Sample Security Plan: Adventure Works
The following sample security plan was put together by a fictitious company named Adventure Works. Because of the increasing focus on security in the computing world, the company has decided to review security practices and put together a plan to improve those practices. Adventure Works’ needs may differ from your company’s needs, but reading through their plan should give you a good idea of the steps involved in creating a good security plan.
This plan was developed by Matthew, Managing Director of Adventure Works, in cooperation with other key members of the Adventure Works staff.
About Adventure Works
We are a 20-person firm specializing in high-adventure travel packages. Our staff
…show more content…
The remainder are linked by an 802.11g wireless network with an access port. All computers run Windows XP Professional except for the two print servers and two administrative computers, which run Windows 98.
Security
We compared each computer against the checklist in the Security Guide for Small Business. We also ran the MBSA. These actions produced the following results:
• Virus protection: Not present on six computers; not up-to-date on four computers; generally, most users were aware of viruses but were a bit unsure about what they could do to prevent them.
• Spam-filtering software: Many users have begun to complain about spam, but no protection is in place.
• Firewall: We thought the ISP’s router included a firewall, but it doesn’t; so, we don’t have one.
• Updates: All the Windows XP Professional systems are up-to-date because they were automatically checking and downloading updates. However, several installations of Microsoft Office need updating, and the Windows 98 computers are not updated at all.
• Passwords: A random sampling
The clubs last line of defense is the inside security personnel, often referred to as security, or bouncers. Most clubs hire bouncers that are untrained, big intimidating individuals, which thrive on the fact they hold the power to end anyone’s evening. Most bouncers are the first to react to a issue in the club, because they want to be the ones that throw someone out on their head. In reality the true job of the inside
In order to limit exposure, IT administrators should monitor outbound network traffic. When the amount of traffic deviates from normal usage or the number of outbound connections spikes, IT administrators will immediately notice. There are advanced security programs to monitor this, but visually confirming network traffic will prevent sensitive information from being accessed or stolen. Be sure to benchmark and document normal operating statistics.
Information Security Policies are a very important part of a company’s protection; these policies are put in place to protect the company and well as the clients. It is important to maintain a constant watch over all security departments daily to ensure that everything is in working order. The policy below is a great way to keep track of the steps needed to protect your company and clients.
Security policy is a document that contains rules and regulations on how to protect the network and its resources. It covers areas such as password, Internet and E-mail policies, administrative and user responsibilities, disaster recovery and intrusion detection. Effective security policy reduces risks and protects data and information. The aim of security policy is to create a secure organization by protecting the privacy, integrity and accessibility of systems and information, as well as explaining the members how they are responsible for protection of the company’s resources and how important secure communication is for the whole organization. Every security policy should take into consideration the organization’s culture and structure so that it can support productivity without having a negative impact on the members and the organization’s goals. Security policies protect from external threats and reduce internal risks (SANS, 2015).
are talking about. If you know how a computer is basically used, a Windows 95 PC
Select an organization at which you or your team members are employed or an organization of which you are familiar.Describe the process you would use to design, develop, and implement an information security policy for the organization. Identify key policy components, continuous improvement methods, and cite applicable statutory authority.Prepare a 10- to 15-slide Microsoft® PowerPoint® presentation summarizing your Information Security Policy paper.Format your paper and presentation consistent with APA guidelines
Working with security policies at any level of business and industry can be incredibly complex. Here, the research suggests that "developing an IT policy framework from scratch can be very daunting challenge for even the most experienced audit professionals" (ISACA, 2012). A mid sized firm simply does not have the resources or the time to build a network from scratch and have it work seamlessly. Building such networks is extremely costly and requires a great amount of effort, which an insurance agency may not be able to provide. As such, the most effective manner for reestablishing IT policy framework is to utilize something already in place and adjusted in order to fit the unique needs of a particular organization. Drawing from proven designs can help save time and effort in the trial and error process. Looking to external sources, successful strategies for framework can be drawn from the literature.
Education is the foundation for success. This is true in every aspect of life, but within a company employees need to be educated in preventative tactics. Education of how to react to security threats are a great asset in the event of a situation where security is at risk (Beesley, 2013, para. 10). Enforcement of new rules and policies on how to handle “company confidential information, including financial data, personnel and customer information” is needed as well (Beesley, 2013, para. 11).
with 1,000 PCs or more now experience a virus attack every two to three months -
Today business is moving faster than it ever has before. With the Internet and e-commerce, even brick and mortar businesses are now open twenty-four hours a day and seven days a week. However, there are security threats that linger with this new age of business that need to be mitigated. According to a survey by the National Cyber Security Alliance (NCSA) and Symantec, a company that offers security solutions, seventy-seven percent of small businesses believe that they will not fall victim to security issues (Symantec, 2012). Even more alarming is that the survey found that eighty-three percent of these businesses did not have any form of security plan.
A company continuously improves on this document to establish new policies for new assets. However, the company mainly will concentrate on information technology security. Most companies store critical data and information using computers and the company needs to create methods to protect the data from loss or unauthorized access. A security policy will mainly include a breakdown on how the company plans to protect its assets and a plan to educate the staff on the use of the security policy.
Designing a working plan for securing the organization s information assets begins by creating or validating an existing security blueprint for the implementation of needed security controls to protect the information assets. A framework is the outline from which a more detailed blueprint evolves. The blueprint is the basis for the design, selection, and implementation of all subsequent security policies, education and training programs, and technologies. The blueprint provides scaleable, upgradeable, and comprehensive security for the coming years. The blueprint is used to plan the tasks to be accomplished and the order in which
To ensure information security for this organization, a review of the company’s network, information systems and security policies must be conducted. In this report, I will be a security expert for a large insurance company. My job here is to assess the company, revise and reproduce the security policies, identify the risks, threats and vulnerabilities and offer recommendations to ensure protection of the company’s network and assets.
Building a solid foundation for good security requires an IT infrastructure and operating culture that not only safeguards data and minimizes risk, but helps make the business more agile, responsive and transparent. The challenge is striking the right balance between protection, cost and user flexibility. For security teams, a good starting point is to mitigate risk wherever possible. Following some best practice guidelines can help.
The Pure Land should take steps to make the networks and systems strong. There are number of things that are very essential for the safety and security of the company. The company should provide training and development to its employees, use backup and recovery system, use access control, and facilitate vulnerability scanning and management. Here are some of the recommended best practices and standards the company needs to do for the better security: