Associate Level Material
Information Security Policy
Student Name: Ronald Stride
University of Phoenix
IT/244 Intro to IT Security
Instructor’s Name: Scott Smith
Date: January 27, 2013
Table of Contents
1. Executive Summary 1
2. Introduction 1
3. Disaster Recovery Plan 1
3.1. Key elements of the Disaster Recovery Plan 1
3.2. Disaster Recovery Test Plan 1
4. Physical Security Policy 1
4.1. Security of the facilities 1
4.1.1. Physical entry controls 1
4.1.2. Security offices, rooms and facilities 1
4.1.3. Isolated delivery and loading areas 2
4.2. Security of the information systems 2
Here at Sunica we are ready to keep up with technology and build a better business model through that practice. However without a complete security outline and the enforcement of it we will not achieve this goal. It is highly recommended that this policy be carefully read and followed by all parties involved in this company. A signed copy will be required to be kept on file for all employees and customers will be made fully aware that their security is our top priority.
1 Company overview
Sunica Music and Movies is a small business that is making a move to keep up with technology. The goals of this company are to synchronize the many locations to work together as one and develop a web presence. To accomplish these goals they are going to link the stores with private business data on one side and a user interface for the public on the other. Inventory and accounting will be a large factor in their success but security will be a very important aspect as well. Since transactions are conducted online they will require security from the inside and outside of the system.
2 Security policy overview
As a small company a System-Specific policy will be appropriate. By clearly outlining data handling procedures for the system key factors like protection, detection and response can be maximized and provide an overall better level of security.
3 Security policy goals
This company handles private and financial data so prohibiting misuse of this information is vital. There will be layers of access consisting of manager, asst. manager and cashier level employees.
Credentials for each employee will be provided by management. Customers will create personal credentials to conduct transactions. Firewalls will keep things contained and immediate encryption will apply to personal financial information.
Back-ups will be required daily and equipment protected to the extent of our ability against disasters natural or otherwise. Equipment will be cleaned, maintained, and up-graded at appropriate intervals to help avoid failure.
Disaster Recovery Plan
1 Risk Assessment
1 Critical business processes
The mission critical business systems for Sunica Music and Movies include the web, accounting and transaction servers in the data center and the in-store devices that connect to them. Employees and customers rely on these systems to operate properly.
2 Internal, external, and environmental risks
Possible threats at Sunica are fire, earthquakes and human related. Fires happen for countless reasons and if either the store locations or the data center were to have one the damage could range from monetary (small and large) to loss of the life of a customer or employee. Earthquakes are also unpredictable and have the...