...Unit 1 Assignment 1: Security Policies Overcoming Business Challenges There are a number of Information Technology security controls. The three most common are: physical, technical, and administrative controls; however, many organizations break down administrative controls into two separate categories: procedural and legal controls. "Security controls are the means of enforcing security policies that reflect the organization's business requirements, " (Johnson). Security controls are implemented to guarantee the information security C-I-A triad. Furthermore, security controls fall into three types of control classifications, they are: preventive, detective and corrective. These classifications are used to specify when a security control applies. Physical Controls are exactly what they sound like, physical obstacles used to prevent or deter access to IS resources. Physical controls can be barriers such as locked doors, requiring some sort of authentication/authorization command to enter, like a cipher lock or keycard. Biometric scanners are also excellent controls to identify and allow access to authorized personnel. Video cameras and closed-circuit television are also examples of physical controls. For organizations requiring extreme security measures, perimeter barriers such as walls or electric fences are used; additionally, security guards fall into the physical controls category. Technical Controls are logical and/or software related controls designed to restrict access...
Words: 470 - Pages: 2
...1. Executive Summary 2 2. Introduction 3 2.1 Company Overview 3 2.2 Security Policy Overview 4 2.3 Security policy goals 4 2.3.1 Confidentiality 4 2.3.2 Integrity 5 2.3.3 Availability 5 3. Disaster Recovery Plan 6 3.1 Risk Assessment 6 3.1.1Critical Business Processes 7 3.1.2 Internal, external, and environmental risks 7 3.2 Disaster Recovery Strategy 8 3.3 Disaster Recovery Test Plan 8 3.3.1 Walk-throughs 8 3.3.2 Simulations 9 3.3.3 Checklists 9 3.3.4 Parallel testing 9 3.3.5 Full interruption 9 4. Physical Security Policy 10 4.1 Security of the building facilities 10 4.1.1Physical entry control 10 4.1.2 Security offices, rooms and facilities 11 4.13.Isolated delivery and loading areas 12 4.2 Security of the information systems 12 4.2.1Workplace protections 12 4.2.2Unused ports and cabling 13 4.2.3 Network/server equipment 13 4.2.4 Equipment maintenance 13 4.2.5 Security of laptops/roaming equipment 13 5. References 14 Executive Summary The objective of this proposal is to present the information security policy created for Bloom Design Group. The issue of a company’s network security continues to be crucial because the results of data loss or significant system failure can be disastrous for a company. An alarming number of companies fail to realize how vulnerable their network is to internal, external, and environmental risks. One of the top priorities of an organization should be maintaining...
Words: 3568 - Pages: 15
...System Security Plan University of Texas Health Science Center School of Public Health Note: This is simply a template for a NIH System Security Plan. You will need to complete, or add content, to many of the sections depending on your specific project with NIH. We have highlighted all the instruction areas in yellow. Please review each section carefully and contact SPH IT Services for any additional details. 1. Information System Name/Title [Enter the name of the system (or systems)] 2. Information System Owner [Enter the name and contact information for the system owner] Derek Drawhorn Asst Dean, Information Technology Services University of Texas Health Science Center Houston School of Public Health 1200 Herman Pressler Suite RAS E-17 Houston, TX 77030 (713) 500-9533 Derek.d.drawhorn@uth.tmc.edu 3. Other Designated Contacts, Including Those with “root” Access. [Enter the names and contact information for any other critical technical or administrative contacts for this system. This should include the IT (policy) director, system administrators, data center contacts, etc] Chris Harvey Asst Director, Information Technology Services University of Texas Health Science Center Houston School of Public Health 1200 Herman Pressler Suite RAS E-17 Houston, TX 77030 (713) 500-9544 Christopher.m.harvey@uth.tmc.edu 4. Assignment of Security Responsibility [Who is responsible for implementing security policy? Enter the name and contact information...
