Information Security Policy
University of Phoenix
IT/244 Intro to IT Security
Instructor’s Name: Mark Cherry
* Table of Contents
1. Executive Summary 1
2. Introduction 1
3. Disaster Recovery Plan 1
3.1. Key elements of the Disaster Recovery Plan 1
3.2. Disaster Recovery Test Plan 1
4. Physical Security Policy 1
4.1. Security of the facilities 1
4.1.1. Physical entry controls 1
4.1.2. Security offices, rooms and facilities 1
4.1.3. Isolated delivery and loading areas 2
4.2. Security of the information systems 2
4.2.1. Workplace protection 2
4.2.2. Unused ports and cabling 2
4.2.3. Network/server equipment 2
4.2.4. ...view middle of the document...
Because of the locations acting in an individual manner sales are being lost and unnecessary cost is being incurred from the inventory breakdown and the accounting errors for each store as of result of no reliable communication and tracking method being used
Security policy overview
I think Program-Level may be good for this company this method will cause the store to act in concert with one another instead of independently- simply because this method gives a Purpose which clearly states the purpose of the program, a Scope which specifies resources, Responsibility addresses the responsibilities of officials and offices throughout the organization
Security policy goals
This method will give only those with authorization the ability to access certain information and make certain changes. This allows for tracking of who is accessing information and who is changing information.
This method will only allow authorize users to access sensitive information preventing any unauthorized user from making any changes to the sensitive data. Authorize users will also from making improper modifications as indicated by the company’s security policy. The formal method is password protection and employee profile when enter into the system will allow the required access therefore only allowing transactions applicable to that user.
System back-up will be on an external system that will automatically back-up important files at a specified time every day. This system can be accessed in case of some type of intention attack or disaster by authorized personnel. Access control will be done by placing security level access on each user giving the user access and availability to the information applicable to that user. IT security staff will be accessible24 hours a day to provide quality service and support
Disaster Recovery Plan
Critical business processes
Mission1-Keep computers running Mission2-Meet service agreements
Internal, external, and environmental risks
Internal risk could come from employees via misuse of the computers or intentional damage to the security of the computer, internal could also be subject to loss of power. External risk could be nature itself any where from tornadoes to severe electrical storms causing fires lines down and structural damage to the company and its systems.
Disaster Recovery Strategy
A hot site would have the best value because the company can still run independently without any share site headaches and cold sites just too much to set up it’s like throwing a whole company together inside an empty shell alternate site would be my second choice if one need to be made but a hot spot will continue service agreements with minimum problems.
Disaster Recovery Test Plan
A walk through is important because you need the key business units to come together to see if anything was omitted or inaccurately included
This step is also necessary...