Information Security Policy Free Essay Example from StudyTiger

Information Security Policies are a very important part of a company’s protection; these policies are put in place to protect the company and well as the clients. It is important to maintain a constant watch over all security departments daily to ensure that everything is in working order. The policy below is a great way to keep track of the steps needed to protect your company and clients. Romana Aftab 338 deare street 337-256-5555 337-256-5556 Alfred Beals Jr 2011 Information Security Policy * Table of Contents 1.Executive Summary1 2.

Introduction1 3. Disaster Recovery Plan1 3. 1. Key elements of the Disaster Recovery Plan1 3.

2. Disaster Recovery Test Plan1 4. Physical Security Policy1 4. 1. Security of the facilities1 4.

1. 1. Physical entry controls1 4. 1.

2. Security offices, rooms and facilities1 4. 1. 3. Isolated delivery and loading areas2 4.

2. Security of the information systems2 4. 2. 1. Workplace protection2 4.

2. 2. Unused ports and cabling2 4. 2.

3. Network/server equipment2 4. 2. 4. Equipment maintenance2 4. 2.

5.Security of laptops/roaming equipment2 5. Access Control Policy2 6. Network Security Policy3 7. References3 Executive Summary: The Bloom Design Group will take the most extreme measures to protect the integrity of our clients and their information.

We believe in the fact that the customer is our main goal and take full responsibility of your wants and needs. The Bloom Design Group is the choice that you should make if you want the best and quality protection, while receiving on time and professional work for your money.Our company is equipped with the most top of the line anti-theft monitoring system that is a step above the rest. We have a disaster recovery plan that is monitored and updated on a daily basis or as needed for each client. This plan consist of walk-through of mock problems that could happen on any given day, it also has simulations, checklist, parallel testing, and full interruption.

Our risk assessment plan is one of the best in the nation; we look at any and every aspect of a potential problem; internal, external, and environmental risk.The protection that we offer is not limited to just one source; we go above and beyond every situation to protect our customer. We look into unused ports and cabling, network/server equipment, our own equipment maintenance, and security of laptops and other roaming equipment. A person can never be too sure as to how much protection they may need, so we at The Bloom Design Group take it upon ourselves to provide the most adequate protection for you the client and your business. We here at The Bloom Design Group want and appreciate your business, we want to give you the best protection possible.

The work that we do will prove that we are the best choice to make when it comes to a design company. We look forward to serving you and your company in the future and if you may have any questions please feel free to contact us at any time. Introduction: Company Overview: The Bloom Design Group is an up and coming interior design services that offers multi-design themes for clients around the world. The corporate office which is based in New York and handles most of the larger more important clients and a Los Angeles based office which more overseas clients.

Our clients are the most important thing to our business and we want to ensure that we protect each and every bit of information that pertains to the client and what they want for their business. Employees use secure login and a password to gain access to the site in order protect information for clients. Security Policy Overview: Issue-specific would be the most appropriate because the employees of Bloom Design Group focuses on the design and protection of different virtual decoration tools, designs and schemes. As an employee we keep our focus on the issue at hand; that is why issue-specific would be the best way.Security Policy Goals: Confidentiality: What so ever is discussed between the client and our company will be protected with the all concern, we value your business and will do our best to protect you. No information will be handed out to anyone who does not have a password to receive information.

Integrity: We will not give any information, codes, or designs without first checking to make sure that the asking from the information has a valid authentication. This will include but not be limited to a password or confirmation code, no codes, designs, or schemes will leave our office without the person signing for it first.Availability: All information will be stored in our system until further need; it will be backed up by our virus protection to ensure that the information will be in perfect working order when you receive it. If there was to ever be a problem our company has a full recovery system so if something was to happen no information will be lost. All clients will have full access to all information as long as he/she has the proper password or confirmation code. We pride ourselves on providing the best possible service to our clients that we can and we further give our word that you will be fully satisfied.

Disaster Recovery Plan: Risk Assessment: There are many risk that assessments that come into play when it comes to a business, in this cases our risk assessments are centered around the protection of our systems such as; human resources system, interior design system, exterior design system, customer privacy system, and our back-up system. Internal, external, and environmental risks: There are many risks that come with any type of business, it is up to the owners to identify these risks and deal with them in the appropriate way.With any business there will be some type of problem such as loss of business, which is a result of customers not using our services; the more customers that we lose would result in more money spent and less money made hence the loss of assets. There is also the case of fires; no company is completely safe from the threat of fires and depending on the type of fire, and because of this there could be some type of loss of life. This is also possible when there are bad weather, earthquakes, or terrorists attacks. Disaster Recovery Strategy:Of the different types of strategies talked about I think the best way to go in my situation and the business that I am conducting would be a warm site.

A warm site is like a mediator between hot and cold sites and would provide the advantages of both sites in the different ways. Disaster Recovery test Plan: Walk-through: Each member or client will have an employee that is directed to their case; before any steps are taken a meeting will be held to explain the entire step that will be taken to ensure that the customer is happy with the service he/she is getting.Simulations: every design whether it is interior or exterior will have a dry run to ensure that it is correct, when everything is complete all emergence step will be in place and every aspect of the clients business protected. Checklist: this is a mandatory step before any job is complete, every employee must make and complete a checklist of everything that is to be done during and after a job is to take place. Parallel testing: In the event that we change our systems all aterial will be protected and backed up by another system running all the same programs, we will protect all of our clients’ information by any means necessary.

