...SECURITY POLICY TEMPLATE A security policy is the essential basis on which an effective and comprehensive security program can be developed. This critical component is the primary way in which the agency security plan is translated into specific, measurable, and testable goals and objectives. The security policies developed must establish a consistent notion of what is and what is not permitted with respect to control of access to your information resources. They must bond with the business, technical, legal, and regulatory environment of your agency. The following is a recommended outline of the components and characteristics of a security policy template. A sample Acceptable Use Policy using this outline is attached for your reference as Appendix A. Section 1 – Introduction: A purpose should be stated in the introduction section. This should provide the reader with a brief description of what this policy will state and why it is needed. The security stance of your agency should be stated here. Section 2 – Roles and Responsibilities: It is important that the policy detail the specific responsibilities of each identifiable user population, including management, employees and residual parties. Section 3 – Policy Directives: This section describes the specifics of the security policy. It should provide sufficient information to guide the development and implementation of guidelines and specific security procedures. Section 4 – Enforcement, Auditing...
Words: 321 - Pages: 2
...SECURITY POLICY TEMPLATE A security policy is the essential basis on which an effective and comprehensive security program can be developed. This critical component is the primary way in which the agency security plan is translated into specific, measurable, and testable goals and objectives. The security policies developed must establish a consistent notion of what is and what is not permitted with respect to control of access to your information resources. They must bond with the business, technical, legal, and regulatory environment of your agency. The following is a recommended outline of the components and characteristics of a security policy template. A sample Acceptable Use Policy using this outline is attached for your reference as Appendix A. Section 1 – Introduction: A purpose should be stated in the introduction section. This should provide the reader with a brief description of what this policy will state and why it is needed. The security stance of your agency should be stated here. Section 2 – Roles and Responsibilities: It is important that the policy detail the specific responsibilities of each identifiable user population, including management, employees and residual parties. Section 3 – Policy Directives: This section describes the specifics of the security policy. It should provide sufficient information to guide the development and implementation of guidelines and specific security procedures. Section 4 – Enforcement, Auditing...
Words: 321 - Pages: 2
...CMIT320 Security Policy Paper Week 3 Table of Contents Introduction: GDI background and given problem……………………………………… 1 Important Assets…………………………………………………………………………. 2 Security Architecture for GDI…………………………………………………………… 3 Twenty Possible Security Policies………………………………………………………. 4 Details and Rationale of the Twenty Security Policies………………………………….. 5 Twelve Security Policies that should be Applied to GDI……………………………….. 6 Conclusion……………………………………………………………………………..… 7 References……………………………………………………………………………….. 8 Outline I. Introduction a. Briefly discuss the background of GDI. b. Also, discuss about the given problem of the IT security, infrastructure, cost, etc. II. Discuss the important assets of the company that need protection c. Asset identification: “Identity and quantify the company’s assets” (Meyers, 2009, p. 215) i. Important assets include: 1. Computer network equipment (Meyers, 2009, p. 215) 2. Data (Meyers, 2009, p. 215) 3. Servers, printers 4. Routers, firewalls, switches, wireless devices, etc. d. Access control methods: sensitivity, integrity, availability (Meyers, 2009, p. 157). e. Risk and threat assessment: “Identify and access the possible security vulnerabilities and threats” (Meyers, 2009, p. 215). f. Identify solutions and countermeasures: “Identify a cost-effective solution to protect assets” (Meyers, 2009, p. 215)...
Words: 573 - Pages: 3
...Department of Defense (DoD) Ready The task is establish security policies for my firm of approximately 390 employees and make them Department of Defense (DoD) compliant. To achieve this goal, a list of compliance laws must be compiled to make sure we me the standard. I will outline the controls placed on the computing devices that are being utilized by company employees. I will develop a plan for implementation of the new security policy. The task of creating a security policy to make my firm DoD complaint starts with knowing what laws to become complaint with. There an array of laws to adhere to, but I have listed the majors laws that the firm must comply with. The following is a list of laws that the firm must become complaint with Defense Federal Acquisition Regulation Supplement (DFARS). The DFARS contains requirements of law, DoD-wide policies, delegations of FAR authorities, deviations from FAR requirements, and policies/procedures that have a significant effect on the public (DPAP, 2014). The following is a list of standards for handling unclassified DoD information retrieved from Hogan Lovells website (2016). • prohibiting the posting of any DOD information on websites unless they are restricted to users that provide user ID/password, digital certificate, or similar credentials • using the “best level of security and privacy available” for transmissions of any DOD information transmitted via email, text messaging, and similar technologies; • transmitting...
