Information Security Modification Recommendations Essay

1323 words - 6 pages

Tft2 Task3
In: Computers and Technology

Information Security Modification Recommendations
Service Level Agreement Between Finman Account Management, LLC, Datanal Inc., and Minertek, Inc.
After careful review of the current Service Level Agreement(SLA) “A Service Level Agreement for Provvision of Specified IT Services Between Finman Account Management, LLC, Datanal, Inc., and Minertek, Inc.” we have determined that standard Information Technology security measures have not been addressed fully. Following are the recommended changes highlighted in the specific sections that need to be addressed. These changes are being recommended to protect Finman’s data and intellectual property. ...view middle of the document...

Datanal will establish an Access Control List (ACL) and create Group Policies (GP) to establish authentication and authorization to specific network resources for users. Establishment of a Third Party Verification (TPV) process will provide confidentiality and integrity to meet current industry standards. Secure backup solutions that are compliant with industry standards will be established to insure the integrity of data. Datanal will insure compliance with International Trade Agreements, Federal patient laws, copyright laws and fair trade agreements for Information Security (IS).

Section 4 Statement of Intent Modifications:
As recognized by leading research and consulting firms with knowledgeable, skilled management, advanced state-of-the-art IT affords extraordinary opportunities for greater efficiencies, cost reduction, higher productivity, customer satisfaction, and profitability. Sophisticated IT applications realize their full potential with highly specialized technical knowledge and management skills readily available only in smaller firms focused primarily or exclusively on such applications. Through State of the art IT Security Management (ITSM) processes such as threat management, auditing, encryption and customer education will be used to prevent misuse and/or abuse of Finman’s IT resources or services.
1. Justify how your recommendations will limit use, sharing, retention, and destruction of Finman’s corporate data by Datanal and Minertek.
ITIL is a set a practices based on ISO/IEC 20000 standards that focuses on aligning IT services with the needs of business. These practices follow a four point approach to establishing a Best Management Practice which includes Communication Awareness Training, Risk Management, Firewall(Spam Filters) and Vendors Manufacturing Agents or Partners. (Clinch, J. (2009, May))
The first step would include training for all agents in Communication Awareness before allowing use of network and company assets. Training would include Information Assurance, basic computer usage and threat prevention during the implementation of AD and CAC card systems. Proof of this training will be submitted along with a signed user agreement and supervisor request for network access. User Agreements will state the responsibilities of the agent as well as penalties for violations of the agreement. Datanal will provide training resources and documentation to all Finman organizations.
The second step , as part of risk management, will be the creation of auditing processes, data backups and disaster recovery(DR). IDS and virus protection systems must be researched, evaluated and implemented to meet ISO standards. Data backup and DR will be implemented along with established DR plans and documentation covering restoration processes and time frames. A data retention plan will be established stating the length of data storage and disposal for outdated data.
The implementation of firewalls, proxy servers, spam filters and...

Other Papers Like Information Security Modification Recommendations

Villa Pena Resort Reservation System Essay

994 words - 4 pages task for a hotel consists of a number of processes like room reservation, room services , front desk , lodging, transport, food and beverages , security , staff management etc. these processes involve a lot of information which is created and shared between them and it is only imperative that there should exist a centralized information management system to effectively facilitate this information sharing for the smooth functioning of

Tft2 Task 4 Essay

778 words - 4 pages Recommendation for information security Modification The review of the Service Level Agreement in the network “shows that better measures for Information technology have not been addressed, rather some added recommendation have been listed which provide the better protection to Finn man data and intellectual property. Thus various mechanisms for protecting the data have been suggested lik ITIL, Best management practices A.. Recommended

Computer Threats

1551 words - 7 pages account information as well as particulars. | | | | | | | Modification of client particulars |Hackers acquired illegal accessibility and changed client particulars and

Top 10 Laws of Security

1706 words - 7 pages a technical issue. Security is a mixture of political, economic, socio-cultural, managerial, legal and technical issues and factors. The right security implementation should cover these issues. Therefore, security management have to communicate roles from different departments to gain the right recommendations and feedback to security. Political issues should deal with external relationships with other countries and information exchange

