In: Computers and Technology
Information Security Modification Recommendations
Service Level Agreement Between Finman Account Management, LLC, Datanal Inc., and Minertek, Inc.
After careful review of the current Service Level Agreement(SLA) “A Service Level Agreement for Provvision of Specified IT Services Between Finman Account Management, LLC, Datanal, Inc., and Minertek, Inc.” we have determined that standard Information Technology security measures have not been addressed fully. Following are the recommended changes highlighted in the specific sections that need to be addressed. These changes are being recommended to protect Finman’s data and intellectual property. ...view middle of the document...
Datanal will establish an Access Control List (ACL) and create Group Policies (GP) to establish authentication and authorization to specific network resources for users. Establishment of a Third Party Verification (TPV) process will provide confidentiality and integrity to meet current industry standards. Secure backup solutions that are compliant with industry standards will be established to insure the integrity of data. Datanal will insure compliance with International Trade Agreements, Federal patient laws, copyright laws and fair trade agreements for Information Security (IS).
Section 4 Statement of Intent Modifications:
As recognized by leading research and consulting firms with knowledgeable, skilled management, advanced state-of-the-art IT affords extraordinary opportunities for greater efficiencies, cost reduction, higher productivity, customer satisfaction, and profitability. Sophisticated IT applications realize their full potential with highly specialized technical knowledge and management skills readily available only in smaller firms focused primarily or exclusively on such applications. Through State of the art IT Security Management (ITSM) processes such as threat management, auditing, encryption and customer education will be used to prevent misuse and/or abuse of Finman’s IT resources or services.
1. Justify how your recommendations will limit use, sharing, retention, and destruction of Finman’s corporate data by Datanal and Minertek.
ITIL is a set a practices based on ISO/IEC 20000 standards that focuses on aligning IT services with the needs of business. These practices follow a four point approach to establishing a Best Management Practice which includes Communication Awareness Training, Risk Management, Firewall(Spam Filters) and Vendors Manufacturing Agents or Partners. (Clinch, J. (2009, May))
The first step would include training for all agents in Communication Awareness before allowing use of network and company assets. Training would include Information Assurance, basic computer usage and threat prevention during the implementation of AD and CAC card systems. Proof of this training will be submitted along with a signed user agreement and supervisor request for network access. User Agreements will state the responsibilities of the agent as well as penalties for violations of the agreement. Datanal will provide training resources and documentation to all Finman organizations.
The second step , as part of risk management, will be the creation of auditing processes, data backups and disaster recovery(DR). IDS and virus protection systems must be researched, evaluated and implemented to meet ISO standards. Data backup and DR will be implemented along with established DR plans and documentation covering restoration processes and time frames. A data retention plan will be established stating the length of data storage and disposal for outdated data.
The implementation of firewalls, proxy servers, spam filters and...