Social Marketing, Sustainability and Racism in Australia - Essay Example

Running head: Security plan for batteries + business Security Plan for Batteries + Business Affiliation December 2009 Table of ContentsTable of Contents 2 Abstract/Executive Summery 5 1- Business Background 6 2- Scope 6 3- Security Plan responsible person 7 3.1 Batteries+ IT Security Officer 7 3.2 Batteries+ IT Security Manager 8 3.3 Notification 8 4- Unit Plans 8 4.1 Requirements 8 4.2 Mandatory Topics 9 4.2.1 Plan Title 9 4.2.2 Plan Scope 9 4.2.3 Responsible Personnel 9 4.2.4 Host and User Identification 10 4.2.6 Management Responsibility 10 4.2.7 Optional Topics 10 5- Critical Resources 10 6- IS technology Security Initiative 11 7- Servers Security 13 7.1- General 13 7.2 Official Information Servers 14 7.3 Support Servers 14 8- Web based System Security 15 8.1- General 15 8.2- Domain name Registration 16 8.3- Security initiatives 16 9- Data Management and Security 16 9.1 Classification 16 9.2- Security initiatives 17 10- Password Security 18 11- Internet usage Security 18 12- Security violation reporting security 18 13- Remote access Security 19 14- Physical Security 19 15- Laptop security 20 16- Generic Security management 20 16.1- General 20 16.2- Classification 21 16.3- Security initiatives 21 17- Corporate Security plan influence areas 22 18- Business Continuity Plan 23 19- Conclusion 24 20- Bibliography 24 Abstract/Executive Summery Illegal entry to a network can be catastrophic for an organization. Therefore, it is imperative that organization takes account of their network for security threats and for this hire a security expert who guides the management on how to secure organization’s network and protect important data and information in best ways. In addition, it is yet vital and significant to maintain exceptional security in a networked structure. Because one PC can have many points of entry and can be used in a wrong way, on the other hand, a computer network has numerous points of entry. In place of just one or two users, carrying out tasks on one or two computers, organization has many workers working on a network at one time. While the network expands more than just computers will be connected to that network; however, it is necessary to manage additional servers, a variety of peripherals, and mobile devices (Ray, 2004, p. 80). The security management can involve the handling and implementation of the security measures for the securing of network and corporate business information. In this modern age the IT security and its management has turned out to be a main subject of discussion. The IT security issues are emerged with the emergence of new type of IT and network technologies. Corporate IT and network security is a complex area and new businesses, individuals and corporation are paying more attention on this paradigm. Organization and business presently are facing lot of IT and network technology assaults like hackers attack, viruses, data theft, etc. Curtin (1997) outlines that IT and network security can be defined as the set of procedures a business or individual can take or apply to protect their network computer system (s), as well as it is a major concern for every person or business that uses computers (Curtin, 1998). Kaminsky (2009) states that in case of the compromised IT security some data and network hackers or competitor can gain access to business sensitive or critical data, that probably consequential in business destruction or data loss (Kaminsky, 2009). This report is a security plan for the business of the Batteries+. In this security plan based report I will outline main security initiative which we will apply for the management and handling of the Batteries+ business and IT security. 1- Business Background Batteries+ is a global organization that purchases as well as develops batteries/battery systems. This main business area of the Batteries+ is around the distribution of batteries and battery systems to approximately 2000 retails outlet stores all through the country. The business head office is located at the Bismarck, North Dakota. At the present, business has no security plan and requires establishment of some security plan and business data and information safety initiatives. The business is having a lot of customers ranging from simple outlet customer to special US military departments. The business information and data is emerging with continuous evolution. Business has also a web based platform for the advertisement and promotion of business products and new promotions. In case of any business network security attack the overall corporate data and information have no effective security management criteria. The business has HR, Accounting, S/W Development, R&D, Marketing, Facilities and IT departments. In case of business security management we need to establish a vital business security policy that offers effective business management and handling. 2- Scope The information security measures help in the betterment of Batteries+ organizational security and general working. In business of Batteries+, managerial success is often measured by effectiveness, such as whether objectives are accomplished or not, but it can also be expressed in terms of achieving a certain result (Herold, 2009; Nash, 2000; Ray, 2004). 2.1-The management of Batteries+ aims to secure the business network and implement a more secure working and operational environment for the business operations. 2.2- The business of Batteries+ desires to secure the all departments operational information network and desires to establish a better and enhanced network access level. 2.3- Batteries+ wants to make the overall business a more standardized according to global business network security standards. 2.4- Batteries+ business involves some secrete (army battery) supplies that require extensive business network security infrastructure implementation. 2.5- The new business security plan will offer better business information and corporate data security. 2.6- The new information security plan will offer better management and handling of the corporate business through foolproof security system 3- Security Plan responsible person 3.1 Batteries+ IT Security Officer The IT manager and corporate CIO will be the Batteries+’s IT security officers. These two persons will handle and offer the support regarding the corporate security policy establishment, approval and implementation. 