Due in Week Nine: Write 3 to 4 paragraphs giving a bottom-line summary of the specific measureable goals and objectives of the security plan, which can be implemented to define optimal security architecture for the selected business scenario. The objective of the Security Policy is to provide the basis of a secure information system within the Bloom Design Group. This policy will protect the information system from threats that exist in nature as well as disasters that exist from humans. The policy will also give consideration to the privacy, reputation, intellectual property and productivity of Bloom Design Group.
The efficient operation of this company is dependent on being able to access and use resources within the building and being able to remote access with security. Each employees responsibility must be considered and appropriate access will be given to ensure that information is shared only with those who have the authority to have it. This policy will ensure the adherence to the Bloom Design Group policies but also with any government regulations. By limiting the access to certain groups of users, the security policy will guard against misuse of data and information.
All processes that are within the system will be aligned with the policy and executed automatically to ensure that the policy is effectively protecting the information and resources in a continuous manner. Any disruptions or security risks will be dealt with immediately and automatically by means of the system software that has been established and configured for these purposes. 3. Introduction Due in Week One: Give an overview of the company and the security goals to be achieved. 3. 1. Company overview As relates to your selected scenario, give a brief 100- to 200-word overview of the company.
The Bloom Design Group is an interior design business that offers services to clients globally. There is a corporate office in New York and a secondary office located in Los Angeles. The group’s website allows clients a virtual decorating tool, where they are able to get an idea of the design and color scheme they would like to see and how it may look after the design is completed. This is a great tool to aid the client in making decisions, backed up by consultation by experienced interior designers as well.
The designers are able to access their client files and style guides utilized by the company. The designers will also be able to process orders for materials and furniture when accessing the website. Access is gained by a secure login and password. The employees and designers of this company conduct most of their business remotely and access the network via a secure VPN. 3. 2. Security policy overview Of the different types of security policies—program-level, program-framework, issue-specific, and system-specific—briefly cover which type is appropriate to your selected business scenario and why.
For The Bloom Design Group, a program-framework policy would be appropriate. The corporate office would set the security policy as it pertains to network usage. The program-framework policy would cover the WAN, the entire organization would be covered by it and all decisions related to how data is accessed by the workforce. This would require an acceptable use policy, which pertains to all areas of access including remote access, authorized data retrieval and retention, and connections within the WAN. 3. 3. Security policy goals
As applies to your selected scenario, explain how the confidentiality, integrity, and availability principles of information security will be addressed by the information security policy. 3. 3. 1. Confidentiality Briefly explain how the policy will protect information. Using the program-framework policy will help in making it possible that only those with authorized access to the company’s data will be the ones doing so. VPN technology will be utilized for these individuals and devices only. These will continue their privileges as long as the policy is complied with.
The VPN will be maintained so as to minimize risk of unauthorized access, keep user and data confidentiality as much as possible over the internet, ensure the reliability of the company’s system as well as those systems of the authorized users of the network. 3. 3. 2. Integrity Give a brief overview of how the policy will provide rules for authentication and verification. Include a description of formal methods and system transactions. The program-framework policy will maintain the data and keep it secure, reliable, and free from corruption.
The policy will keep unauthorized users from gaining, retaining, modifying, or deleting data of the company by means of firewalls, encryptions, and anti-spyware or anti malware tools. The VPN will be secured with using a tool that provides encryption and user authentication. Intrusion detection tools will also help protect the VPN. 3. 3. 3. Availability Briefly describe how the policy will address system back-up and recovery, access control, and quality of service. The program framework policy will maintain that authorized individuals, users, and systems will have access to information in its original format and at all times.
The IT department will keep the business continuity plan up to date and and secure it in such case that there is a need for it due to emergencies. The company will create a business impact analysis which will evaluate risks to the company’s data and systems will be ready to be used for recovery of data if needed. A disaster recovery plan will also be created with step by step implementation to ensure recovery and continuation of business operations in the event recovery is needed due to loss.
A risk analysis will be created to further identify and take steps to secure the company’s data. Full cooperation from each department and the administration of the company is needed for these plans to be effective. Training will be conducted in order to ensure that all are compliant to the plan. (Merkow & Breithaupt, 2006). 4. Disaster Recovery Plan Due in Week Three: For your selected scenario, describe the key elements of the Disaster Recovery Plan to be used in case of a disaster and the plan for testing the DRP. 4. 1. Risk Assessment 4. 1. 1.
Critical business processes List the mission-critical business systems and services that must be protected by the DRP. The Bloom Design Group has the need of protecting their general support systems. These are the mission-critical systems and services to be concerned with. They are related to network connectivity, access to the internet and various resources through applications that will rest on the network that will aid in the daily productivity of the company. The following list of systems is includes the assets that must be protected by this plan.