It-244 Week One Security Policy

In: Computers and Technology

Submitted By seanput
Words 360
Pages 2
Introduction to the Information Security Policy
IT/244
01/13/2013
Clive Mighty

Introduction to the Information Security Policy Company 1: The Bloom Design Group is a company that offers interior design services to businesses and individuals throughout the world. Bloom has a corporate office in New York and a second office in Los Angeles. The company’s website features a virtual decorating tool, which offers clients the chance to play with different color and design schemes. This tool allows their clients to get an idea of what a design project would look like once it is completed, before actually making color and design decisions. The website also gives interior designers access to their client files and company style guides, as well as create the ability to electronically process orders for design materials and furniture. The designers use a secure login and a password to gain access to the website and its features. The company's workforce spends all its time working remotely and accessing the corporate network using a secure VPN. An overview of the company: The security goals to be achieved:

An overview of the company:

Bloom Design Group is using a fairly open tool for the customer to see designs and colors in a virtual world. I think that the company is leaving themselves open to attack from outside. The reason I say this, is that in the companies info it said that the workers can access the users account information. To me this would be for a hacker to get from the virtual designs to their account information, this could leave Bloom Design Group open for a large lawsuit. The security goals to be achieved:

First thing to do from a security standpoint would be to keep the information of the users separate from the virtual…...

Similar Documents

Cmgt 441 Week 5 Security Policy

...Security Policy 1. Introduction The McBride Security Policy is intended to protect its digital and physical assets as well as protect the rights and privacy of McBride Financial. This policy details best practices, company guidelines, and regulations which are to be implemented and followed from inside the scope of Information Technology. The security team has created this document to protect users from virus attacks, compromise of network systems, and any legal ramifications that may occur because of this. While responsibility is on IT security to provide these tools, McBride Financial employees must know these guidelines and follow them as they may be held liable for any violation of the contents of this policy. 2. General Use and Ownership 1. All data created by McBride's employees is the property of McBride Financial Services. McBride's data should never be placed on an unauthorized device, moved, altered, deleted, or sold without the consent of IT Security. 2. Employees are required to use good judgment when on the internet. While IT Security has implemented UTM systems to restrict the personal use of internet, employees are still responsible for any rogue executables or malware in which they download from their e-mail. If an employee feels they are visiting a website in which they should not be allowed, they should contact IT security immediately at itsecurity@mcbridefinancial.com immediately. 3. McBride IT Security has the right to......

Words: 792 - Pages: 4

Security Policy

...Riordan Manufacturing Security Policy Smith Systems Consulting has been hired to evaluate and consult on the creation of a new information technology security policy to span the complete enterprise infrastructure. This document will serve as a recommendation for Riordan Manufacturing as it pertains to the enterprise wide information security strategy. Riordan Manufacturing currently has three locations within the United States and one location in Hangzhou, China. All of these locations have been evaluated and are considered part of the enterprise security policy. The review of the current information technology security policy was conducted based on the idea of improvement with respect to current technology trends and best practices. An evaluation of the enterprise infrastructure as a whole, as it pertains to information technology security, was also conducted. These evaluations were the starting point for Smith Systems Consulting to design a security strategy to best fit Riordan Manufacturing. The existing security policy consists of location-based data access to on-site servers and on-site access to Unix servers for ERP and MRP systems. Also, it was evident that there are a number of servers and data to be accessed from different operating systems that are deployed throughout the locations. The management of the existing security strategy is one that requires each individual to be assigned access permissions manually throughout their term of employment. This strategy......

Words: 304 - Pages: 2

Information Security Policy

...students? What are the effects of international trade to GDP, domestic markets and university students?University of Phoenix IT/244 Intro to IT Security Instructor’s Name: Date: 03/25/12 Table of Contents 1. Executive Summary 1 2. Introduction 1 3. Disaster Recovery Plan 1 3.1. Key elements of the Disaster Recovery Plan 1 3.2. Disaster Recovery Test Plan 1 4. Physical Security Policy 1 4.1. Security of the facilities 1 4.1.1. Physical entry controls 1 4.1.2. Security offices, rooms and facilities 1 4.1.3. Isolated delivery and loading areas 2 4.2. Security of the information systems 2 4.2.1. Workplace protection 2 4.2.2. Unused ports and cabling 2 4.2.3. Network/server equipment 2 4.2.4. Equipment maintenance 2 4.2.5. Security of laptops/roaming equipment 2 5. Access Control Policy 2 6. Network Security Policy 3 7. References 3 Executive Summary Due in Week Nine: Write 3 to 4 paragraphs giving a bottom-line summary of the specific measureable goals and objectives of the security plan, which can be implemented to define optimal security architecture for the selected business scenario. This new strategy guide for Bloom Design Group provides a comprehensive strategy for providing a safe and secure work environment. Several new policies and procedures will be implemented as a result of these new ideas. Bloom Design Group will have little trouble in......