Words: 2282 - Pages: 10
...Project Part 1 Task 1: Outline Security Policy Scenario To stay competitive in the financial institution market, the First World Bank Savings and Loan wishes to provide all banking services online to its customers. These services also include the online use of credit cards for loan applications. The organization estimates over $100,000,000 a year in online credit card transactions for loan applications and other banking services. A task team has been formed to study the cost, performance, and security of maintaining a Linux and open source infrastructure. According to rough estimates, annual cost savings in licensing fees alone can be up to $4,000,000. At the same time, the confidentiality, integrity, and availability (CIA) triad perspective needs to be taken into account for infrastructure maintenance. The task team has engaged a network engineer with the network and routing design. The team has determined the following server services that would be needed to support the online transaction infrastructure: * A database server * A Web server * A file server * A Simple Mail Transfer Protocol (SMTP) server * A Lightweight Directory Access Protocol (LDAP) server All servers would be physically located in a third-party data center. Tasks You need to: Understand the business need of First World Bank Savings and Loan. Point out specific legislation and regulations that meet the statutory compliance criteria. Assess the feasibility of Linux and open...
Words: 780 - Pages: 4
...sections of an Information Security Policy. Final Project Timeline You should budget your time wisely and work on your project throughout the course. As outlined below, the assignments in the course are designed to assist you in creating your final project Information Security Policy. If you complete your course activities and use the feedback provided by the instructor, you will be on the right track to successfully complete your final project of creating an Information Security Policy. □ Week One: Introduction Review the two company profiles provided in your syllabus and select the one you will use for your final project company. You design the Information Security Policy for this company throughout the course. Once you have decided which company you are using, it may not be changed; therefore, considerable thought should be put into this decision. Next, decide which type of information security policy—program-level, program-framework, issue-specific, or system-specific—is appropriate for your final project company. Assignment: Final Project Information Security Policy: Introduction Complete and submit Appendix C. Note. Section 1 Introduction of Appendix C corresponds to Section 2 of Appendix B in the final compilation due in Week Nine. In completing Appendix C, provide an overview of your final project company, describe the type of security policy that is appropriate for your scenario, and explain your security goals in terms of confidentiality...
Words: 899 - Pages: 4
...Question 3 Which of the following is a weakness that allows a threat to be realized or to have an effect on an asset? Answer Risk Threat Vulnerability Downtime 2.5 points Question 4 In which domain of a typical IT infrastructure do service level agreements (SLAs) figure prominently? Answer LAN LAN-to-WAN WAN Remote Access 2.5 points Question 5 Which domain of a typical IT infrastructure includes cabling, servers, and wireless access points? Answer User Workstation LAN Remote Access 2.5 points Question 6 An AUP is part of a layered approach to security and it supports confidentiality. What else supports confidentiality? Answer Threat monitoring Vulnerability assessments Data classification standards Security awareness policies 2.5 points Question 7 Which law requires all types of financial institutions to protect customers' private financial information? Answer GLBA SOX FISMA CIPA 2.5 points Question 8 Which of the following is any weakness in a system that makes it possible for a threat to cause it harm? Answer Risk Backdoor Vulnerability Exploit 2.5 points Question 9 What is a characteristic of VoIP? Answer Uses the same physical network as data Offers economy of scale Both...
