Security policy document - Term Paper Example

Security policy document Introduction Security policy document entails a document that contains rules/policies practices, laws and procedures for regulating accessibility to a computer network. The policy document help to regulate accessibility to organisation information by ensuring that both corporate and clients information is protected against authorised access. The document further provides a clear blue print for computer network security management. Therefore, to be efficient and effective in distribution operations, the Global Distribution, Inc. (GDI) may enforce computer network security by establishing a User accounts, passwords, data encryption to mention just but a few. For example, security of user accounts may be fostered by establishing a password that may require the user to sign in prior accessing the information in a particular account (Schlachter, 2005). Data encryption may be applied whereby; the data may be translated in unintelligible form to enhance data security. Further, Global Distribution Inc may enhance its financial security by utilizing Proactive DDOS threat mitigation program. The program may help to address financial risk that may occur due to Information technology down turn. It has been reported that Global distribution Inc has numerous accounts in Mexico Unites States and Canada. This means that there is need to integrate and enhance computer network security, data/information security, financial security, vendor’s security among other areas that security is paramount. Further to eliminate/reduce significant pikes in Network traffic, the Science DMZ should be employed. This is because the DMZ is able to transfer large amount of data simultaneously. However, it is vital to place the DMZ adjacent to the parameter of local area network in order to enhance speed and eliminate network trafficking, latency, slow performance and application time out within the Global Distribution Inc (Schlachter, 2005). The Most Important Assets for Global Inc that must be protected The most important assets of Global Inc Company which must be protected include but not limited to; Hardware assets such as communication tools and equipment within Global distribution Inc. Example of hardware assets include, computer hardware, input and storage devices, monitors screen among others. Further, Global Distribution Inc must protect its computer software assets against computer viruses such as Trojan, Malware among others. This may be done through installation of computer antivirus software to all organisation systems. Installation of antivirus software helps to detect and protect computer system against network viruses that may destroy organisation systems and data. The Global Distribution Inc must protect its data assets against destruction and authorised access. Data assets include; information files, data base, user manuals, system documentations, contract agreements and any other organisation information within the data base (Schlachter, 2005). Organisation data must be protected against unauthorised access. This means that information regarding cooperate and customer’s must be protected by ensuring that high level of confidentiality is maintained. This is when corporate information links out; an organisation may face threats from its competitors that may jeopardize its operations. Moreover, Global Inc must protect its employee’s skills, experience and dignity. This is because employees are the most important assets for any successful organisation. Without employees, an organisation may not be able to achieve its objectives. In addition, global Distribution Inc must protect its inventory assets whereby, any data that may help to recover inventory during occurrence of a disaster should be maintained. Intangible assets such as organisation goodwill/reputation and image must be protected. Goodwill is some time considered to be an intellectual property and therefore, records containing goodwill and other valuable information about the organisation must be protected from an authorised access. Further, intellectual property such as copy rights, patent rights, trademarks and organisation trade secrets should be protected against infringements as well as any form of manipulation. General Security Architecture for the Global Inc Company The General security architecture entails an integrated security design that helps to solve security threats/ risk that may emerge in an organisation. The security architecture further involves security principles that are documented so that they can guide an organisation. The Global Security Inc consist of three major components of security Architecture those components include; process, people and tools that have been integrated to protect the entire assets of Global Distribution Inc company. In terms of process, the company has a well structured and secure distribution channel across all its networks situated in Canada, United States and Mexico. In addition, the company has a well defined work process whereby, the organisation has various departments that have been integrated together for security purposes. Among those departments include; I.T department, finance department, Human resource department to mention just but a few. In terms of people, the organisation has employed more than three thousand and two hundred people in different departments. It has also been reported that the organisation has been experiencing continuous growth. The growth has been attributed to the technological creativity and innovation in the organisation. The number of employees has been increasing in order to help the organisation achieve its security goals and objectives (Schlachter, 2005). The Global Distribution Inc has a well organized security Architect that consist of the following components; Technology, Accessibility and Control of the border, Identification management, Validation, architectural adjustment, training, guidance before and during disaster occurrence, inclusion and exclusion. In terms of technology, Global Distribution Inc utilizes both computer software and hardware to manage its security architecture. The organisation recognises that people and technology are the most important Architecture in an organisation. This is because any