INFO 2411: Foundations of Computer Security
Project 1
07/03/2016
Student Name and SID:
1. Abdulaziz Aljafari – 100299460 ــــــــــــــــــــــــــــــــــ
2. Turki Aljudai – 100298138 ــــــــــــــــــــــــــــــــــ
3. Saud Alotaibi – 100300556 ــــــــــــــــــــــــــــــــــ
I certify that this is my own work yes/no and that I have read and understand the University Assessment regulations. Information Security Policy (ISP) For Star Gold
1. Scope
This Information Security Policy (ISP) for Star Gold applies to all company 's employees and managers.
2. Objectives
To enhance security and protect Star Gold 's business information and to ensure its confidentiality, integrity, and availability. Also to help the
…show more content…
• Computer Misuse Act:
The principle of the computer Misuse Act is to purpaccess to gain information without authorization. Also it can be intentionally access to the system to be involved in a serious crime. Unauthorized deletion or modification of programs can be one of the computer Misuse Act principles.
• Disability Discrimination Act:
The principle of the Disability Discrimination Act is to make sure that disabilities are not accessible to any of the server public resources.
5. Application of the Policy
The company will be able to enforce all the policies by the group Policy and the object of this group is to allows the staff to perform identified configurations for users. Moreover, if there is any breach in the server, it might may damage your server and the first action that you will have to do is to see how this breach happened and then after determining the action find the right way to prevent the breach to not happen again.
6. Acceptable Use Policy
The goal of this policy is to plan the acceptable use of computer equipment at Gold Star, and to protect the company and its employees. The misuse of these rules can lead to risky issues towards the company, such as virus attacks.
a. Passwords policy
Passwords considered to be a very important part to ensure security. Passwords that are weak can lead risky attacks against Star Gold’s sources. Every
Passwords should be designed to prevent them from being discovered by unauthorized persons. All passwords should have at least eight (8) characters. The user-IS should never be used as the password. Words in dictionary, derivates of user-IDs, and common character sequences such as “123456789” should not be employed.
The American with disabilities act was designed to protect individual with a disability and is the nation's first comprehensive civil rights law addressing the needs of people with disabilities, prohibiting discrimination in employment, public services, public accommodations, and telecommunications. (EEOC)
To summarize “Internal use only “data is restricted so anyone not working for the company would not be able to access it. To have access of any company information off site you would need to be assigned company authorization like username and password to logon. We do not want our infrastructure breached by outside threats to the system. This will briefly describe three of the seven domains within the IT infrastructure that are affected by this standard.
internal and external users to whom access to the organization’s network, data or other sensitive
In this lab, many more options were explored with Windows servers. The topics covered were Group Policies and Password Settings Objects. Both of these features of Windows Active Directory allow for very granular settings to be set across the network. These include a wide range of settings that one most likely would not even think of. I have personally worked with both Active Directory and Group Policies quite extensively so neither of these were new topics for me to learn. However, I had never worked with Password Setting Objects before so that was a learning experience. All of these features are useful in any enterprise production network and are highly valuable skills to have.
4. Please be advised that failure to follow this policy can result in possible criminal, and civil sanctions against the company, and it management and employees, and possible disciplinary action against the responsible individuals, and including termination of
C. Permissions and Rights (What they can do. . Which operations they can perform on a system.)
This policy applies to all the employees of XYZ health care who have remote access to the patient’s medical data.
To fully explain the acceptable use policy would mean to begin from the beginning, the user domain. The user domain is the employee or people within an organization who is granted access to the information system for the organization. There are roles and tasks, responsibility, and accountability that go into an acceptable use policy for the user domain. Within the user domain is the access of LAN to Wan, web surfing, and internet. LAN to Wan is the activities between LAN to Wan and firewalls, routers, intrusion, detection, and workstations. Web surfing determines what a user can do on company time with company resources. Internet
All employees, business associates and vendors will be made aware of the security policies set forth in this document that must be carried out until further notified. The security standards set forth to carry out this plan have been trialed and
Each Administrator that is responsible for building servers must adhere to these guidelines. Questions regarding the process should be directed to the Network Services Manager.
This policy applies to all IDI Stakeholders, Committees, Departments, Partners, Employees of IDI (including system support staff with access to privileged administrative passwords), contractual third parties and agents of the Council with any form of access to IDI’s information and information systems.
An acceptable use policy (AUP) is a document specifying restraints and performs that a user must agree to for access to a corporate network or the Internet” (techtarget, 2014, p.1). The purpose for administrations to have AUP is to observe; not overshadowing the facility as share of breaking any rule, not trying to disrupt he security of any computer network or user (techtarget, 2014).
The purpose of this policy is to establish standards for the base configuration of internal server equipment that is owned and/or operated by IHS. Effective implementation of this policy will minimize unauthorized access to IHS proprietary information and technology.
Acceptable Use Policy for Information Technology in the organization ensures that there are no retractions imposed that are contrary to the organizational culture of openness, integrity and trust. This policy governs the organization's internet, intranet, and extranet related systems which includes all computer equipment, software, operating systems, storage media and network accounts, electronic mail, web browsing and TFP.