Words: 3916 - Pages: 16

Security Policies

...IT Security and Compliance Policy | IS3350/Security Issues; Roger Neveau; 3/12/2013; Mike Taylor, Instructor | This document is the Final Project for IS3350 Security Issues, creating and improving security policies for LenderLive Network | | Table of Contents Introduction2 Risk Analysis2 SWOT Analysis2 Physical Security5 Data Classification6 Regulatory Compliance8 Intellectual Property…………………………………………………………………………………………………………………………….10 Training……………………………………………………………………………………………………………………………………..............11 Security Breach……………………………………………………………………………………………………………………………………..12 Appendix A SWOT Analysis…………………………………………………………………………………………………………………..14 Appendix B Definitions………………………………………………………………………………………………………………………….17 Appendix C Roles…………………………………………………………………………………………………………………………………..18 Works Cited…………………………………………………………………………………………………………………………………………..19 Introduction An effective IT Security policy protects the organization against possible threats to the infrastructure and data that the organization has. It will provide and maintain its ability to provide confidentiality, integrity, availability, and security of the client’s data within the organization’s environment. Overview The IT Security and Compliance policy for LenderLive Network Inc. will detail the policies, procedures, and guidelines that the organization will adhere to, to ensure compliance of the Graham-Leach-Bliley Act (GLBA) and Federal Trade Commission’s Safeguards Rule. It......

Words: 4550 - Pages: 19

Security Policy

...TABLE OF CONTENTS 1. POLICY STATEMENT ..................................................................2 2. ACCESS CONTROL.....................................................................3 4. DOCUMENTED DATA SECURITY POLICY.................................4 1. POLICY STATEMENT It shall be the responsibility of the I.T. Department to provide adequate protection and confidentiality of all corporate data and software systems, whether held centrally, on local storage media, or remotely, to ensure the continued availability of data and programs to all authorized members of staff, and to ensure the integrity of all data and configuration controls. Summary of Main Security Policies 1.1. Confidentiality of all data is to be maintained through discretionary and mandatory access controls, and wherever possible these access controls should meet with C2 class security functionality. 1.2. Access to data on all laptop computers is to be secured through encryption or other means, to provide confidentiality of data in the event of loss or theft of equipment. 1.3. The use of unauthorized software is prohibited. In the event of unauthorized software being discovered it will be removed from the workstation immediately. 1.4. Data may only be transferred for the purposes determined in the corporate data- protection policy. 1.5. All disk drives and removable media from external sources must be virus checked before they are used within the corporation. 1.6. Passwords......

Words: 1364 - Pages: 6

Security Policy

... |MCSD IT Security Plan  | |Type: |MCSD Procedural Plan | |Audience: |MCSD IT Employees and Management | |Approval Authority: |Assistant Superintendent for Technology & Personnel | |Contact: |mail to: bakatsm@marlboroschools.org   | |Status: |Proposed: |January 17, 2010 | | |Approved: |TBA |   [pic] MARLBORO CENTRAL SCHOOL DISTRICT Information Technology Security Plan                  January 17th, 2010 Table of Contents Introduction................................................................................................................ 3 Information Technology Security Safeguards........................................................... 4 Physical Security....................................................................................................... 5 Personnel Security..................................................................................................... 5 Data Communications Security...............

Words: 3526 - Pages: 15

Security Policies and Implementation Week Four Lab

...------------------------------------------------- Sara ------------------------------------------------- 10/11/2014 ------------------------------------------------- Week 4 Laboratory: Part 1 Part 1: Identify Necessary Policies for Business Continuity - BIA & Recovery Time Objectives Learning Objectives and Outcomes Upon completing this lab, students will be able to complete the following tasks: * Identify the major elements of a Business Continuity Plan (BCP) * Align the major elements of a Business Continuity Plan with required policy definitions * Review the results of a qualitative Business Impact Analysis (BIA) for a mock organization * Review the results of defined Recovery Time Objectives (RTOs) for mission-critical business functions and applications * Create a BCP policy defining an organization’s prioritized business functions from the BIA with assigned RTOs Week 4 Lab Part 1: Assessment Worksheet (PART A) Sample Business Impact Analysis for an IT Infrastructure Overview When conducting a BIA, you are trying to assess and align the affected IT systems, applications, and resources to their required recovery time objectives (RTOs). The prioritization of the identified mission-critical business functions will define what IT systems, applications, and resources are impacted. The RTO will drive what type of business continuity and recovery steps are needed to maintain IT operations within the specified......