3.2 Batteries+ IT Security Manager After the establishment of the new IT security policy we will designate the new IT security manager who will handle, manage and control the overall corporate business data, information and management process. 3.3 Notification After the establishment of the Batteries+ IT security plans each department (HR, Accounting, S/W Development, R&D, Marketing, Support Units, Facilities and IT) will report and notify the main IT security manager and IT security officers. In case of any new development and modifications in to the IT security policy the IT management will send the notification to each of the lower department. 4- Unit Plans 4.1 Requirements The main requirements of the unit security plan are to assess the each department’s security areas and main needed security aspects. The fundamental needs assessment will be done by each departments (HR, Accounting, S/W Development, R&D, Marketing, Support Units, Facilities and IT) IT manager. The department based security assessment report will offer detailed overview of the main department working, data needs, operational requirements, and sensitive information. 4.2 Mandatory Topics The main department information such as sales, actions, customer information will be the main business mandatory information. The business deals, customer information and operational plans are the main business mandatory topics. The effective security management of these areas is really essential. Mainly the business deals and business with government and military are the main business sensitive area. The information hiding and military deals management are also main security management areas of the unit based mandatory topics. 4.2.1 Plan Title Each department will deliver the plan with its departmental plan title that demonstrates the department IT security plan needs and requirements. 4.2.2 Plan Scope Unit security plan will address all the basic business security and fundamental scope areas. Here we will address the main security concerns regarding each business departments and functions. This will facilitate regarding the overall development of the business security plan and defining its main influence and functional areas. 4.2.3 Responsible Personnel In each business department unit IT security officer will address the main security aspects and criteria regarding the department based security needs. 4.2.4 Host and User Identification In the business security plan implementation for the Batteries+ business will address all the hosts and users in each corporate department. Here we will define the main security and system working rights. In this way we will assign rights to each user of the network in the Batteries+ business. 4.2.6 Management Responsibility In the unit based security policy implementation the fundamental needs will be addressed for the main business working and operational security aspects. Here main responsibility of the management regarding the effective handling and management of the IT security policy is to fully support and offer a better business operational security management. 4.2.7 Optional Topics Here any department can present details about any optional topics in the business security management. We need to assess main business needs as well as optional areas those also need additional concentration, like data recovery security. 5- Critical Resources In Batteries+ IT security policy establishment we need to define the main security related critical resources. In the Batteries+ business IT infrastructure encompasses a comprehensive business alliance with more than 2000 retail outlet stores across the country as well as army based products supping chain. In this overall infrastructure the business needs to define the main critical resources those need to be protected for the enhanced business management and handling. The critical resources in the Batteries+ can include business customer information, business retailers, government agencies information and sales record, internal deals, actions data, future business policies and competitors’ management data. The business possesses some fundamental hardware and software resources. The protection or safety of the business hardware and software resources is also a fundamental aspect of the Batterers+ business information security management. Therefore, we need to manage software as well as physical security aspects. In this way we can implement effective business information security. 6- IS technology Security Initiative The Batteries+ business security management can involve the handling and implementation of various security measures for the security of the business IT and inter-departmental structure. In coming section I will outline some security initiatives that will be taken or implemented regarding the Batteries+ business IT and corporate network security management and handling. 6.1- Network security policy: In management and implementation of the Batteries+ business IT security management the main initiative is about the business can be regarding the development of network security policy that is helpful in the effective management of any network security problem or difficulty. This security initiative can be used by medium to large scale corporate (Bogazici, 2009). 6.2- Passwords: Maintain record of passwords. Define who is responsible for keeping the passwords and what they are. The passwords should not be default, however change them (Ray, 2004). 6.3- Antivirus software packages: This is the most common and effective network security management initiative that can offer effective handling and management of the Batteries+ business IT and network security through the use of antivirus software systems. It will be used by all Batteries+ business departments structures (Fleishman, 2009). 6.4- Secure network infrastructure: The effective security management of the Batteries+ network routers, switches, data servers, hardware and software features that maintain safe network and data connectivity, network perimeter safety, identity services, intrusion protection as well as other protection management steps (Curtin, 1998). 