The purpose of this policy is to describe the security requirements for Global Distribution, Inc. (GDI). It is important that GDI protects the confidentiality, integrity and availability of information that is essential for day-to-day business operations. This policy will apply to all information that is electronically stored, received, typed, printed, filmed, and generated. Information technology systems are critical for Global Distribution, Inc. interrelationship between data and operations. GDI’s 3,200 employees and contractors are all responsible for protecting information from being accessed by unauthorized persons, modification, disclosure and destruction. An effective ...view middle of the document...
No matter how big or small an employee’s role is within the organization, they should do their do diligence to prevent any unauthorized access to this information. GDI system and network shall not be used to; violate the rights of any person, engage in sexual harassment, access porn or gaming websites, install or create malicious programs, disclose passwords to others, conduct in fraudulent activities, or provide information to compotators. Unacceptable use can also be defined as any activity that is illegal under local, state, federal or international law with usage of CDI’s electronic communication systems (SANS Institute, 2006).
The acceptable use policy would be necessary for GDI because even with the greats security programs and technologies, internal threats still exist. Employees impose a great threat to the company network and could bring the network crashing down if not address properly. “Internal threat is predominantly the result of poor user security behavior” (Humaidi, 2011). Having an acceptable use policy helps control employee’s behavior.
3.0 Physical Security Policy
GDI will implement physical and environmental security to protect buildings and systems such as, application mainframes and DS, central data processing, remote warehouses, FTP/SMTP bridgehead, workgroup servers, microcomputer cluster, and IMB mainframes from individual and environmental threats. The use of a Physical Access Control Systems (PACs) is to be implemented to protect these areas. All employees will be issued personal identification verification cards (PIV cards) in order to control what they have access to as well as providing a system for monitoring what employees are accessing. This cryptographic authentication and integrity methods allows the security of authentication to be improved (MacGregor, 2008). Access will be granted based on the employee’s position and need. Random and schedule audits, along with inventory management will also be used as a way to protect information systems from unauthorized access or usage. The entrance doors to area where sensitive information is stored (like the twin IBM System/390 mainframes) should remain locked as all times and under no circumstance should the doors be propped open at anytime.
Though we are at a time where technology security is at the forefront of security, GDI must not overlook the importance of physical security. “Businesses have gotten so caught up in technological security that they have forgotten the more basic, yet salient, notion of physical security” (Desouza, 2004). The importance here is that physical security tends to be overlooked and in fact this could bring the organization to its knees. GDI can be brought to the ground in seconds if the right perpetrator is able to breach physical security and gain access to sensitive areas in an office building or warehouse (Desouza, 2004).
4.0 Remote Access Policy
In order for GDI to safely conduct business operations with its 81 remote...