Twohands Corporation Network Security Policy - Case Study Example

TwoHands Corporation network security policy al Affiliation TwoHands Corporation Network Security Policy Introduction The TwoHands Corporation has been in the business of developing, producing, and marketing specialized gloves used in waste disposal and other safety-related applications. It also embodies a research laboratory which develops the gloves’ designs and coatings, warehouses and several factories in the different parts of the country. These gloves that the company produces are sold both through the wholesale and retail outlets. As the businesses expanded both in size and products, automation was introduced into the corporation through the introduction of computers which were used in all the aspects of the business including purchasing, accounting and payroll systems. This has been carried out both in the headquarters, the research laboratory and in the branches. Each information system used was supported by isolated computers which were later turned into servers for personal computers used by the employees through a connection of the LAN. Most of the corporations’ activities were done through backward means and has not favored them when compared to their competitors. Before the internet was integrated into its operations, its factory had a single computer which managed all the information about the factory likewise to the warehouses. The research lab had a single LAN which connected the computing server to each scientist’s personal computer. Most of these operations were remote and had not kept in touch with the growth in information technology. Once the corporation came to this realization, of the effective use of the internet and information technologies, it has been faced with a lot of challenges and problems that have needed the key services of information technologist. Among these challenges included: Their need to use the VPN technology in order to enable them cut on their monthly cost in communication. The need to compete effectively with their competitors in terms of cost. This required them to embrace the use of information technology to help cut down on some of the operational costs. The need to connect their enterprise network to the Internet to enable them use emails for communications instead of phones and faxes. The use of emails proved to be much cheaper and efficient. The need for using a web server to advertise their products in order to bring in more orders. More customers preferred the use of websites in issuing orders rather than making phone calls or sending mails. The corporations current composition consists of a series of servers and personal computers connected to the internet. These are present at the headquarters, the research laboratory, the corporation’s factories, the warehouses and the branches. It consists of a web Farm at its headquarters that hosts the web server; the email server; the FTP server and other relevant and needed web services. At the headquarters, it also has are a series of departments LAN’s each with a database server. Through these database servers, the corporation is able to carry out all its operation, integrated with each other; managing of the purchase of materials; processing of customer orders; accounting performance; managing of the human resource and the payroll, inventory and all the other relevant operations. The web servers, at the headquarters, also provides host to the e-business web interface which is meant to interact with the order processing application server hosted in the order processing department. At the research lab, all these have been replicated though with fewer departments. All these IT operations within the corporation cannot be run without an effective network security policy. This is highly required in order to safeguard the resources of the organization. With all these developments in information technology, the corporation had not taken network security into consideration when they designed the entire system. A network security would come in hand to curtain these gains and help improve the efficiencies and effectiveness of these systems. Computer security, a term that has been used to define the protection usually afforded to automated information systems in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of the information system resources, is a prerequisite for the organization in order to protect its resources both from the internal and external threats (Bejtlich, 2013). The computer security would in the case of this corporation help in a myriad of ways key among them; Protection of the organizations valuable resources; these would include its information, hardware, and software. Through the selection and application of the appropriate safeguards, security would enhance the organizations mission by protecting its physical and financial resources, reputation, legal position, employees, and other tangible and intangible assets. These security measures are often put in place to protect important assets and support the overall organizational mission (Bejtlich, 2013). Generation of monetary and nonmonetary benefits related and unrelated; investing in the appropriate security measures would result into higher financial gains to the organization. Security measures, if put in place, would help for instance the organization in reducing the frequency and severity of computer security-related losses. Other measures would help in thwarting potential hackers and reduce the frequency of disastrous computer viruses. Elimination of such kinds of threats and risks would go a long way in reducing the unfavorable publicity of the corporation and increase the morale and productivity of its workers (Bejtlich, 2013). The security framework of the corporation The security framework of the corporation would be administered in several ways, through the introduction of access controls, computer systems security, the use of firewalls, intrusion detection mechanisms and various network audits. The file system of the numerous corporations database would be protected and physical security offered in the workstations and to the several server locations (Nemati, 2008). A sensitivity assessment carried out at the initiation stage of developing a security framework revealing the sensitivity of the various information processed by the organization would form a vital background in the development stage of this framework. The organization, as mentioned before, deals with a couple of departments including the purchasing and order processing department, the accounting department, the order processing department, the human resource department and the inventory management department. These demarcations are used to offset certain levels of access depending on areas of specialization and the management levels of individuals (Nemati, 2008). Developing of the security plan requires the determination of security requirements relating to; Technical features such as access controls Assurances i.e. background checks and Operational practices involving awareness and training These requirements are matched with the specifications in producing a coherent security framework which is then tasted before accreditation (Rodstein, 2007). The security framework in place is subjected to all the users in the system to ensure proper running of the corporations operations and keeping the potential threats and risks at a bare minimum. While operating in this environment there needs to be checks and balances with the security plan being modified continuously by the addition of hardware and software. The various security activities involved in the security operations and administration would involve performing of backups, holding of training classes, keeping up with the user administration and access privileges and updating of the security software. It should also be ensured that the system is operated according to its designed security requirements relating to both the users of the system and the functioning of the technical controls. Network audits and monitoring should be carried out regularly to help maintain the operation assurances of the security plans. This can be successfully carried out by using automated tools, internal control audits, and development of security checklists and/or by penetration testing (Whitman & Mattord, 2012). The general principles to be applied in the design, implementation and use of these security measures, universally accepted would include: Accountability; making explicit the responsibilities and accountability of the owners of the corporations, providers and users of information systems and other parties Ethics; the Information security systems should be applied in such a manner that the rights and legitimate interest of others are respected. Awareness; this should be created among the owners, providers, the network users and other parties so that they are ready to conform with the security measures and maintain them, willing to gain the appropriate knowledge about their existence and extent of their operations. This is important for the security of the information systems Multidisciplinary; in designing and addressing the security measures, all the relevant considerations and viewpoints of the corporation should be taken into account. Integration; the information systems and measures should be coordinated and integrated with the practices and procedures of the organization so as to create a coherent system of security. Proportionality; the security levels, their costs, measures to be implemented and the respective practices and procedures are to be appropriate and proportionate to the value and degree of reliance on the information systems and to the severity, probability and extent of potential harm Reassessment; this should be carried out periodically to the security of information systems as these vary over time. Timeliness; the management and the information systems department should act in a timely coordinated manner to help prevent and to respond to the various breaches of security of the information systems. Democracy; this should be enhanced to ensure the legitimate use and flow of data and information within the organization. These principles act as a guide to the designers and the prospective users of the networks put in place and should be applied as a whole, pragmatically and reasonably (Frye, 2007). Reference Bejtlich, R. (2013). The practice of network security monitoring: Understanding incident detection and response. Frye, D. W. (2007). Network security policies and procedures. (Springer e-books.) New York: Springer. Nemati, H. R. (2008). Information security and ethics: Concepts, methodologies, tools and applications. Hershey PA: Information Science Reference. Rodstein, R. (2007). Securing Microsoft Terminal Services. Eastbourne: Gardners Books. Whitman, M. E., & Mattord, H. J. (2012). Principles of information security. Boston, MA: Course Technology. Read More