6.5- Data encryption: Hiding the Batteries+ business data into non-readable or interpretable format using various data encryption techniques. In the technique we hide the vital business data for the transmission and storage to protect it from outside security attacks (Brenton & Hunt, 2002; Nash, 2000). 6.6- Virtual private networks: In more recent network security management facility that can offer Batteries+ business network access control as well as data encryption among two diverse computers on a personal or corporate network. This permits remote employees to link to network without the danger of a data and information thief and hacker or intercepting data (CISCO, 2009). 6.7- Identity services: Implementation of these services at Batteries+ business network facilitates in recognizing the users as well as their actions and dealings on the network. These identity services comprise digital certificates, passwords as well as digital verification keys (Kaminsky, 2009). 6.8- Network Firewalls: The use of firewall at the Batteries+ business network is the most favorable choice for the protection of the network from the outer security attacks. In this security management system we can block the unauthorized and un-favorable network intrusions and accesses (cert, 2009). 7- Servers Security 7.1- General The business of the Batteries+ is a huge business and needs to store a huge business information and data. Therefore, the business needs several data servers. The security management of each business server needs to be effectively maintained. In this business we have business departments HR, Accounting, S/W Development, R&D, Marketing, Facilities and IT. The effective security management and handling of each department data server is really necessary. In this scenario we will establish a separate data server for the business department. This data sever will be operational under the main head office data server. In the overall infrastructure the business needs to establish vital security management aspects on each area of the business. In case of the security management of the business data servers we will establish a data server firewall system. This will protect the general server through the following security techniques: Antivirus software packages Secure network infrastructure Data encryption Virtual private networks Identity services Network Firewalls 7.2 Official Information Servers The Batteries+ business also offers a great deal of services through the web based platform. In this business dealing platform the corporate data presented on the web is operational through the web data server. The official business information is also obtainable through the business information server that is located at the head office data server. The business data management through the officinal information servers requires excellent business security management. Therefore, the business needs to implement a very strict business security policy because the official data servers are keeping all business information. For the effective management of the office server security we will use the following network security techniques: Identity services Network Firewalls Antivirus software packages Secure network infrastructure Data encryption 7.3 Support Servers In the huge business structure of the Batteries+ there is also a need for the establishment of the support servers. These servers will facilitate during the time of any breakdown. These servers will record the business main data and provide in case of any business network breakdown. The business support server will also offer support regarding business recovery process in case of any data disaster. This will be a main initiative in offering the business data security. The support server is most significant part of ensuring the corporate security in case of any disaster; we will take following actions regarding the effective management of the corporate data: Identity services Network Firewalls Antivirus software packages Secure network infrastructure Data encryption 8- Web based System Security Batteries+ business has also a web based information system for the effective business promotion and for communication purposes. The business contains DMZ that is used for both the web server and the email server. The web based business website is protected through the encryption techniques and this protection is done in a way that all contacts outside the DMZ are encrypted. Also, all communication within the R&D unit is encrypted. However, this web based structure is still lacking some effective security management parameters. The new security and organizational business management policy will offer the effective security handing to this corporate resource also. 8.1- General In general business infrastructure we are having mainly security management of the Batteries+ business data and information. Here we have web based data server that is handling all the online business traffic. In case of any problem the business data traffic can stop and business can face a huge damage, so there is a vital need for the business web based platforms management. 8.2- Domain name Registration Like business trade mark the Batteries+ business web based domain name is also a business resource and its effective protection is also necessary. For the effective domain name registration we need to register according to proper way of domain name registration. We will pay proper fee to online ISP (internet service providers) regarding the effective management of the business domain name security. 8.3- Security initiatives For Batteries+ online business website security we will take initiative like establishment of powerful antivirus, network firewall and effective encryption technology. All these steps will offer better management and handling of web based platform of the Batteries+ business. 