Whitman, M., & Mattord, H. (2004). Information Security Policy. In Management of information security(Fourth ed., p. 154). Boston, Mass.: Thomson Course…
When specifying security policies for an enterprise, setting security on an individual-by-individual basis provides the tightest and most personalized security. The tradeoff, however, is the increased amount of administration effort in setting up the security and maintaining it on an ongoing basis. You have been brought in as a consultant from Smith Systems Consulting to advise Riordan Manufacturing on what it will take to establish adequate enterprise security policies. You will need to prepare a 3-5 page paper that highlights why they should establish separation of duties via role assignment and how this will provide safeguards to protecting the data in their information systems.…
Main Security Concerns: As a rapidly growing business that primarily utilizes IT resources for intranet company communications between and among a single home office and three satellite offices; internal network access controls and remote employee user’s access controls seem to be of primary importance. Priority number one should be hardening and the safeguarding of access and data integrity of the Oracle database servers housed as the main office in Reston, VA. And separately at the San Diego satellite office A comprehensive security policy will be developed and approved by management that will detail the specific guidelines administrators must follow when allowed admin access to company IT resources and services, and when and how those permissions should be denied or allowed. Additionally, auditing and logging of critical events should be implemented utilizing a reliable SEIM (Security Information and Event Management) system. Moreover, control of user access from remote sites via the company intranet via VPN’s and remote access via RADIUS should be strengthened and monitored for both qualitative and quantitate analysis and measuring. Cryptographic techniques will be enhanced and login and password requirements will be strengthened. Of significant importance is the company web presence and corporate access to its knowledge base portal within the company intranet. The company web presence is of vital importance to allow customers to access information concerning the company’s products and services. The knowledge portal is vital for company employees to have access to propriety information while protecting their confidentiality, integrity, and availability of the data. We will separate and hardened both the web server and the knowledge portal via…
Finally, the system/application domain would require virtual testing of everything before any implementation, hardening of all servers, and keeping up with patches and updates regularly after testing has been completed. Some of the more efficient ways to implement better access controls in a company would start with the proper level of authorization policies including physical controls for facilities. The authorization policy would appropriate entry system access controls that specify what areas are to be locked at all times and what type of locking mechanism should be implemented. It would also include the implementation of secondary locks on specific equipment and storage cabinets…
It is the responsibility of Remote Users to make sure that reasonable measures have been taken to secure the Remote Host used to access Richman IT Resources. This standard applies to all Remote Users of Richman IT Resources including staff, outside contractors, vendors, and other agents. Remote Access Security Standards All Remote Users must follow the security requirements set forth in this standard for any Remote Host accessing IT Resources prior to such access, as well as any guidelines, procedures, or other requirements issued by their departmental IT units and the owners of the IT Resource which are to be remotely accessed. Remote User responsibilities are described below: Remote User Requirements: Remote Users must make sure that their Remote Hosts used to access Richman IT Resources meet all security expectations specified in the End User Guidelines Security prior to accessing any Richman IT…
Riordan is jumping head first into the 21st century and bringing all of the business systems currently used along with it. Those business systems will be upgraded so Riordan can continue to be an industry leader, but the 21st century is a very dangerous place. The world is full of groups of hackers who breach systems for profit, for a cause, or just to prove a point. Hackers were arrested in the Philippines for fraudulently charging AT&T customers and diverting the money to a group linked to Al Qaeda (UPI, 2011). This is one example of the threats that exist in the cyber world; one should not exclude rival companies from the security risks either.…
This report gives a brief description the general security solutions planned for the safety of data and information that belongs to the organization. The outline will provide elements of a multi-layered security plan, and will indicate a general security solution for each of the seven domains of a typical IT infrastructure. Also I will describe a layer of security for each of the seven domains.…
Implementing remote access will allow employees to telecommute which can bring down overhead costs and allow users the flexibility of accessing data outside of the office. In order to protect the data as well as users, audits and access control lists are to be implemented. Access Control allows the identity of the user to determine whether or not they are able to access certain file systems. In order for access control to work properly every user attempting to access the data will need to be entered into the system. Placing passwords on individual files will also provide an added layer of protection.…
Warren Buffet once said, “Price is what you pay. Value is what you get.” With a company that has over five hundred employees, four locations worldwide, and $50 million in annual sales, placing the value on the organization is simple; look at the bottom line and see the profit. This is the situation at Riordan Manufacturing where the price it paid to do business was less than what it made, defining a clear value in what Riordan provides. Riordan’s Sales and Marketing department has a clear value; $50 million is sales to show of it. But how do we show the value for other departments within the organization such as Information Systems (IS) and Information Technology (IT) solutions? While the IS and IT costs and what Riordan pays for it are clear from looking at the financials, the value is not. This brings us to the question of what value does Riordan Manufacturing get out of its IS services and IT department.…
Safety of data and information is a real important aspect of a company. Before we can create an outline for general security solutions we must first define what is needed. I recommend that we use a multi-layered security plan. There are a total of seven domains of an IT infrastructure including user domain, workstation domain, LAN domain, LAN-to-WAN domain, WAN domain, remote access domain, and system/application domain.…
Riordan Manufacturing is a company responsible for producing plastics globally. Some of their products include plastic beverage containers and plastic fan parts. Our team has been asked to put together an executive summary regarding identifying some areas needing improvement, defining the purpose of the project as well as who the key stakeholders are. Below is the review of our findings.…
The advancement in network technology has led to its share of security risks. Attacks against networks, user’s personal information and corporate information have changed how the world deals with network security. The idea of Network Security is no longer an afterthought but the driving force in all network designs. IT managers are now concerned with securing data, ensuring only authorized end users have access to resources, and protecting the integrity of hardware, software and devices.…
Role Based Access Control or RBAC, this will work well with the Non-Discretionary Access Control model, which will be detailed in the next paragraph. RBAC is defined as setting permissions or granting access to a group of people with the same job roles or responsibilities . With many different locations along with many different users it is important to identify the different users and different workstations within this network. Every effort should be dedicated towards preventing user to access information they should not have access to.…
Strategic managers have responsibility to both the employees and stakeholders of the organization. Engaging in strategic management decisions should include ethics and social responsibilities. The expectation of such responsibilities from stakeholders is to fulfill legal and ethical economic decisions.…
As a company grows , changes and new policies are created to fit the fast pace industry that we live in today. And as a part of your IT staff, I 've collected some information that can help the company, with implementing a new policy when it comes with computer use. From legal reasons, virus attacks, to our network systems and services, we all need to be aware and cautious about this as a whole. The material I 'll be covering today will include all of the issues brought up by our CEO, CFO, and General Manager. In addition, an explanation on general use ownership, security and proprietary information, and unacceptable use, will be discussed.…