Words: 1036 - Pages: 5
...Performing a Vulnerability Assessment 3 Enabling Windows Active Directory and User Access Controls 4 Using Group Policy Objects and Microsoft Baseline Security Analyzer for Change Control 5 Performing Packet Capture and Traffic Analysis 6 Implementing a Business Continuity Plan 7 Using Encryption to Enhance Confidentiality and Integrity 8 Performing a Web Site and Database Attack by Exploiting Identified Vulnerabilities 9 Eliminating Threats with a Layered Security Approach 10 Impementing an Information Systems Security Policy# Lab Title 1 Performing Reconnaissance and Probing using Common Tools 2 Performing a Vulnerability Assessment 3 Enabling Windows Active Directory and User Access Controls 4 Using Group Policy Objects and Microsoft Baseline Security Analyzer for Change Control 5 Performing Packet Capture and Traffic Analysis 6 Implementing a Business Continuity Plan 7 Using Encryption to Enhance Confidentiality and Integrity 8 Performing a Web Site and Database Attack by Exploiting Identified Vulnerabilities 9 Eliminating Threats with a Layered Security Approach 10 Impementing an Information Systems Security Policy# Lab Title 1 Performing Reconnaissance and Probing using Common Tools 2 Performing a Vulnerability Assessment 3 Enabling Windows Active Directory and User Access Controls 4 Using Group Policy Objects and Microsoft Baseline Security Analyzer for Change Control 5 Performing Packet Capture and Traffic Analysis 6 Implementing a Business Continuity...
Words: 426 - Pages: 2
...SA SERIES SSL VPN APPLIANCES PRODUCT LINE PRESENTATION Submitted by: RADIUS Consulting Ghana Limited AGENDA 1. SSL VPN Market Overview 2. SSL VPN Use Cases 3. Access Control and AAA 4. End-to-End Security 5. Junos Pulse 6. Secure Meeting 7. Business Continuity with SSL VPN 8. Hardware, Management and High Availability 2 www.radiusconsultingghana.com Copyright © 2010 Juniper Networks, Inc. www.juniper.net BUSINESS CHALLENGE: GRANT ACCESS VS. ENFORCE SECURITY Maximize Productivity with Access... Allow partner access to applications (Extranet portal) Increase employee productivity by providing anytime, anywhere access (Intranet, E-mail, terminal services) …While Enforcing Strict Security Allow access only to necessary applications and resources for certain users Mitigate risks from unmanaged endpoints Customize experience and access for diverse user groups (partners, suppliers, employees) Enable provisional workers (contractors, outsourcing) Enforce consistent security policy Support myriad of devices (smartphones, laptops, kiosks) …And the Solution Must Achieve Positive ROI Minimize initial CAPEX costs Lower ongoing administrative and support OPEX costs 3 www.radiusconsultingghana.com Copyright © 2010 Juniper Networks, Inc. www.juniper.net THE SOLUTION: JUNIPER NETWORKS SA SERIES SSL VPN APPLIANCES Mobile User – Cafe Secure SSL access to remote users from any device or location Easy access from Web-browsers – no client software to manage...
Words: 3503 - Pages: 15
...electrical disturbances, and hardware failures. LAN-to-WAN Domain Solutions Effective logical access control starts with defining system-specific security policies that clearly and concisely state what protection mechanisms are to be enforced in order to achieve security requirements for a system. Thus the security policies are formalized by security models and implemented by security mechanisms providing access controls that minimize both internal and external threats. Some of the controls that could be used after a sound security policy is in place are: Encryption of data Multi-Protocol Label Switching Implementing a proxy server for remote services Use of firewalls Protocol implementation IP address rules Port filtering Adding a DMZ for anonymous users Using Dual-Homed ISP connections in case the primary ISP fails Using an IDS & IPS Data leakage security appliances Web-content filtering Traffic monitoring devices LAN-to-WAN configuration Change management (to avoid unauthorized changes to the network infrastructure) Secured location of critical LAN-to-WAN devices FCAPS for network management Network Access Control (NAC) defining requirements for accessing the network Redundant routers and firewalls to avoid bottlenecks in the network Backup and Recovery policies and solutions Use of VPNs for remote access Load-balancing techniques Use of...