9- Data Management and Security 9.1 Classification The business of Batteries+ contains different type of business data. This data belongs to different departments and management areas. In case of effective business data security management we initially need to classify it into an appropriate way. This classification will offer a better overview to the business security management and its handling will be effective. After the analysis of the Batteries+ business I have classified the business data into following categories: Employees record Resource and development records Marketing data Management decision reports Customer records Sales records Corporate plans Operational projects data 9.2- Security initiatives For the better management of the above given corporate data we need to protect that data in an effective way. Here we will implement various security management techniques regarding the better management of the business data: Password security: For accessing any data and information from the business we will establish an effective password based security system. In this way only authorized persons will have the authority to access the business data. Network firewall and password based security systems will protect the business data from the outer hacking and virus based security attacks. Then the main security initiative we will take is regarding the establishment of a VPN (virtual private network). This virtual private network will only be accessible inside the business premises and open to the authorized business workers. 10- Password Security In establishment of password based security we will offer the user to log in into the system resource using appropriate user name and password. This password will never be shared among users and this username and password will be distinct from other system users. In case of password problem like theft or forgot user can request to the business IT security officer to issues a new user name and password to user and block the pervious one. The password can be changed or updated by the user according to his convince and desire. 11- Internet usage Security The web based security issues need to be effectively addressed. In this scenario we will offer web based data access to higher management and business marketing staff. This web based data and information accessing will be based on the proper use of authentication services such as user name and password. The web based illegible access can also be restricted though the usage of anti spy software. These systems are able to detect any outside intrusion and notify the system user regarding the external attacks. 12- Security violation reporting security In the management of the security of the Batteries+ business we will establish an effective security violation reporting criteria. In case of any outside or inside security violation the respective department will report to the security officer and explain the whole situation. The criteria establishment of the security violation reporting for Batteries+ business is recording of all type of security issues to the corporate business and data. In this way the higher management and higher business security officer will take the corrective actions and able to develop an effective future strategy regarding tacking of these security attacks. 13- Remote access Security The business of the Batteries+ has established remote business data access criteria. This remote access is aimed at facilitating the higher management and Batteries+ marketing manager who often need to travel across the world and city for taking new orders and performing new deals. The business needs to offer a better security infrastructure for redistricting any outer security attack. Here we have danger that any outside user could take the entrance to the system and disturb or damage the business files. In the scenario we need password based security system that manages and controls the outsider security attacks. Then we need to establish the antivirus and firewall based security system. These systems will protect against any external security attacks. 14- Physical Security Management of the physical security is really necessary. The main intention in the corporate physical security management is to protect the business physical IT and network based resources. For this we will deploy the physical security systems such as locked network data centers, save network communication devices and network cables. Here we will also hire security guards for handling the business physical security. These actions for the Batteries+ business will ensure the effective management and handling of the corporate IT and network security. 15- Laptop security Batteries+ business marketing officers need to travel all through the country regarding new promotions and making new business deals. In this scenario they need to constantly link to business setup for the proper data and information transmission to head office. In case of any new business deals: so that they should be able to contact business management. For this they have mobile communication and working systems (laptops). The security management of this business resource is also really essential. In case of the theft or any other mishap the business data can be reached to any person. In this scenario business needs to protect the laptops through establishment of the vital security systems. For instance the laptops password security will stop the illegal access to business data inside the machine and web based security clearance will make easier the overall business security management. 16- Generic Security management 16.1- General In case of the generic management of the security at Batteries+ Company we involve lot of security management areas. So we need to manage the huge areas of business for the effective coverage of security management program. This will cover them and manage them in a better way. 16.2- Classification I have analyzed the Batteries+ business infrastructure and assessed that business has following generic areas of the business security management: Wireless Networking Network Administration s Internet Use Email Use Data Backup Change Control Remote Access Third Party Access 16.3- Security initiatives In the scenario of all above given areas of network security management we need to analyze each aspect of the business linked to these factors. Then we need to assess the main security weak points this will offer us a clear view of all security lacking areas and on the basis of those views we will be able to take effective business decision. The main security