This website uses cookies to ensure you have the best experience. Learn more

Security Policy Document Essay

2165 words - 9 pages

1.0 Purpose
The purpose of this policy is to describe the security requirements for Global Distribution, Inc. (GDI). It is important that GDI protects the confidentiality, integrity and availability of information that is essential for day-to-day business operations. This policy will apply to all information that is electronically stored, received, typed, printed, filmed, and generated. Information technology systems are critical for Global Distribution, Inc. interrelationship between data and operations. GDI’s 3,200 employees and contractors are all responsible for protecting information from being accessed by unauthorized persons, modification, disclosure and destruction. An effective ...view middle of the document...

No matter how big or small an employee’s role is within the organization, they should do their do diligence to prevent any unauthorized access to this information. GDI system and network shall not be used to; violate the rights of any person, engage in sexual harassment, access porn or gaming websites, install or create malicious programs, disclose passwords to others, conduct in fraudulent activities, or provide information to compotators. Unacceptable use can also be defined as any activity that is illegal under local, state, federal or international law with usage of CDI’s electronic communication systems (SANS Institute, 2006).
The acceptable use policy would be necessary for GDI because even with the greats security programs and technologies, internal threats still exist. Employees impose a great threat to the company network and could bring the network crashing down if not address properly. “Internal threat is predominantly the result of poor user security behavior” (Humaidi, 2011). Having an acceptable use policy helps control employee’s behavior.
3.0 Physical Security Policy
GDI will implement physical and environmental security to protect buildings and systems such as, application mainframes and DS, central data processing, remote warehouses, FTP/SMTP bridgehead, workgroup servers, microcomputer cluster, and IMB mainframes from individual and environmental threats. The use of a Physical Access Control Systems (PACs) is to be implemented to protect these areas. All employees will be issued personal identification verification cards (PIV cards) in order to control what they have access to as well as providing a system for monitoring what employees are accessing. This cryptographic authentication and integrity methods allows the security of authentication to be improved (MacGregor, 2008). Access will be granted based on the employee’s position and need. Random and schedule audits, along with inventory management will also be used as a way to protect information systems from unauthorized access or usage. The entrance doors to area where sensitive information is stored (like the twin IBM System/390 mainframes) should remain locked as all times and under no circumstance should the doors be propped open at anytime.
Though we are at a time where technology security is at the forefront of security, GDI must not overlook the importance of physical security. “Businesses have gotten so caught up in technological security that they have forgotten the more basic, yet salient, notion of physical security” (Desouza, 2004). The importance here is that physical security tends to be overlooked and in fact this could bring the organization to its knees. GDI can be brought to the ground in seconds if the right perpetrator is able to breach physical security and gain access to sensitive areas in an office building or warehouse (Desouza, 2004).
4.0 Remote Access Policy
In order for GDI to safely conduct business operations with its 81 remote...

Other Papers Like Security Policy Document

Introduction to Information Security Student Essay

1249 words - 5 pages straightforward process composed predominantly of physical security and simple document classification schemes. The primary threats to security were physical theft of equipment, espionage against the products of the systems, and sabotage. The History of Information Security One of the first documented security problems that fell outside these categories occurred in the early 1960s, when a systems administrator was working on an MOTD (message

Cyberlaw, Regulations and Compliance Essay

1323 words - 6 pages     Task 1 Heart Healthy Information Security Policy: A. 1. The policy for information security has two different sections – first is managing passwords and second is new user policy. They are discussed in detail as below: New Users: When a new user enters the organization, depending upon the roles and responsibilities assigned to the person, he will be given corresponding access rights. With the help of these access rights the

Lab 5 Assessment Questions & Answers

737 words - 3 pages between an Acceptable Use Policy (AUP) and a Security Awareness & Training Policy? An acceptable use policy (AUP) is a document that outlines a set of rules to be followed by users or customers of a set of computing resources, which could be a computer network, website or large computer system. Security awareness training is a formal process for educating employees about corporate policies and procedures for working with information technology