Words: 271 - Pages: 2
...1 CMGT 244 Week #2 DQ 2 CMGT 244 Week #2 DQ 3 CMGT 244 Week #2 DQ 4 CMGT 244 Week #2 DQ 5 WEEK 3 CMGT 244 Week #3 DQ 1 CMGT 244 Week #3 DQ 2 CMGT 244 Week #3 DQ 3 CMGT 244 Week #3 DQ 4 CMGT 244 Week #3 DQ 5 WEEK 4 CMGT 244 Week #4 DQ 1 CMGT 244 Week #4 DQ 2 CMGT 244 Week #4 DQ 3 CMGT 244 Week #4 DQ 4 WEEK 5 CMGT 244 Week #5 DQ 1 CMGT 244 Week #5 DQ 2 CMGT 244 Week #5 DQ 3 CMGT 244 Week #5 DQ 4 CMGT 244 Week 1 DQs CMGT 244 Week 2 DQs CMGT 244 Week 2 Assignment CMGT 244 Week 3 DQs CMGT 244 Week 3 Assignment Establishing a Secure Computer Room CMGT 244 Week 4 DQs CMGT 244 Week 4 Assignment Intro to OSI Model CMGT 244 Week 5 DQs CMGT 244 Week 5 Final Project Information Security Policy for the Bloom Design Group Paper CMGT 244 Week 5 Information Security Policy for the Bloom Design Group Presentation PPT A++ graded !! CMGT 244 ENTIRE COURSE http://www.homeworkproviders.com/shop/cmgt-244-entire-course/ CMGT 244 ENTIRE COURSE Product Description CMGT 244 Week #1 DQ 1 CMGT 244 Week #1 DQ 2 CMGT 244 Week #1 DQ 3 CMGT 244 Week #1 DQ 4 CMGT 244 Week #1 DQ 5 CMGT 244 Week #1 DQ 6 WEEK 2 CMGT 244 Week #2 DQ 1 CMGT 244 Week #2 DQ 2 CMGT 244 Week #2 DQ 3 CMGT 244 Week #2 DQ 4 CMGT 244 Week #2 DQ 5 WEEK 3 CMGT 244 Week #3 DQ 1 CMGT 244 Week #3 DQ 2 CMGT 244 Week #3 DQ 3 CMGT 244 Week #3 DQ 4 CMGT 244 Week #3 DQ 5 WEEK 4 CMGT...
Words: 532 - Pages: 3
...Information Security Policy Gennie Diamond Axia College of University of Phoenix IT/244 – Intro to IT Security October 10, 2010 Executive Summary The goals of this information security policy will be to state the principles and guidelines for protecting the confidentiality, integrity, and availability of sensitive information and resources for XYZ Energy. This policy will set forth requirements for securing the network’s confidential information and data communications infrastructure, in addition to defining detailed policies in the areas of physical security, access control, and network security. Assumptions of the security plan defines physical security at each site for the environment around the network including entry control at each facility, the need and responsibilities of security staff, and issues around security in common areas. Information system security defines workplace protection and guidelines for storage, protection, and maintenance of hardware and network equipment. Access control policies address user enrollment and all network access privileges, along with identification and authentication process policies. Finally, network policies are defined for granting and managing network access while still protecting sensitive company data. Project constraints can include, but are not limited to, availability of resources needed to provide appropriate security for each defined security goal; time restraints for meeting these goals;...