Words: 2842 - Pages: 12
...1.0 Purpose The purpose of this policy is to describe the security requirements for Global Distribution, Inc. (GDI). It is important that GDI protects the confidentiality, integrity and availability of information that is essential for day-to-day business operations. This policy will apply to all information that is electronically stored, received, typed, printed, filmed, and generated. Information technology systems are critical for Global Distribution, Inc. interrelationship between data and operations. GDI’s 3,200 employees and contractors are all responsible for protecting information from being accessed by unauthorized persons, modification, disclosure and destruction. An effective security policy sets the guidelines of an organization’s approach to security. The policy varies from a plan, in that a plan is a call to action, while a policy defines the goals of the plan. 2.0 Acceptable use Policy Global Distribution’s network administrator plans to provide a reasonable level of privacy to it users, but all users must note that all data that is created on the corporate WAN and remote facilities (warehouses) is property of GDI (SANS Institute, 2006). In order to protect the network of GDI, any information or data stored on company devices are subject to management monitoring and therefore confidentiality cannot be guaranteed. An audit of the network can be conducted at anytime to ensure that users are in compliance with policies. It is requires that all employees understand...
Words: 2146 - Pages: 9
...SECURITY POLICY for PIXEL, INC. Table of Contents Abstract 3 Purpose 3 Roles and Responsibilities 4 The policy statement 4 Policies specific to Roles 5 Chief Security Officer (CSO) 5 Chief Information Officer (CIO) 5 Pixel Inc. employees 6 Pixel Inc. Business partners 6 Pixel Clients 6 Risk Management 7 Policy 9 Sensitivity 10 General 11 Network Access 11 Network Equipment 14 Desktop Policy 15 Messaging Policy 16 Server Policy 16 Backup 17 Physical Security 18 Enforcement 20 Appendix 22 References 23 Abstract This paper describes the security policy of a fictitious company called Pixel Inc. The Pixel Inc. is a small business with nearly 100 employees with business focus on multi-media. Due to the nature of business, the company uses varying operating systems such as windows, Mac and Linux systems wired over a gigabit Ethernet networking. The security policy focuses on the securing intellectual property on storage and transportation. The usage policies are also devised for desktops and devices. Purpose The information security is crucial for Pixel Inc. to secure its information technology assets. The security is expected to provide protection from unauthorized access of its intellectual properties, system assets, network equipment’s, customer data and business system information. The policy described here is for implementing security practices across Pixel Inc. in everyday use of the information technology assets...
Words: 3640 - Pages: 15
...their meat pies, pasties and sausage rolls. Nanna’s is also a brand for fruit pies. And for Herbert Adams, it is a brand for its beef pies, pasties and rolls. Creative Gourment is a brand for frozen fruit, berries and desserts. Chefs Pride, it contain a lot of categories, such as IQF fruit, Fruit Coulis, French Crepes and Chocolate Dessert Cups. They are delicate. All in all, the majority of Patties’ product is packaged freezing food, which is available from Coles and Woolworths Supermarket nationally, Internet security is a catch-all term for a very broad issue covering security for transactions made over the Internet. Generally, Internet security encompasses browser security, the security of data entered through a web form, and overall authentication and protection of data sent via Internet protocol (Techopedia 2013). In order to maintain the Internet security, there are two types of measures, which are physical security and logical security. Physical security are...
Words: 2911 - Pages: 12
...Maximum Security in Database Management Maximum Security in Database Management Rackspace Introduction In the current world there people and organization experience un-eventualities and risk of their confidential information. My organization, Rackspace, is a hosting and cloud system organization. For this company it is vital that information is stored in data bases that are run by organizations, locally hosted on personal computers. Intruders can access this information if it is not properly secured. Therefore the purpose of this study is to inform about the current savvy technologies that can be applied to completely thwart intruders from accessing such delicate information within Rackspace. Part 1: Project Identification and Business Environment For this project to go on in a smooth and effective manner different individuals must carry on certain specified task. For Rackspace, this means that every person must hold on to a responsibility to properly and pursue it to the end. Some of the responsibilities are interdepended and other are depended. In case of an interdependent responsibility there will be a proper communicated channel of events that will ensure that information is traversed from one source to another to smoothen up events. Therefore, the following a list of responsible individuals who will implement the process of securing the database of an organization. Company Chief Executive Officer Responsible for overseeing the success of...