Riordan SOX Compliance

2061 words - 9 pages responsibilities with regard to organization information assets." (Peltier, 2005) Gaining management and user buy-in will greatly contribute to the success of implementing new data security policies and procedures.Securing Riordan Manufacturing's company data is critical. Data is valuable and often irreplaceable. Following these recommendations will ensure that company data is secure from internal and external risk.Riordan as a manufacturing company does not

Ocr Risk Analysis

3309 words - 14 pages HIPAA Security Standards: Guidance on Risk Analysis Introduction The Office for Civil Rights (OCR) is responsible for issuing annual guidance on the provisions in the HIPAA Security Rule.1 (45 C.F.R. §§ 164.302 – 318.) This series of guidances will assist organizations2 in identifying and implementing the most effective and appropriate administrative, physical, and technical safeguards to secure electronic protected health information (e

Negotiating the Right to Know: Rhone-Poulenc and Manchester, Texas (a-1)

1785 words - 8 pages the local community worked for the facility. During this year, Poulenc sought a modification permit for incinerating hazardous waste, a requirement of the U.S. Environmental Protection Agency (EPA) to reclassify certain hazardous materials. The permit modification would allow Poulenc to burn hazardous household waste. As part of the permitting process, the company was required to hold an informational meeting. Only a few key members of the

Security Breach

1832 words - 8 pages standards (Privacy Policy, 2011). Recommendations To ensure greater security at the workplace for customers, some recommendations are given that are as follow: Application of Privacy law effectively: To ensure greater security for customers about their information, the firm should apply privacy law effectively. It will increase trust among the customers and employees towards the firm due to applying laws and rules. Additionally

Cmgt400 Week 4 Individual

1359 words - 6 pages The Role of Information Security Policy A successful Information Security Program is determined by how the security policy for an organization is developed, how it is implemented, and maintained. An effective sound security policy creates a solid foundation for an information system. The policy makers must emphasize that within the organization, the role played by information security is of paramount importance. The system administrator is

Bsa 375 Riordan System

4061 words - 17 pages each location’s computers. Security Controls The number one concern of the security controls proposed by the IT department is to prevent unauthorized entry, misuse, and modification to the system. The main goals of the security controls in this project are confidentiality, integrity, availability, and non-repudiation of all information (Byrnes & Proctor, 2002). The following bullet list presents threats the

How to Plan for Security

1935 words - 8 pages the WLAN facility is the responsibility of appointed network administrators at the university’s faculty of Information and Communication Technology. The network administrators are tasked with managing access control protocols, hardware and software maintenance, network security, and undertaking the necessary development and improvement as required (David & Michael, 2010, P.47). The network administrators are tasked with drafting suitable

Related Essays

Cap Study Guide Essay

5295 words - 22 pages official or executive within an organization with the overall responsibility to provide information security protections commensurate with the risk and magnitude of harm (i.e., impact) to organizational operations and assets, individuals, other organizations, and the Nation resulting from unauthorized access, use, disclosure, disruption, modification, or destruction of: (i) information collected or maintained by or on behalf of the agency; and (ii

Data Classification Hicca Essay

1047 words - 5 pages information provided here is for reference use only and does not constitute the rendering of legal, financial, or other professional advice or recommendations by HHIC, HRC, or WEDI. The listing of an organization does not imply any sort of endorsement and HHIC, HRC, and WEDI takes no responsibility for the products, tools, and Internet sites listed. The existence of a link or organizational reference in any of the following materials should not be

Risk Assesment Essay

2541 words - 11 pages this risk assessment are not implemented, the result could be modification or destruction of data, disclosure of sensitive information, or denial of service to the users who require the information on a frequent basis. Risk Assessment Purpose The purpose of this risk assessment is to evaluate the adequacy of the LOGISTIX, INC. security. This risk assessment provides a structured qualitative assessment of the operational environment

Management Information System Case Study On Terrorists Watch List Database

288 words - 2 pages daily updated with new nominations, modification and deletion. Various agencies that provide the valuable information to TSC are FBI, CIA, National Security Agency, Transportation security administration, Department of Homeland Security, State Department, Customs and Border Protection, secret service, U.S. Marshall Service, and the Whitehouse airlines. The unification of various terrorism databases has been a huge step towards combating terrorists