technological change may not only affect employees and organisation process but also the entire organisation process. The organisation has a well defined access and border control whereby, the company employs least privileged principle which holds that users should be provided with necessary authority to perform their duties/ responsibility. Further Global security Inc control its resources and Information technology via three layers namely; discrete, granular and broad layers whereby, each layer defined the limits for users. The organisation further classifies information into three categories namely: public information, private and proprietary information. Public information entails in formation has no access restriction such information include; the list of prices charged by the organisation. On the other hand private information has restriction and can only be accessed by defined members of Global distribution Inc. Finally, proprietary information entails sensitive information that Global Distribution Inc cannot share with any organisation because it may cause security threats. Maintaining in formation privacy/confidentiality helps to enhance security by ensuring that user get access to information that may only help them to execute their duties more efficiently and effectively (Schlachter, 2005). The Global distribution Inc has a well defined and integrated identification management. Identification management entails company policies, technology and procedures that enable users to access technology and online resources. Global distribution Inc has established a clear security roles and responsibilities for its users. Further the company has defined the users of security architecture. Some of those users include: Corporate managers for Global Inc Company, employees who are responsible for security management, owners of data within global Inc, custodians, managers responsible for monitoring organisation goals, end-users/clients, security custodians as well as internal auditors. The company has integrated the Architectural element of adjustment and validation. This means that the company has developed security borders that prevent unsecure access to corporate information. In addition, Global Inc has established mechanism to deal with security architectural changes that are brought by technological dynamism. Moreover, the company has designed security architecture that ensures all the I.T components, emails, financial reports and clients’ confidential data have been protected against all forms of risk. The I.T Auditor internal auditor in the I.T department has designed a program that helps to identify different users and their information needs. This helped to determine those people who should be included or excluded from the different section of Information technology environment (Schlachter, 2005). The real-time security measures that must be put in place monitoring and preventative measures that must be put in place The real-time security measures that must be put in place include: establishment of corporate strategy. This strategy may help the organisation to determine/establish measures that can be put in place to deal with system security misuse from both internal and external violations. Secondly, base line information should be gathered. The Global Distribution Inc should take proactive measures that recognise any form of intrusion as well as breach of security. This may help to detect hackers before they execute their criminal acts. Global Distribution Inc should further monitor intrusions. This means that the I.T personnel should follow up any techniques employed by hackers to access organisation information files. The organisation may employ tools like Tripe wire, Netstalker, TX among other monitoring to detect and monitor any attempt by hackers. Additionally, the intrusion data should be properly analyze in case an organisation has suspected any form of intrusion into the organisation system. This may be done by carrying out a comparison assessment of the current organisation security state and comparing it with base line state. When an organisation has identified the intruder, the best solution may involve carrying out repairs of the damage system files and eliminate any flaws that cause intrusion. In case an organisation has made a decision to prosecute the hacker relevant authorities should be informed and monitoring procedures should be established to prevent the occurrence of such event in the future. This may help to ensure that organisation security is maintained Specific policies that could be applied An organisation may adopt the following policies to ensure organisation security is maintained: the entire personal data should be processed fairly and legally to ensure that personal data secure without breaching personal rights to confidentiality. Another principle involve that personal data shall be retrieved only for lawful purposes whereby, no information that will be processed against the intended purpose of that particular information. In addition, personal data shall be kept free from errors and mistakes and kept updated. Any data processed for a particular purpose shall not be kept for a period longer than intended. This means that the data shall be processed and utilized for the purpose in which it was processed for and utilized within the specified period. Measures shall be taken against unauthorised and unlawful data processing. In addition, measures shall be applied against unlawful destruction of personal data. This means that the policy shall protect individuals and organisation against those who destroy their data in order to hide or damage the evidence. Further, the data shall be processed in accordance to Data processing Act established by the law. Additionally, no transfer of data/information that will take place from one country to the other without being granted maximum protection of data owner’s information rights Reference List Internal Institute of Auditors. (2007). Elements of a Good Security Architecture. Retrieved< http://www.theiia.org/intAuditor/itaudit/archives/2007/february/elements-of-a-good-security-architecture/> Schlachter.G. (2005). Network Monitoring within a DMZ. Retrieved :< http://www.tavve.com/wp-content/uploads/2011/05/network-monitoring-within-dmz.pdf. . Read More