Words: 3927 - Pages: 16
...university-managements have put much investment in IT security appliances towards improving system security, (Bichanga & Obara, (2014). Despite continued investment in IT security, there is increased frequency at which security of university information systems are getting breached thus compromising productivity and security of information systems that support teaching, learning, administrative and research activities, (Vacca, 2012). Research studies indicate that to ensure better IT security management, a reliable way of determining security status need to be considered besides heavy investment in security appliances, (Mong'ira, 2011). This is supported by Broadbent (2007),...
Words: 962 - Pages: 4
...Down Load http://www.hwspeed.com/Devry-SEC-360-Final-Exam-04040444251.htm?categoryId=-1 IF You Face Any Problem Then E Mail Us At JOHNMATE1122@GMAIL.COM Question Page 1 Question 1.1. (TCO 1) Security policy contains three kinds of rules as policy clauses. What are they? (Points : 5) Preventive, detective, and responsive Prohibitive, permissive, and mandatory Administrative, technical, and physical Management, technical, and operational Roles, responsibilities, and exemptions Question 2.2. (TCO 2) The _____ of the 17 NIST control _____ can be placed into the 10 IISSCC _____ comprising the common body of knowledge for information security. (Points : 5) technologies, domains, families controls, families, domains domains, families, technologies principles, domains, families controls, domains, principles Question 3.3. (TCO 2) What are the effects of security controls? (Points : 5) Confidentiality, integrity, and availability Administrative, physical, and operational Detection, prevention, and response Management, operational, and technical Question 4.4. (TCO 3) Three of the most important jobs of security management are to ensure _____ are organized according to sensitivity, ensure that roles maintain _____, and to manage _____ because that is the enemy of security. (Points : 5) assets, accountability, software assets, separation of duties, complexity software, separation of duties, complexity software, accountability, people people, separation of duties...
Words: 961 - Pages: 4
...Remote Access Policy Definition NT2580 The requirements for establishing a secure connection between remote locations vary between organizations. The needs of the organization are based on the type of information and data being transferred, as well as the sensitivity of the information. There are several options available to networks to get their data sent securely and reliably. All seven layers of the OSI model must be taken into account when designing secure Remote Access Control Policies. In order to create a secure remote connection between offices in Atlanta, San Francisco, Chicago, and Dallas, a WAN link would be the best type of connection. A dedicated WAN link would offer the organization a secure, reliable, dedicated P2P type of connection. Wide Area Network links would be monitored by the owners of the lines that connect each location. Leased lines from the providers will allow for scalability with potential growth. The downside to this type of connection is the expense and an internet connection is not necessarily provided by the link. In order to add to the security of the network physical and logical access controls are necessary. Logical implementations added to the network will be Acceptable, Email, and Wireless Use policies, Antivirus and firewall software, as well as Extranet, Interconnection, and Host Security. In order to ensure the physical assets, as well as employees, physical security must also be considered. Locked doors, security cards for employees...
Words: 704 - Pages: 3
...Information Security Policy University of Phoenix IT/244 Intro to IT Security Instructor’s Name: Mark Cherry Date: 03/11/2012 * Table of Contents 1. Executive Summary 1 2. Introduction 1 3. Disaster Recovery Plan 1 3.1. Key elements of the Disaster Recovery Plan 1 3.2. Disaster Recovery Test Plan 1 4. Physical Security Policy 1 4.1. Security of the facilities 1 4.1.1. Physical entry controls 1 4.1.2. Security offices, rooms and facilities 1 4.1.3. Isolated delivery and loading areas 2 4.2. Security of the information systems 2 4.2.1. Workplace protection 2 4.2.2. Unused ports and cabling 2 4.2.3. Network/server equipment 2 4.2.4. Equipment maintenance 2 4.2.5. Security of laptops/roaming equipment 2 5. Access Control Policy 2 6. Network Security Policy 3 7. References 3 Executive Summary This plan seeks to provide the best security available while keeping cost at a minimum. The security plan will implement the best software available along with other security measures to keep all information as secure as possible. The plan should be able to provide top notch security measures with the least amount of monitoring and maintenance. The plan should be fully active and available in the least amount of time with the least amount of disruption from day to day business. Project constraints will be mostly likely be in the cost sector, this may delay certain implantation of security measures but should not delay the...