Words: 1852 - Pages: 8

It 244 Week 9 Final Project Information Security Policy

...In this file of XBIS 219 Week 3 CheckPoint Online Auction you will find the next information: Imagine you recently cleaned out and reorganized your garage and now find yourself with many items in good condition but no longer needed. You are thinking about trying to sell some items on eBay Business - General Business Imagine you recently cleaned out and reorganized your garage and now find yourself with many items in good condition but no longer needed. You are thinking about trying to sell some items on eBay ® but do not know anything about online auctions. Access the eBay ® website at http://www.ebay.com to learn about their online auction system. Click on the Help tab in the upper right and choose Learning Center from the pull down menu. The site offers several tutorials to help prospective sellers and buyers learn about and use the auction system. The recommended tutorials are listed on the left. Most of the tutorials contain links to additional information. Create a PowerPoint Presentation addressing the following components of ebay  You must include the following for full points (worth 5 points each): 1.  Intro slide with title, name and logo of Ebay while using a powerpoint style that is easy to read.  2.  Slide 2: Ebay general information (what is it, some neat facts) 3.  Slide 3: Advantages you think eBay ® offers to small-scale sellers and large-scale sellers. 4.  Slide 4: Disadvantages you think eBay ® offers to......

Words: 377 - Pages: 2

Global Security Policy - Week 5 - Cmgt-400

...Global Security Policy CMGT-400 Monday, May 11, 2015 Vijay Bhaskar Jonnalagadda Global Security Policy Organizations with offices in multiple countries have to strategically implement personnel, logistics, network configurations, and inventory; but they also have to create a security plan to secure these assets to keep their customer, brand integrity, and profits. Some of the issues faced while maintaining security for a company in multiple countries across the globe are personnel, cyber threats, and cloud computing. Managing Human Resources Employees of global organizations and mobile businesses have great challenges while trying to protect sensitive information. Cisco commissioned a third-party market research firm, InsightExpress to conduct a study of IT professionals around the world generating 2000 respondents of end users and IT professionals. They found that employees can put personal and corporate data at risk because of the following (Cisco, 2008): 1. Unauthorized application usage possibly caused company data loss 2. Misuse of corporate computers by sharing with other employees without supervision 3. Unauthorized physical and network access 4. Employees transferring files from work and personal computers when working from home. 5. Employees sharing passwords with co-workers. The organizational structure involves balanced leadership and board diversity. Even though the offices are in multiple locations, the company's structure must......

Words: 948 - Pages: 4

Security Policy

...Medical General Hospital Security Policy Introduction Information is an essential asset and is vitally important to Medical General Hospital business operations and long-term viability. Medical General Hospital must ensure that its information assets are protected in a manner that is cost-effective and that reduces the risk of unauthorized information disclosure, modification, or destruction, whether accidental or intentional. The Medical General Hospital Security Policy will adopt a risk management approach to Information Security. The risk management approach requires the identification, assessment, and appropriate mitigation of vulnerabilities and threats that can adversely impact Medical General Hospital information assets and patient records. Objectives • To keep all private patient files confidential • Allow only doctors and nurses access to private documents of patient • Setup username and passwords for employees • Setup badges for contactors and janitors • To comply with all security measures • To make sure private information about company files are prohibited • To make sure all printed documents that can be a threat to the company are shredded and not thrown in trash. • To make sure all staff shutdown workstation after using at the end of the day • To enforce that Surveillance cameras are monitored 24hrs a day 7days a week • To make sure visitors check in at the front before seeing the patient’s • Protect all data from......

Words: 5676 - Pages: 23

It 244 Week 1 Assignment Introduction to the Information Security Policy

...IT 244 Week 1 Assignment Introduction to the Information Security Policy To Buy This material Click below link http://www.uoptutors.com/IT-244/IT-244-Week-1-Assignment-Introduction-to-the-Information-Security-Policy Select one of the company profiles below to be used for your Information Security Policy 1)     Company 1: The Bloom Design Group is a company that offers interior design services to businesses and individuals throughout the world. Bloom has a corporate office in New York and a second office in Los Angeles. The company’s website features a virtual decorating tool, which offers clients the chance to play with different color and design schemes. This tool allows their clients to get an idea of what a design project would look like once it is completed, before actually making color and design decisions. The website also gives interior designers access to their client files and company style guides, as well as create the ability to electronically process orders for design materials and furniture. The designers use a secure login and a password to gain access to the website and its features. The company’s workforce spends all its time working remotely and accessing the corporate network using a secure VPN. 2)     Company 2: Sunica Music and Movies is a local multimedia chain with four locations. Each store has been acting independently of one another and has difficulty coordinating customer sales from one store to another based on inventory. Because of poor......