Week2Ilab Sec450

1488 words - 6 pages network represents the Internet. The Dallas and Chicago Hosts need to be protected from specific types of traffic from the Internet. Topology The last page of the lab assignment document contains a full page topology. Remove this page and use it for reference to the topology and the IP addresses. Initial OpNet Preparation The Week 2 iLab is entitled Security Demands. The following steps show how to create the project

Cap Study Guide

5295 words - 22 pages : Implement i. Implement the security controls and document how the controls are deployed within the information system and environment of operation. d. Step 4: Assess i. Assess the security controls using appropriate procedures to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for

Chapter 1-Introduction to Information Security: Principles of Information Security

979 words - 4 pages information security? In the early days before ARPANET machines were only physically secured. After ARPANET it was realized that this was just one component. 18. What was important about Rand Report R-609? RR609 was the first widely recognized published document to identify the role of management and policy issues in computer security. 19. Who decides how and when data in an organization will be used and or controlled? Who is responsible

Suck This

1195 words - 5 pages and protects the company against damaging legal issues. Scope All employees, contractors, consultants, temporary and other workers at [Company Name], including all personnel affiliated with third parties must adhere to this policy. This policy applies to information assets owned or leased by [Company Name], or to devices that connect to a [Company Name] network or reside at a [Company Name] site. Information Security must

Abut Stack

1195 words - 5 pages and protects the company against damaging legal issues. Scope All employees, contractors, consultants, temporary and other workers at [Company Name], including all personnel affiliated with third parties must adhere to this policy. This policy applies to information assets owned or leased by [Company Name], or to devices that connect to a [Company Name] network or reside at a [Company Name] site. Information Security must

Audit Program

1025 words - 5 pages for proper monitoring. Implement a policy and procedure approved by the management to document the adequate process of monitoring the staircase located in the back of the first floor. All visitors should be escorted to the security room by a receptionist to ensure badges are properly issued. Install at least one camera by the staircase to monitor activities of the staircase. Install a emergency call button inside the elevator. Request the elevator

It Audit Guide

4838 words - 20 pages | | | |Security Risk Management Plans | | |Comments: | 4 Guidance for IRAP Assessors |A policy document MUSTprovide and define: | |Scope, objective and context for the particular policy

Itt It255 Unit 4 Aup

1345 words - 6 pages a periodic reporting requirement to measure the compliance and effectiveness of this policy. 2. Richman Investments management is responsible for implementing the requirements of this policy, or documenting non-compliance via the method described under exception handling. 3. Richman Investments Managers, in cooperation with Security Management Division, are required to train employees on policy and document issues with Policy compliance

Related Essays

Title Is Awesome Essay

1179 words - 5 pages computer, open a new Internet browser window.
 4. In the address box of your Internet browser, type the URL and press Enter to open the Web site. 5. Review the information to determine the components of an information systems security policy. 6. In your Lab Document, identify the major components of an information systems security policy. 7. Review the following

Hcs 440 Week 1 Individual Economic Terms And Health Care History

358 words - 2 pages This document MGT 350 Week 2 Learning Team Case Analysis Project Plan Critical Thinking Strategies in Decision Making contains a solution on following task: "Decisions in Paradise Case Analysis Project Plan. Submit the following: 1) Summary of Case 2) Company selected 3) Action Plan, e.g. who and how will this paper be researched and written. UMUC CMIT 425 Security Policy Project Using the GDI Case Study, complete the Security Policy

Cmgt400 Week 4 Individual Essay

1359 words - 6 pages The Role of Information Security Policy A successful Information Security Program is determined by how the security policy for an organization is developed, how it is implemented, and maintained. An effective sound security policy creates a solid foundation for an information system. The policy makers must emphasize that within the organization, the role played by information security is of paramount importance. The system administrator is

Security Policy Week 4 Essay

547 words - 3 pages This document is to describe the Information Security requirements of Online Application Services and Application Service Providers that engage in business with McBride Financial Services. This policy applies to any use of Online Loan Applications (OLA) and any outsourcing to Application Service Providers (ASP) by McBride Financial Services, independent of where hosted. The Online Loan Application or Application Service Provider's Sponsor