Words: 2076 - Pages: 9
...INFORMATION SECURITY MANAGER Summary: The position of Information Security Manager is a high-level security positions which reports to and performs tasks under the direction of the Chief Information Security Officer (CISO). This is a hands-on management position which requires advanced technical skills, as well as management abilities. The Information Security manager will coordinate the efforts of the Information Security Group, including all staff, technology, projects, and incident response. In addition, this position will provide support across the city, including information technology, personnel, communications, law, and other departments and will identify security initiatives and standards. Direct reports may include technical and support personnel such as Security Analysts, Security Business Analysts, Security Engineers, and Security Administrators. Responsibilities: • Oversee a team of security personnel who safeguard the City’s assets, intellectual property, information systems and the physical security of Information Technology processing facilities. • Coordinate hiring, training, and evaluation of security personnel and the development of education/training programs to ensure appropriate awareness of security policies, procedures, and standards. • Identify protection goals, objectives and metrics consistent with the City’s strategic plan. • Manage the development and implementation of City-wide security policies, standards...
Words: 283 - Pages: 2
...technical, and physical controls introduce a false sense of security?...............3 What are the consequences of not having verification practices?..............................................................3 What can a firm do to bolster confidence in their defense-in-depth strategy?..........................................4 How do these activities relate to best practices? ……………………………………………………………………………………4 How can these activities be used to demonstrate regulatory compliance? …………………………….………………5 References …................................................................................................................................................6 How could administrative, technical, and physical controls introduce a false sense of security? Administrative, Technical, and Physical controls introduce a false sense of security by the indication of what we use to safeguard delicate data and protect individuals’ privacy. Any complex system is prone to inherit a false sense of security. Having a false sense of security is widespread among individuals who own and operate a personal computer within their homes. Nothing is ever really secured. It would be safe to say that something is secured within the terms of information security. [ (Nahn, 2008) ] The idea of purchasing a virus protection suggests that all personal information will be safeguarded and protected, which gives individuals a false sense of security. Additionally, having a false sense of security means that...
Words: 855 - Pages: 4
...INDIVIDUAL PHYSICAL SECURITY Individual Physical Security SEC 410 LaShena Shields 7/21/2013 Physical Security addresses actions to protect buildings, property and assets against intruders. When designing a physical security program, there are three levels that are needed to protect the outer perimeter, inner perimeter and the interior. Implementing two or three forms of security at each level will have an effective physical security system. Companies can elect to use physical security as part of their contingency planning measures. Physical security measures will include perimeter boundaries, surveillance devices, secure entry points and identifications checks, and secure access for internal sensitive areas. The organization might decide to bring in a specialist response team to help with a variety of threats, whether industrial, medical or any security related incident. Regular security checks on locations and materials should be conducted to deter or identify breaches of security, and strong links with external agencies are useful to augment a company’s resources, as well as share risk. Some considerations related to physical security risk management measures follow (Deutsch). Physical perimeter boundaries is a clear delineation between public property and restricted locations is often required to isolated project areas. The use of fences, wire entanglements, concrete bollards, beams, signs and cleared land ( for observation purposes) ensures that private...
Words: 1858 - Pages: 8
...ACCESS CONTROL IN SUPPORT OF INFORMATION SYSTEMS SECURITY TECHNICAL IMPLEMENTATION GUIDE Version 2, Release 2 26 DECEMBER 2008 Developed by DISA for the DoD UNCLASSIFIED Access Control in Support of Information Systems STIG, V2R2 26 December 2008 DISA Field Security Operations Developed by DISA for the DoD This page is intentionally blank. ii UNCLASSIFIED Access Control in Support of Information Systems STIG, V2R2 26 December 2008 DISA Field Security Operations Developed by DISA for the DoD TABLE OF CONTENTS Page SUMMARY OF CHANGES...................................................................................................... IX 1. INTRODUCTION................................................................................................................. 1 1.1 1.2 1.3 1.4 1.5 1.6 1.7 2. Background ..................................................................................................................... 1 Authority ......................................................................................................................... 2 Scope............................................................................................................................... 3 Writing Conventions....................................................................................................... 3 Vulnerability Severity Code Definitions ........................................................................ 4 STIG Distribution .......
Words: 38488 - Pages: 154