initiative we will take is regarding the effective password security policy this will facilitates us in restricting the unwanted assessing to the network and business resources. Next main security technique we will use for the Batteries+ business is the establishment of the physical security. The safety of business IT and network resources is really necessary. In case of their theft or damage the business can have a huge loss. Next main security aspect we will consider is restriction on the remote access of data. As in Batteries+ business the marketing personnel need to travel around for business deals. In case of any remote contact to business head-office we need to allow them password protected access. This type of access should also be given to Batteries+ business CEOs, CSOs, COOs, and CIOs. 17- Corporate Security plan influence areas The new business security policy and plan will influence various business areas regarding the effective business security management. Below I have outlined some important influence areas: 1. The economic viewpoint: Batteries+’ organizational data and information security measures present encouraging return of investment. A business should make use of the probable reimbursement from investment to care for their data and information. In this acuity, effectiveness of information security measures is implicit as the capability to calculate positive return of outlays, i.e. the proportion of money gained relative to the amount of money invested (Herold, 2009). 2. The legal viewpoint: Batteries+ information security measures stay away from violations of legal requirements. Efforts have to be done to fulfill authorized necessities, which in turn should avert probable safety breaches. In this point of view effectiveness is understood as the ability of a measure to assist the Batteries+ business to meet legal requirements (Herold, 2009). 3. The cultural viewpoint: Batteries+ information security measures present a high-quality security culture. In this perspective, accomplishment is implicit as the consequence of a measure on Batteries+’ individual and organizational awareness as well as behavior in a optimistic direction (Herold, 2009). 4. The risk management viewpoint: Batteries+ information security procedures trim down the hazard of unwanted incidents. Failures of data and information security are with no doubt unpleasant events those reason losses to businesses; Batteries+ information security is therefore a risk management influence that handles the cost of information risk to the business. In this viewpoint, efficacy is implicit as the capacity to determine and to diminish risk to an acceptable level (Herold, 2009). 18- Business Continuity Plan In case of any business disaster we need to have business continuity plan. This business continuity plan is the main part of the Batteries+ information security policy. The business continuity plan of the Batteries+ business is given below: Generators back-up: In case of power failure we need backup generators for running the overall business structure. Data recovery system: We need to establish a data recovery system. This system will take the constant data back-up and will save the overall business data. Additional data servers: We need to establish additional data servers. That will constantly take the business data back-up and will recover that data in case of any business disaster. 19- Conclusion Security is a collection of the rules, actions, and technical measures that are used to stop illegal access or modification, theft, and physical damage to organizational resources. For every organization or business, security is a primary concern. In this report I have presented detailed analysis and overview of the Batteries+ business security management initiative those are taken to protect the business security and overall operational environment. The main thing this report will contribute to the business of Batteries+ will be the fundamental security management initiatives that business needs to consider and implement regarding the effective business security management and handling. This report has tried to assess and provide detailed overview of the business security permanents. I hope this report will offer a deep insight into the different security permanents implementation for the business of Batteries+. 20- Bibliography Bogazici. (2009). What is network Security? Retrieved December 08, 2009, from http://www.cc.boun.edu.tr/network_security.html Brenton, C., & Hunt, C. (2002). Mastering Network Security. Sybex. Cashell, B., Jackson, W., Jickling, M., & Webl, B. (2004). "The economic impact of cyber attacks". Congressional Research Service Report for Congress, . cert. (2009). Home Network Security. Retrieved December 08, 2009, from http://www.cert.org/tech_tips/home_networks.html#III-B CISCO. (2009). What Is Network Security? Retrieved December 08, 2009, from http://www.cisco.com/cisco/web/solutions/small_business/resource_center/articles/secure_my_business/what_is_network_security/index.html Curtin, M. (1998, July 07). Introduction to Network Security. Retrieved December 08, 2009, from InterHack.net: http://www.interhack.net/pubs/network-security/ Fleishman, G. (2009). How to secure your home network. Retrieved December 08, 2009, from http://www.macworld.com/article/140436/2009/05/osxwindowshomenetworking.html Gupta, V., & Montenegro, G. (1998). Secure and mobile networking . Mobile Networks and Applications , Volume 3 Issue 4, pp. 381 - 390. Herold, R. (2009). The Definitive Guide to Security Inside the Perimeter . Retrieved December 08, 2009, from Realtime Publishers: http://nexus.realtimepublishers.com/dgsip.php Kaminsky, A. (2009). What is Network Security? Retrieved December 08, 2009, from WiseGeek.com: http://www.wisegeek.com/what-is-network-security.htm Kurose, J. F., & Ross, K. W. (2009). Computer Networking: A Top-Down Approach. New York: Addison Wesley. Nash, J. (2000). Networking Essentials, MCSE Study Guide. California: IDG Books Worldwide, Inc. Perkins, C. E. (1998). Mobile Networking in the Internet. Mobile Networks and Applications , Volume 3 Issue 4, pp. 319 - 334. Ray, R. (2004). Technology Solutions for Growing Businesses. New York: American Management Association (AMACOM). Read More