CREATION AND COMMUNICATING OF SECURITY POLICY 1
CREATION AND COMMUNICATING OF SECURITY POLICY 5
Khoa Luong
Assignment 1 :
Creation and Communicating of Security Policy
Professor George Trawick
CIS 333
05/03/2020
Creation and Communicating of Security Policy
Part 1: Business Environment and Potential Risks
Security is a key factor in the running of any business. As the IT security professional officer for the Sparks Corporation that deals with selling of various products and services to both retailers and wholesalers in various parties of the world. The corporate has several branches spread across different regions of the world. The branches have been endowed with different human resources in departments such as sales, security sector, retailing and wholesaling department, human resources, and marketing of the company`s products. All the employees of the cooperation have access to the retailing locations and access to public ventures. However, the public has no access to the facilities.
The advances made in the world have made it important that the corporation uses some of the digital devices to execute its duties. The corporation has workstations with laptops, tablets, and digital mobile phones. To access the corporation`s devices the employees have personal logins for their emails, computer, and mobile phones ((Tajik, 2019). The corporation has also specific applications that are always updated on personal devices for the individuals that bring personal devices to use at work.
The corporation has also initiated the use of delegation of duties to help in improving service delivery. The employees are assigned duties by the use of the computers depending on the benefits that come with the person using the device. The physical security personnel have only access to the physical security areas and only have access to the section of the physical IT section to aid in the protection of the facility (Brito et al. 2020). The monitoring and controlling of the security section for the Sparkzy Corporation will only be done by the IT security employees tasked to ensure that the facility and its branches are well secured. The following is a memo that describes the policies and regulations that the employees have to adhere to for security purposes.
Part 2: Assembling of the Policies for the Corporation
Memo TO: All Stakeholders FROM: IT Security Department DATE: 2/2/2020 RE: Security Policy This defines the security regulations that have to be followed throughout the entire facility for the benefit of the Corporation. All the computers and the devices used in the conducting of the corporations’ businesses have to be aligned most effectively and safely which would result in boosting the security of the corporation with limited chances of data loss or security breach. Access Control Measures Accessing any of the corporation’s networks will only be limited to the employees and relevant stakeholders of the company. However, they shall all have to introduce themselves through the use of unique login passwords, and the biometrics that one seeks to access. To access the platform by the use of the unique logins one will require to always update their logins and ensure that in case the login is not used for more than twenty days then its deactivated and the owner will have to seek permission from the administrator to reactivate their account. The use of the passwords will also require that there is a two-way verification for the person seeking to access the facility`s network. The password has to be strong and be in constant use to avoid being deactivated and most importantly the password must also not be shared by any person to avoid putting the facility in a compromised manner. Physical Security Measures These are the key areas that play a huge role in ensuring that the facility is secured. The physical security system must be improved to ensure that there is an effective provision of the required security measures. The first key thing that must be done is improved on locking of the doors. All the entry and exit points must be managed to ensure that there is no entry or exit of the facility without following the set security procedures. Secondly, there must be the use of the standard access methods in which the facility must always be manned by the use of a digital system in which the technology would man anybody getting inside and outside the premises. This will require that there is the use of the standard cards that would only allow those with access cards to gain entry or exit of the facility (Tajik, 2019). Besides that, with the increased insecurity issues there is also the need to have a surveillance system for the premises which will be monitored on a 24-hour system. The system will comprise of both fixed cameras and the surveillance video cameras that will capture all the details of individuals and activities taking place at the premises. The surveillance will be done in conjunction with the physical personnel security in which all activities will also be recorded and saved for future references. Additionally, there will also be the installation of the alarm systems at the premises. The system will be aired to all sections of the company. The alarms will be connected with the physical security to ensure that in case of any alert the system coordinates the most effective way that would result in the management of the situation. Employee Practices The running of the facility will not be successful without the use of the services rendered by the employees. However, to ensure that the facility is secured the employees will have to adhere to the new security policies and be aware of the danger that looms with any insecurity decision that they might take. · The employees will not be allowed to use their devices to send and receive emails meant for the corporation. · There shall be no bringing of personal devices in the premises, this is to avoid causing risk on the facility`s data and the entire running of the facility. · Besides that, personal devices will also be not in use while at work. They have to be turned off and only be used when the employee is not doing any official activity of the company (Hamadaqa, Mars & Adi, 2020). · In case it’s mandatory that an employee brings their device to the facility there must be adhering to the regulations of the facility such that there is no data that’s carried out of the facility for personal use and their devices must be updated with current antivirus software. |
References
Brito, M., Gonçalves, M. A., Caravana, N., Esperança, M., & Teixeira, H. (2020). The Impact of Implementing Hygiene and Safety Measures on Absenteeism—A Case Study in a Small Metallurgical Company. In Occupational and Environmental Safety and Health II (pp. 749-754). Springer, Cham.
Hamadaqa, E., Mars, A., & Adi, W. (2020). Physical Security for Fleet Management Systems. Cryptography, 4(1), 1.
Tajik, S. (2019). On the physical security of physically unclonable functions. Springer International Publishing.
creation and communication of
secuity policy
by Sec Sec
Submission date: 02-May-2020 04:01AM (UTC-0500)
Submission ID: 1313974568
File name: Creating_and_Communicating_a_Security_Strategy x (23.35K)
Word count: 1060
Character count: 5336
4%
SIMILARITY INDEX
1%
INTERNET SOURCES
0%
PUBLICATIONS
3%
STUDENT PAPERS
1 3%
2 1%
Exclude quotes Off
Exclude bibliography Off
Exclude matches Off
ORIGINALITY REPORT
Submitted to Kaplan University
Student Paper
www.termpaperpool.com
Internet Source
- creation and communication of secuity policy
by Sec Sec
creation and communication of secuity policy
ORIGINALITY REPORT
PRIMARY SOURCES