SOBOTA TECHNOLOGIES, INC.
INFORMATION SECURITY PLAN
Walsh College
BIT 580 Business Case Study
Table of Contents
Introduction………………………………………………………………………………………..3
Business Goals…………………………………………………………………………………….3
Technology Mission……………………………………………………………………………….3
Corporate Assets…………………………………………………………………………………..4
Threats……………………………………………………………………………………………..4
Policies: Acceptable Use…………………………………………………………………………5 Physical Security………………………………………………………………………..6 Security Awareness Program…………………………………………………………...6 Password Protection…………………………………………………………………….7
Environment……………………………………………………………………………………….8
Equipment…………………………………………………………………………………………8
Misuse
…show more content…
Research and develop new services to provide to their customers
Technology Mission
Sobota will utilize the following tips to help develop goals for their network security plan:
• Focus on return on value rather than return on investment
• Never assume that network attacks are coming from outsiders
• Work with others to develop and roll out security strategies
• Finding the right balance between security and usability
Corporate Assets
Sobota will achieve and maintain appropriate protection of their assets and ensure that information receives an appropriate level of protection by asking themselves the following questions:
• What are our digital assets?
• What are they worth?
• Where do our assets reside?
• Who has access to our assets and why?
• Is access of these assets extended to business partners and customers?
• How is the access to these assets controlled?
Threats
Our managers face a range of threats and consequences for security failures including financial loss, civil liability and criminal liability. Threats can come in many forms including physical probing, invalid input, and linkage of multiple operations. In order to limit these types of threats, Sobota will comply with the following organizational security objectives: audit, information leakage, and risk analysis. A risk analysis will identify portions of Sobota’s network, assign a threat rating to each portion, and apply the appropriate level of security. They will
Risk assessment and threat assessment should go hand-in-hand.The outcome of the risk assessment and threat assessment should provide recommendations that maximize the protection of confidentiality, integrity and availability while still providing functionality and usability. The purpose of a risk assessment is to ensure sensitive data and valuable assets are protected. An organization should take a hard look at who has access to sensitive data and if those accesses are required. The security audit should monitor the companies systems and users to detect illicit activity.The security audit should
Without an Internal Audit Group to shepherd the IT's activities and guarantee that they stay agreeable with the security administration systems to which the association has submitted, the presentation of danger could be intemperate and a genuine risk to the fruitful operation of the association. The Audit's presentation and Compliance Framework denote a noteworthy change in the Office's audit hones. Further, it reasoned that the presentation of the graduated danger based methodology has met global principles and speak to best work on, bringing about a viable and effective audit
The framework of security policy is defined to construct a structure by the help of which policy gaps can be identified in an easy manner. A system specific policy would assist to ensure that all employees and management comply with the policies. This is also used to maintain the confidentiality for user authentication would assist in the confidentiality aspect of security, maintain integrity (There are several limiting rules or constraints which are distinct in the relational data model and whose work is to maintain the data’s accuracy and maintain its integrity.), availability and authenticity of the system. Access controls are a collection of mechanisms that work together to create security architecture to protect the assets of an information system. One of the goals of access control is personal accountability, which is the mechanism that proves someone performed a computer activity at a specific point in time. So, the framework acts as the guideline
In today’s IT world every organization has a responsibility to protect the information and sensitive data they have. Protecting data is not only responsibility of security and IT staff but every individual is involved in protecting the information. The risks to information security are not digital only, but it involves technology, people and process that an organization may have. These threats may represent the problems that are associated to complex and expensive solution, but doing nothing about these risks is not the solution.
In order to diminish both security and privacy risks to organizations, measures need to be taken to combat risks throughout the various stages of the threat’s life cycle. Specific processes must be implemented to identify threats, procedures to follow when the attack occurs, and finally methods to recover from the attack (Houlding, 2011).