Full interruption: No information will enter the new system until it has been fully tested and deemed ready for service, we will test it and then test is again. No system will be put into operation until all functions come back as (true). Physical Security Policy: Physical entry controls: There are many types of physical controls that can be an effective tool to any business, but this would depend on the type of security you are looking to install.You can install barricades to help keep people in line or to contain some order, there is fencing that can be put in place to keep people out of a certain place, and you can also use cameras to keep a close eye on everything that goes on when you have more than one thing to keep an eye on. Security offices, rooms and facilities: Security offices, rooms and facilities are areas that can be used to monitor and control areas without having to constantly walk around and do every hour. These areas can keep all security monitors, guns, or any other tools needed to keep things in safe working order.

Isolated delivery and loading areas:To ensure that your workers and work areas are safe and secure there should be a designed area that all pick-ups and deliveries should go through, this way you can keep a good account of what comes in and what goes out. Security of the information systems: Workplace protection: Every employee is entitled to be protected when attending work, if your employees can’t feel safe when they’re at work then it could have an effect of the productivity of the job. There should also have proper protection of the working systems in the office so that hackers cannot gain access to personal or private information.Unused ports and cabling: Unused ports and cabling should be maintained closely because if someone figures out that they can access your system from an area that is never used that would give them the perfect chance to harm or steal information. Any new device should have a series of steps to prove that it is just what it says that it is.

Network/server equipment: Network/server equipment should be checked and tested before it is put into service, faulty equipment should never be used on any type of systems. Equipment maintenance:All equipment should be maintenance and maintained on a daily basis or after each shift to ensure that it is in proper working order. Security of laptops/roaming equipment: Laptops and other roaming equipment are a risk to systems because they are not on a set system and in most instances can be accessed from almost anyone depending on what it is being used for. This is an easy way to transfer viruses to other systems by hooking up to unused ports/cables and then releasing the virus or stealing the information. Access Control Policy: Authentication:This is the process by which you determine whether someone or something is exactly who or what they are declaring to be. Authentication is used to protect a user from losing valuable information, files, or money.

Having a password is one of the better and more popular ways of authentication when it comes to protecting personal property. Multifactor authentication is best used when dealing with areas such as banking because it gives you more than one layer of protection. Biometrics is something that would probably be used in more advanced working condition, because it has more at stake to be protected.Single-sign-on allows a user to access something using one name and password that will get them to multiple applications. Access control strategy: Discretionary access control is type of access in which a user has complete control over the entire programs that they own; it also determines the permission that other users have to those files and programs.

The assurance that information is not disclosed to unauthorized individuals, processes, or devices. Confidential information must only be accessed, used copied, or disclosed by users who have been authorized.Least privilege is the process of only allowing user to access certain areas of information, and the information that they access is the only information that they are able to get into. Mandatory access control: This is when only the administrator manages the access control. The administrator defines the usage and access policy, which cannot be modified or changed by users, and the policy, will indicate who has access to which programs and files. Role-based access control: Access decisions are based on the roles that individual users have as part of an organization.

Users take on assigned roles. This process should be based on thorough analysis of how an organization operates and should include input from a wide spectrum of users in an organization. Remote access: This policy defines the methods users can use to connect remotely such as dial up or VPN. It will specify how the dial up will work such as whether the system will call the remote user back, and the authentication method.

Network Security Policy: Data Network overview: The Bloom Design Group is well equipped to handle local as well as long distance design projects.The Local Area Network (LAN) that we use is completely secure; our systems are monitored daily for any viruses or bugs. The Wide Area Network (WAN) is state of the art; our internet system is three times faster and larger than most other companies. The intranet is completely secure and is only accessible with current and up to date login information. In some cases there are certain customers that require extra protection; our extranet will give you that protection while protecting other clients. Authentication: Everyone will have their own authentication code or login information that will access their own personal files.

This password will be something that you should remember and not share with anyone as to avoid lost or stolen data. Access control: No one will have access to any of your files except for the employee working on your case and yourself. There are different types of access that we offer among them are discretionary access control, mandatory access control and role-based access control. We will apply the best access control that will suit your needs and the best that will provide the best protection.

Data confidentiality:All data that is provide to us about your company or for your company will be kept completely confident. We will not provide anyone with your information unless your consent is given to us. Data integrity: Data integrity which consists of all the validity of data or all consistent and correct data, we will do whatever it takes to be completely correct in all the work that we do and ask that you assist us by having all your material consistent with the one that you provide us. Nonrepudiation: We will ensure that any message that you may send or may receive is coming from the person that he/she says they are.We will do our best to protect you from any theft or scams through messages.

Logging and Monitoring: Controlling the bandwidth and traffic to our site to enable our users the privilege of not having to encounter problems when accessing our site; this will help when you are trying to retrieve any files or data for or about your company. Firewall System: Packet-filtering router firewall system: This firewall system looks at five characteristics of a packet; source IP address, source port, destination IP address, destination port, IP protocol.Screened host firewall system: This firewall is often appropriate for pages that are in need of more flexibility than other pages. Screened host firewall combines a pocket-filtering router with application gateway located on the protected subnet. Screened-subnet firewall system: This is to isolate the DMZ and its publicly-accessible resources that come from the intranet, it focuses all external attention on any possible attack on the subnet.

References: www. universityofphoenix. com/axia

Sorry, but downloading text is forbidden on this website. If you need this or any other sample, we can send it to you via email. Please, specify your valid email address

Thank you! How about make it original at only $13.90/page?

HAVEN’T FOUND YOUR TOPIC?

Sorry, but downloading text is forbidden on this website.
If you need this or any other sample, we can send it to you via email.
Please, specify your valid email address

Thank you!
How about make it original at only $13.90/page?