Words: 401 - Pages: 2

Outline the Physical Security Policy

...Associate Level Material Appendix E Physical Security Policy Student Name: University of Phoenix IT/244 Intro to IT Security Instructor’s Name: Date: March 11, 2012 Physical Security Policy Due in Week Five: Outline the Physical Security Policy. Merkow and Breithaupt (2006) state, “an often overlooked connection between physical systems (computer hardware) and logical systems (the software that runs on it) is that, in order to protect logical systems, the hardware running them must be physically secure” (p.165). Describe the policies for securing the facilities and the policies of securing the information systems. Outline the controls needed for each category as relates to your selected scenario. These controls may include the following: * Physical controls (such as perimeter security controls, badges, keys and combination locks, cameras, barricades, fencing, security dogs, lighting, and separating the workplace into functional areas) * Technical controls (such as smart cards, audit trails or access logs, intrusion detection, alarm systems, and biometrics) * Environmental or life-safety controls (such as power, fire detection and suppression, heating, ventilation, and air conditioning) Security of the building facilities Physical entry controls Enter your text here Security offices, rooms and facilities Enter your text here Isolated delivery and loading areas Enter your text here Security of the information systems Workplace......

Words: 276 - Pages: 2

Information Security Policy

... Information Security Policy Student Name: Brice Washington Axia College IT/244 Intro to IT Security Instructor’s Name: Professor Smith Date: 11/7/2011 Table of Contents 1. Executive Summary 1 2. Introduction 1 3. Disaster Recovery Plan 1 3.1. Key elements of the Disaster Recovery Plan 1 3.2. Disaster Recovery Test Plan 1 4. Physical Security Policy 1 4.1. Security of the facilities 1 4.1.1. Physical entry controls 1 4.1.2. Security offices, rooms and facilities 1 4.1.3. Isolated delivery and loading areas 2 4.2. Security of the information systems 2 4.2.1. Workplace protection 2 4.2.2. Unused ports and cabling 2 4.2.3. Network/server equipment 2 4.2.4. Equipment maintenance 2 4.2.5. Security of laptops/roaming equipment 2 5. Access Control Policy 2 6. Network Security Policy 3 7. References 3 Executive Summary Due in Week Nine: Write 3 to 4 paragraphs giving a bottom-line summary of the specific measureable goals and objectives of the security plan, which can be implemented to define optimal security architecture for the selected business scenario. With advancements in technology there is a need to constantly protect one’s investments and assets. This is true for any aspect of life. Bloom Design is growing and with that growth we must always be sure to stay on top of protecting ourselves with proper security. For Bloom Design the...

Words: 4226 - Pages: 17

It/244 Week 1

...Student Name: Philip J. McCarthy UNIVERSITY OF PHOENIX IT/244 INTRO TO IT SECURITY Instructor’s Name: JAMES SERSHEN Date: 04/18/2012 1. Introduction Due in Week One: Give an overview of the company and the security goals to be achieved. 1.1. Company overview As relates to your selected scenario, give a brief 100- to 200-word overview of the company. The Company I have chosen is, The Bloom Design Group. The Bloom Design Groups mission is to provide online interior design services to its customers. The company offers their customers interior design services. What sets this company apart from others is that they have a website that allows customers a chance to design and decorate their rooms to their liking in a virtual environment before spending their money. The option provided for their customers is a virtual decorating tool. With this tool customers can play around with various color schemes for each room’s floor and ceilings, as well as customizing furniture as well. Then employees are able to access the corporate network through a VPN collection to access their client files, in order to place electronic orders for the design materials and furniture. 1.2. Security policy overview Of the different types of security policies—program-level, program-framework, Issue-specific, and system-specific—briefly cover which type is appropriate to your selected business scenario and why. Program-Framework security policy is the best overall for this type of company. As The......

Words: 924 - Pages: 4

Security Policy Week 4

...This document is to describe the Information Security requirements of Online Application Services and Application Service Providers that engage in business with McBride Financial Services. This policy applies to any use of Online Loan Applications (OLA) and any outsourcing to Application Service Providers (ASP) by McBride Financial Services, independent of where hosted. The Online Loan Application or Application Service Provider's Sponsor must first establish that its project is an appropriate one for the OLA/ASP model, prior to engaging in any additional infrastructure teams within McBride Financial Services or any external Application Service Providers. The department wanting to use an Online Loan Application or any Application Service Providers service must confirm that the Application Service Providers chosen to host the loan applications of McBride Financial Services complies with this policy. The Business Function to be outsourced must be evaluated against the following. The requester must go through the OLA/ASP engagement process with the Information Security Department to ensure affected parties are properly engaged. In the event that McBride Financial Services data or loan applications are to be manipulated by, or hosted at, any ASP's service, the ASP sponsor must have written, explicit permission from the data/application owners. A copy of this permission must be provided to the Information Security. The information to be hosted by an ASP must fall......

Words: 528 - Pages: 3