SantosJoshua_security_plan_week4
.docx
keyboard_arrow_up
School
Hillsborough Community College *
*We aren’t endorsed by this school
Course
2598
Subject
Information Systems
Date
Dec 6, 2023
Type
docx
Pages
10
Uploaded by ElderOxide12578
SnowBe Online
IT
Security Plan
IT Security Plan
V4.
06/26/2022
Table of Contents
1.0
INTRODUCTION (INTENT AND PURPOSE
2.0
SCOPE
3.0
DEFINITIONS
4.0
ROLES & RESPONSIBILITIES
5.0
STATEMENT OF POLICIES, STANDARDS AND PROCEDURES
6.0
EXCEPTION/EXEMPTION
7.0
VERSION TABLE
IT Security Plan
V4.
06/26/2022
1.
Introduction (intent and purpose)
Security plans are important in companies because they help prevent security breaches and can
be used as a reference when a breach occurs. Security plans outline the different parts of the
company that need to be secured, such as you’re building and computers, as well as procedures
for their protection.
With SnowBe Online Security Plan, all company data and vital information are
secured by an array of advanced technologies and procedures. Our team is dedicated to always
protecting your data, helping you ensure the highest level of security for your organization.
2.
Scope
This proposal will ensure all systems used by SnowBe Online conform to the security
requirements laid out in our corporate security policy. It covers all systems used by Snowbe
Online, including their website and the document also includes the technical controls implemented
by the consultant using the NIST 800-53 framework.
The purpose of this document is to ensure all systems used by SnowBe Online conform to the
security requirements laid out in our corporate security policy. It provides detailed information
about any security controls that were implemented during development and identifies them as
either compliant with, or not compliant with, specific policies. This includes all systems used by
SnowBe Online, including their website.
3. Definitions
Audit
This is a powerful way to manage and get insights into your cloud applications, protect
against accidental data loss, and ensure compliance with best practices. With Audit, you
can track who changed a file and when, see which files are shared with external parties
and set policies to prevent sensitive information from leaving the network. Without audit
logs, you would be forced to rely on people’s memories to prove your security posture—
but with audit it's as simple as clicking on any file to see exactly what happened.
IT Treat
IT Threat is a cyber-attack, it can be executed by any hacker as long as they have
access and knowledge of the system. By having access to a connected device, hackers
can figure out ways to steal passwords, private information, and other valuable data that
we hold in our hands.
Privileged access
IT Security Plan
V4.
06/26/2022
Privileged access is where a cybercriminal can gain control over an organization’s
information technology. All too often, privileged users are far less aware of their security
risks, and the threat has become increasingly common as more companies move to
cloud-based solutions for infrastructure.
Authorized User
As an Authorized User, you have the power to secure your organization from cyber
attacks in the simplest and most effective ways: education. With Authorized User, your
employees will benefit by learning how to recognize security threats and apply that
knowledge in everyday life.
Backup
Backup is one of the most important security steps. It ensures that you have an easy and
safe way to recover your information if you lose it in an attack, or something as simple as
a computer crash. It protects your personal data in case something goes wrong, which
might happen frequently with cyber criminals stealing customer information and credit
card info from companies. Many people rely on online backup services such as Dropbox
and Microsoft OneDrive to store their files securely. You can also do it yourself by saving
copies of important files on external drives, CDs or DVDs. Most computer users don’t
back up their data
Multifactor Authentication (MFA)
Multi-factor authentication (MFA) is a method of confirming your identity when you log in
to your account from an unfamiliar computer, phone or tablet. With this feature set up,
you'll use two different proofs of identity to log in: usually a password AND a pin code,
text message or phone call. With two-factor authentication enabled, you are far less
likely to fall victim to phishing and other forms of online fraud.
Least Privilege
Least privilege is a security concept that states that users should have the least amount
of access necessary to perform their job functions. If a business uses least privilege,
they are better able to avoid cybersecurity breaches or other incidents because they do
not expose users to having too much access to sensitive data.
Data Classification
Data classification is a critical security task for most organizations. In fact, the National
Institute of Standards and Technology (NIST) found that data classification affects almost
every aspect of cybersecurity. Data classification creates an organizational framework
that allows employees, users and third parties to understand how sensitive data should
be protected. This makes data classification an integral part of any cybersecurity
solution."
IT Security or Security in IT
IT security is the protection of all data and systems within an organization from both
internal and external threats. This can include physical and logical protection. The
purpose of IT Security is to prevent the loss, misuse, and unauthorized access or
modification of information. To learn more about IT Security visit our page on our website
under IT Security Services.
Updates
IT Security Plan
V4.
06/26/2022
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help