“Security programs are aimed at creating an appreciation and understanding of the Security Department’s objectives as they relate to the specific industry they serve” (Sennewald, 2013). Businesses come in all different sizes, some big some small. Businesses need a plan to ensure assets, personnel, and facilities are protected and this plan must be actively in place. Security programs provide businesses with the framework needed to keep a business or company at the security level needed to operate. This can be done in numerous ways. Assessing the risks involved, lessening the gravity of those risks, and keeping the security program and the security practices updated are just to name a few. In this core assessment paper, I will identify an actual organizational security program, conduct
Before I plan for security, I will ensure that the suitable officials are assigned to security responsibilities, continue reviewing the security system controls in their information systems, and authorize the system processing before the operations. These management responsibilities are believed to have responsible agency officials that understand the risks and other factors that could affect the mission. Additionally, these officials must also understand the current status position of their security program and the security controls that protect their information and the information systems that makes investments that mitigate the risk to an acceptable level. The objective is to conduct a day-to-day operation and to accomplish missions with adequate security, including the increase of harm resulting from unauthorized access, modification, disruption, usage, or disclosure of information. The key element of FISMA Implementation Project, NIST developed a Risk Management Framework which will bring all of the FISMA related guidance and security standards to promote developmental comprehension and balance information security programs by different agencies.
As we discussed previously, this document includes our recommendations for just a few of the security policies that would be useful for your organization. These recommendations are written in a form that will be approved by you and your management and are intended to demonstrate what is needed, not how the policies will be implemented. Procedural documents which will provide step-by-step directions on the implementation of the policies will follow the approval.
Threat modeling is the process of optimizing an organizations’ security of their network by finding vulnerabilities in that system, and then deploying countermeasures to protect against those threats should they happen in the future. If a company wants to know what vulnerabilities they may have then threat modeling is an excellent way of determining these threats. An individual threat is when an event occurs that has a negative impact on an organization’s daily operations. (Rouse, 2006). These negative impacts can manifest themselves in many ways from damaging the reputation of that organization to interrupting the functions of that organization. These threats can be in the form of destruction or stealing sensitive data, cracking of weak passwords, malware, phishing, or other scams and frauds. The goal of this paper is to address how the organizations code of ethics and security policies apply, what specific security policies can be deployed, and to identify the impact of asset security standards and governance. I chose Northrop Grumman as the focus of my paper
Abstract – Software Security is the need of the hour today, especially when we have so many of our day to day activities depending upon computers, internet and software’s. These technologies are of utmost importance even for the most basic activities like banking, trading, shopping, social media and communication, which uses different software tools to provide service to users all around the world. Migrating to this tech world has made it a necessity to provide a high quality of software with equally good security. Systems nowadays like a banking system deals with highly sensitive personal information, so providing software security is as much important as the development of the software. The course project required us to develop a secure banking system which helped us to learn about the various software security tools and the get knowledge regarding the current trends in the field, what can be the possible attack vectors , attack patterns and how to mitigate their effects and defend the system against various such factors.
This document provides the overall framework within which the security of information will be maintained and promoted across ABC Corporation.
The purpose of this risk evaluation is to assess the security of my company’s computer system. This assessment will be a representation of its operational environment. It will be addressing any risks, threats, or vulnerabilities being posed to the system. This risk assessment will measure the confidentiality, integrity, and availability of the system.
In the Workstation Domain security controls are one of the biggest challenges. Physical security threats are concerns associated more with attackers who gain physical access to the premises. The attackers can cause physical destruction of equipment or sabotage the equipment. The attacker can sabotage the system if the attacker has sufficient knowledge of the system, such as a former employee, and gains access to the system and then renders the system unusable, or deletes and changes information.
Safety of information is the most valuable asset in any organization particular those who provide financial service to others. Threats can come from a variety of sources such as human threats, natural disasters and technical threats. By identifying the potential threats to the network, security measure can be taken to combat these threats, eliminate them or reduce the likelihood and impact if they should occur.