will have at least a short paragraph about each major section of the paper, including the suggested controls. Use the introduction and conclusion as an executive summary of the entire paper’s content. Research at least eight sources that validate the choices made in the paper. This must go beyond basic definitions. The sources can be changed in the final week, if needed. Format your paper consistent with APA guidelines. Part 2 Create a Microsoft® PowerPoint® presentation on the findings in the Enterprise Security Plan to present to senior management at your chosen organization. Keep the slides uncluttered and concise. Include well-formatted speaker notes for the presentation. Finalize your presentation for the Enterprise Security Plan. The presentation should target senior leadership at the organization and should effectively cover the material in the paper. · No specific number...
Words: 330 - Pages: 2
...DBM 502 Entire Course For more classes visit www.indigohelp.com DBM 502 Individual Assignment: Implementing an Enterprise DBMS DBM 502 Individual Assignment: Comparing Database Software PART 2 OF 2 DBM 502 Individual Assignment: Comparing Database Software PART 1 OF 2 DBM 502 Individual Assignment: Data Dictionary DBM 502 Individual Assignment: Database Security DBM 502 Learning Team Assignment: DBMS Implementation Plan ………………………………………………… DBM 502 Individual Assignment Comparing Database Software PART 1 OF 2 For more classes visit www.indigohelp.com Individual Assignment: Comparing Database Software Create a list of criteria that can be used to compare database software. Create a table that uses the list of criteria to compare and contrast Microsoft® Access, SQL, DB2, and Oracle®. Write a 2- to 3-page paper that discusses Refer to “Standards for Written Work” and “Standards•your results. for Presentations” in your Program Handbook, which can be accessed through the student Web site. ………………………………………………… DBM 502 Individual Assignment Comparing Database Software PART 2 OF 2 For more classes visit www.indigohelp.com Individual Assignment: Comparing Database Software Create a list of criteria that can be used to compare database software. Create a table that uses the list of criteria to compare and contrast Microsoft® Access, SQL, DB2, and Oracle®. Write a 2- to 3-page paper that discusses your results. Refer to “Standards for Written Work...
Words: 537 - Pages: 3
...4.1 Excerpt Executive Summary Framework COBIT 4.1 The IT Governance Institute® The IT Governance Institute (ITGITM) (www.itgi.org) was established in 1998 to advance international thinking and standards in directing and controlling an enterprise’s information technology. Effective IT governance helps ensure that IT supports business goals, optimises business investment in IT, and appropriately manages IT-related risks and opportunities. ITGI offers original research, electronic resources and case studies to assist enterprise leaders and boards of directors in their IT governance responsibilities. Disclaimer ITGI (the “Owner”) has designed and created this publication, titled COBIT® 4.1 (the “Work”), primarily as an educational resource for chief information officers (CIOs), senior management, IT management and control professionals. The Owner makes no claim that use of any of the Work will assure a successful outcome. The Work should not be considered inclusive of any proper information, procedures and tests or exclusive of other information, procedures and tests that are reasonably directed to obtaining the same results. In determining the propriety of any specific information, procedure or test, CIOs, senior management, IT management and control professionals should apply their own professional judgement to the specific circumstances presented by the particular systems or IT environment. Disclosure © 1996-2007 IT Governance Institute. All rights reserved. No part of...
Words: 14485 - Pages: 58
...DBM 502 Entire Course (UOP) For more course tutorials visit www.tutorialrank.com DBM 502 Individual Assignment: Implementing an Enterprise DBMS DBM 502 Individual Assignment: Comparing Database Software PART 2 OF 2 DBM 502 Individual Assignment: Comparing Database Software PART 1 OF 2 DBM 502 Individual Assignment: Data Dictionary DBM 502 Individual Assignment: Database Security DBM 502 Learning Team Assignment: DBMS Implementation Plan ---------------------------------------------------------------------------- DBM 502 Individual Assignment: Comparing Database Software PART 1 OF 2 (UOP) For more course tutorials visit www.tutorialrank.com Individual Assignment: Comparing Database Software Create a list of criteria that can be used to compare database software. Create a table that uses the list of criteria to compare and contrast Microsoft® Access, SQL, DB2, and Oracle®. Write a 2- to 3-page paper that discusses Refer to “Standards for Written Work” and “Standards•your results. for Presentations” in your Program Handbook, which can be accessed through the student Web site. ------------------------------------------------------------------- DBM 502 Individual Assignment: Comparing Database Software PART 2 OF 2 (UOP) For more course tutorials visit www.tutorialrank.com Individual Assignment: Comparing Database Software Create a list of criteria that can be used to compare database software. Create a table that uses the list of criteria to compare...
Words: 548 - Pages: 3
...Information security is always at risk from both external and internal sources attacks, both malicious and naïve. Any information located on a computer, especially one that is utilized by a human being is not one hundred percent secure from malicious activity. A person occupying a computer is more likely to be at risk to be infected with viruses, Trojans, and malicious software. This is because an employee may unaware that his poker playing website contains malicious software that is currently being downloaded onto his work computer. This is where an incident response plan comes into play in case of something like this may come along. The intentions of an incident response plan are to mitigate the damage caused by misappropriation or mistreatment of a corporation's workstations or system assets and to thwart the forfeiture of or impairment to electronic communication assets (UC-Davis, 2001). There are many reasons for using an incident response plan such as how attacks can be handled more efficiently, therefore the loss or damage is reduced. This builds confidence with shareholders and cuts losses to the company’s bottom line, or profit. Information on current standards, hardware, software, and procedures, is enhanced. Since there is a current plan in place the only thing that can happen is that improvements are made to the flow of the steps taken to the incident response team. This will reduce the chaos of responding and everything will run more smoothly boosting...
Words: 1935 - Pages: 8
...Sample Business Information Systems Business Plan Your Name(s) Go Here University of Phoenix BIS 220 June 15, 2014 Table of Contents 1.0 Executive Summary 4 1.1 Mission Statement 4 1.2 The Market 4 1.3 The Offering 5 1.4 Competition 5 1.5 Business Information Systems Resource Requirements 5 1.6 Business Information Systems Key Issues 5 2.0 The Business Information Systems Enterprise 5 2.2 Organization 5 3.0 Business Information Systems Selection 5 3.1 (What are the BIS you selected for your business? Why did you select these BIS systems? (Please provide 5 BIS systems. I.e. Point of Sales, Online ordering, Enterprise Resource Planning (ERP) etc…)) 6 4.0 Networking Technology Selection 6 4.1 (What is/are the networking technology system? Why did you select this/these networking technology systems? (Please provide at least 1 Networking Technology. I.e. Website Hosting (who will host your site), Internet Service Provider (identify bandwidth speed), Wireless capabilities, etc…)) 6 5.0 Business Information Systems and Networking Security Risk and Mitigation 6 5.1 (What are the security risks for the BIS selection?) 7 5.2 (What are the security risks for the Networking Technology selection?) 7 6.0 Business Cost Analysis (OPTIONAL) (BONUS POINTS) 7 6.1 (How much does it cost for the BIS and Networking Technologies you selected for your business?) 7 6.2 (How would you go about in obtaining funding for your business?) 7 6.3 (Provide a One-Year, Two-Year, and...
Words: 832 - Pages: 4