Organization Security Plan - Outline Example

Organization Security Plan Security Policy Framework for the Engineers Aspects of Computer Application Literacy All Members ofthe department of defense must understand the security planning guidelines from the engineering task and from Microsoft for the preparation of the security plan. The department as a whole must be reasonably literate in every technical aspect in order to consider computers as their best security tool. Applying Computer technology as a security tool Unless the department of defense understands different aspects of computer and its applicability, the department may find it a challenge in applying computer and its related technology in its security system. The Departments Network Systems Computing System within the defense department Different department within the defense system have different roles hence different computer aspects will be applied to these different departments within the major defense system. Nonetheless, each office should have a computer with restricted use: i. Desktops: each member of staff has a desktop and a machine that acts as a print server ii. Printers: there are two; one printer fax combo and a high end plotter for general use. Order of Command and Information Sharing Information from lower officers can be accessed in the senior offices when such need arises while information from higher offices and authorities can NEVER be accessed in the lover officer. iii. Servers: there is one server that runs other small servers looking after the internet connection, files, Emails and other security database. iv. Laptop Computers: all directors have a laptop which, are used for storing all security and weapon information for their respective department. v. Internet Connection: there is a 2 mbps cable modem connection The Sever and other computers in the department are linked by certain internet cables while the remainders are connected by an 800.11 g wireless network with an access port. All machines, laptops and other computers run windows XP Professional (Erbschloe, 2005). Data Security Installation of System’s Antivirus After comparing each computer against a check list in a security guide for the department, it is identified that, virus protection was missing on six computers, antivirus was not updated for three computers, many user complained about spam while no protection was in place. Restricting the use of Passwords A random sampling found that many people did not use passwords (International Maritime Organization, 2011). None of the computers were password protected. The department had the insurance people the previous year; thus, the department had ensured a good quality on all doors, alarms and window locks. However, no computer had a serial number etched on the case while the department did not also have a log of the serial numbers. The department faces the risk of email and password cracking by intruders who want to access the weapon information (Vellani, 2007); hence, the use of passwords must be ensured. Security Plan Assessing the Underlying Risks It is vital to assess the underlying risks in the adoption and application of the computer technology within the department of defense. Solutions to the Risks and rolling the Project Upon the assessment of the associated risks and determining specific and serious risks; it is appropriate to provide lasting solution within the intended project. Project’s Efficiency and Effectiveness Software Installations The following software must be installed for the applicability and usage of the computer technology within the defense department for effective information sharing. Install Windows Firewall on the main server and on all computers Install the antivirus software every computer and laptops and enable an automatic update of the antivirus. Organize computers running Office Outlook 2003 which uses an E-mail filtering and installing a spam filtering software on all email servers. Updating the System To ensure effective and efficient application of computer technology within the department of defense, the following must be undertaken: Review all machines to ensure that they are fully updated. The machines should also be set to automatically refresh the updates. Protect information relating to purchase of weapons from unintentional or any unauthorized modification. Ensuring that weapons or arsenals used by the military are listed in documents that are kept secret and accessed only by specific persons accredited by the department. The trusted people with such information should be protected and their moves monitored to prevent sharing of important information with other people. Continuous updates on passwords considering the development of technologies and tools for circumventing previously set security measures. Restore procedure sand review backup. This would ensure that user data is stored on the server or even copied across regularly before reviewing the backups. Daily backups should be implemented and ensuring that a full backup is password protected and encrypted (Hunsicker, 2008). Administrative Actions on the Computer Technology Applications Highlighting Policy Changes to the Management The head of department will update the staff handbook on the new policies including: i. Use of passwords that are regularly updated ii. Satisfactory use of the internet and email iii. Who takes company properties away from the office Management Review the Policy Changes with the Company Attorney After completing the first draft, the directors shall review it together with the company attorney general before rolling it out. This is to ensure that every security and logistic systems applications within the intended computer technology adoption and applications are within the ordinary company policy and management systems. Educating the Users of the Application of the Computer Technology Advantages of Adopting Computer Technology It is worth noting that in most cases, the employees are usually resistive to organization changes; hence, it is vital that they are educated on the significant aspects and advantages of adopting and applying new information or computer technology within the management systems. When other staffs especially junior staffs understand and embrace the intended new information/computer technology, the application of the same will easy and simple. Hence, educating on the advantage of adopting and applying the same is vital. Educating the Staff on the use of different aspect of the intended changes The staff should be introduced to general and specific aspect of the intended change and practical applications. The training should cover areas including: i. Passwords ii. The security importance iii. The prevention of virus iv. Ensuring safe internet browsing v. Updating software and safe operation of systems from a server vi. Introducing the newly enhanced staff policies vii. Identification of means through which attacks penetrate computer systems and cause damages to data. Project Implementation Adware and Software Installation The contracted firm conducts installation in different offices including internet connectivity. Practical Training of the staff on the Application The department expects to give two hours of user training in groups as result of the changes. The training should cover areas including: a. Passwords b. The security importance c. The prevention of virus d. Ensuring safe internet browsing e. Updating software and safe operation of systems from a server f. Introducing the newly enhanced staff policies g. Identification of means through which attacks penetrate computer systems and cause damages to data. Success or Failure Analysis of the Project (Monitoring and Evaluation) Effectiveness and Effectiveness of the Installed Physical and Software The security managers should assess physical, data, as well as all network threats that result from faults in any security system. Departmental Reports on the Effectiveness and Effectiveness of the Change All members of the departments have the responsibility to ensure minimized exploitable weaknesses and vulnerability in all computer assets. Problems related to attacks and their causes will be listed and filed in backup folders or paper files for future references. These Measures will be put in place through board discussions or through a consultation with computer security experts on the steps needed for maintaining high security levels in future (Talbot and Jakeman, 2013). Resources and Budget Installation and Training Resources The approved expenditure is on; a. Purchasing antivirus software b. Installation of software c. Purchasing the security locks and renewing none descript laptop computer bags. d. Checking into an additional backup media Maintenance Resources These include expenditure for purchasing software antivirus and conducting different software updates. The maintenance resources must be factored since without which the effectiveness and efficiency of numerous software may be jeopardized. References Erbschloe, M. (2005). Physical security for IT. Amsterdam: Elsevier Digital Press. Hunsicker, A. (2008). The fine art of executive protection: Handbook for the executive protection officer. Boca Raton, Fla: Universal Pulishers. Talbot, J., & Jakeman, M. (2013). Security risk management body of knowledge. Hoboken, N.J: Wiley. Vellani, K. H. (2007). Strategic security management: A risk assessment guide for decision makers. Burlington, MA: Butterworth-Heinemann. International Maritime Organization. (2011). Company security officer. London: International Maritime Organization. Read More