Words: 1790 - Pages: 8
...244 Week #2 DQ 2 CMGT 244 Week #2 DQ 3 CMGT 244 Week #2 DQ 4 CMGT 244 Week #2 DQ 5 WEEK 3 CMGT 244 Week #3 DQ 1 CMGT 244 Week #3 DQ 2 CMGT 244 Week #3 DQ 3 CMGT 244 Week #3 DQ 4 CMGT 244 Week #3 DQ 5 WEEK 4 CMGT 244 Week #4 DQ 1 CMGT 244 Week #4 DQ 2 CMGT 244 Week #4 DQ 3 CMGT 244 Week #4 DQ 4 WEEK 5 CMGT 244 Week #5 DQ 1 CMGT 244 Week #5 DQ 2 CMGT 244 Week #5 DQ 3 CMGT 244 Week #5 DQ 4 CMGT 244 Week 1 DQs CMGT 244 Week 2 DQs CMGT 244 Week 2 Assignment CMGT 244 Week 3 DQs CMGT 244 Week 3 Assignment Establishing a Secure Computer Room CMGT 244 Week 4 DQs CMGT 244 Week 4 Assignment Intro to OSI Model CMGT 244 Week 5 DQs CMGT 244 Week 5 Final Project Information Security Policy for the Bloom Design Group Paper CMGT 244 Week 5 Information Security Policy for the Bloom Design Group Presentation PPT A++ graded !! CMGT 244 ENTIRE COURSE http://www.homeworkproviders.com/shop/cmgt-244-entire-course/ CMGT 244 ENTIRE COURSE Product Description CMGT 244 Week #1 DQ 1 CMGT 244 Week #1 DQ 2 CMGT 244 Week #1 DQ 3 CMGT 244 Week #1 DQ 4 CMGT 244 Week #1 DQ 5 CMGT 244 Week #1 DQ 6 WEEK 2 CMGT 244 Week #2 DQ 1 CMGT 244 Week #2 DQ 2 CMGT 244 Week #2 DQ 3 CMGT 244 Week #2 DQ 4 CMGT 244 Week #2 DQ 5 WEEK 3 CMGT 244 Week #3 DQ 1 CMGT 244 Week #3 DQ 2 CMGT 244 Week #3 DQ 3 CMGT 244 Week #3 DQ 4 CMGT 244 Week #3 DQ 5 WEEK 4 CMGT 244 Week #4 DQ 1 CMGT 244 Week #4 DQ 2 CMGT 244 Week...
Words: 522 - Pages: 3
...Essay Designing a Security Strategy Geo-Probe Inc. (GPI) 20 years in business, a company with constant growth and success. GPI provides construction management, engineering design, programming and environmental planning, and other A-E projects in support of a, industry, different government and commercial clients. GPI has 300 employees and ten branch office locations. GPI has many computers and network device attach to their network like any other business. Here is GPI Current network topology. Computer networked devices and peripheral is most overlooked and common security threat to corporate assets. (Darb, 2010). Multifunction copiers and digital devices are very intelligent machines complete with their OS, hard drives, and supportive subsystems (Darb, 2010). Every time you scan, copy or faxed something the image is stay behind on the system device. When employees scan a file documents to a server or any other source from a multifunction copiers may also not knowingly sending files across the network unprotected (Posey, 2008). The data is at risk as much as getting hacked from outside. Geo-Probe Inc. purchases innovative multifunction devices because they can consolidate multiple copiers into a single device (Posey, 2008). Also, these multifunction devices deliver cost saving in printing services, and maintenance. However, these devices poses security threat and fall in the radar screen of IT department security strategies (Posey, 2008). From a network standpoint GPI...
Words: 857 - Pages: 4
...Our Company Network Security Plan Developed August 2010 Andre Bryant Table of Contents Security Threats and Risks 3 Types of Threats 3 Mitigation Strategies 3 Security Policies 3 Physical Access 3 Data Access 3 Security Laws 3 Law 1: 3 Law 2: 4 Law 3: 4 Disaster Recovery 4 Backup Policies 4 Testing 4 Security Threats and Risks Types of Threats • Trojan Horses • Viruses • Hackers Mitigation Strategies • Firewalls • VPN access and protocols • Strong Technology policy with strict accountability Security Policies Physical Access Technology policy will allow the IT assign identification numbers to each employee. These numbers will assign access to each employee as well as track employee internet usage. This will also allow restriction to certain sites that are not filtered by the system. Data Access All traffic will be filtered through the firewall. We will also implement a network usage list that will let all users know what areas are restricted (hp.com). Security Laws Law 1: As part of our company’s network security policy, we are requiring the use of IMAP exclusively. IMAP and SMTP must be routed through a firewall (hp.com). Law 2: No trafficking or usage of copyrighted or restricted files or software. The penalty for violation of this policy could result in immediate termination (klariti.com). Law 3: ...
Words: 319 - Pages: 2