Intro to Security Final Project Essay

Due in workweek Nine stop open 3 to 4 paragraphs giving a bottom-line summary of the specific measure satisfactory goals and objectives of the protection plan, which can be implemented to define optimal security measure architecture for the selected condescension scenario. The objective of the Security Policy is to provide the basis of a secure information trunk within the prime quantity visualize congregation. This insurance give protect the information system from threats that exist in disposition as well as disasters that exist from humans. The insurance on the wholeow for also give consideration to the privacy, reputation, intellectual property and productivity of Bloom Design Group.The efficient operation of this company is dependent on being able to get at and use resources within the building and being able to outback(a) get to with security. Each employees responsibility must be considered and appropriate access provide be given to come across that inform ation is shared only(prenominal) with those who endure the authority to have it. This insurance polity will ensure the adhesiveness to the Bloom Design Group policies but also with any governance regulations. By limiting the access to certain groups of users, the security policy will guard against misuse of entropy and information.All processes that are within the system will be aligned with the policy and executed automatically to ensure that the policy is effectively protecting the information and resources in a continuous manner. Any disruptions or security risks will be dealt with immediately and automatically by means of the system software that has been established and configured for these purposes. 3. innovation Due in Week One Give an overview of the company and the security goals to be achieved. 3. 1. Company overview As relates to your selected scenario, give a plan 100- to 200-word overview of the company.The Bloom Design Group is an interior design assembly li ne that offers service to clients globally. in that location is a corporate confidence in New York and a alternative office located in Los Angeles. The groups website allows clients a realistic decorating tool, where they are able to get an idea of the design and color turning away they would like to see and how it may look after the design is completed. This is a great tool to countenance the client in making decisions, support up by consultation by experienced interior designers as well.The designers are able to access their client files and style guides use by the company. The designers will also be able to process orders for materials and furniture when accessing the website. inlet is gained by a secure login and password. The employees and designers of this company conduct most of their avocation remotely and access the network via a secure VPN. 3. 2. Security policy overview Of the different types of security policies course of instruction-level, program-framework, i ssue-specific, and system-specificbriefly get by which type is appropriate to your selected business scenario and why.For The Bloom Design Group, a program-framework policy would be appropriate. The corporate office would set the security policy as it pertains to network usage. The program-framework policy would cover the WAN, the entire organization would be covered by it and all decisions associate to how selective information is accessed by the workforce. This would require an acceptable use policy, which pertains to all areas of access including remote access, authorized data retrieval and retention, and connections within the WAN. 3. 3. Security policy goalsAs applies to your selected scenario, explain how the confidentiality, integrity, and availability principles of information security will be addressed by the information security policy. 3. 3. 1. Confidentiality Briefly explain how the policy will protect information. Using the program-framework policy will help in makin g it practical that only those with authorized access to the companys data will be the ones doing so. VPN technology will be utilized for these individuals and devices only. These will continue their privileges as long as the policy is complied with.The VPN will be maintained so as to minimize risk of unlicenced access, keep user and data confidentiality as much as possible over the internet, ensure the reliability of the companys system as well as those systems of the authorized users of the network. 3. 3. 2. Integrity Give a brief overview of how the policy will provide rules for authentication and verification. Include a definition of formal methods and system transactions. The program-framework policy will maintain the data and keep it secure, reliable, and free from corruption.The policy will keep unauthorized users from gaining, retaining, modifying, or deleting data of the company by means of firewalls, encryptions, and anti-spyware or anti malware tools. The VPN will be s ecured with using a tool that provides encryption and user authentication. Intrusion sensing tools will also help protect the VPN. 3. 3. 3. Availability Briefly define how the policy will address system back-up and recovery, access control, and quality of service. The program framework policy will maintain that authorized individuals, users, and systems will have access to information in its original format and at all times.The IT department will keep the business continuity plan up to date and and secure it in such case that there is a need for it due to emergencies. The company will create a business impact analysis which will evaluate risks to the companys data and systems will be ready to be used for recovery of data if needed. A disaster recovery plan will also be created with step by step implementation to ensure recovery and protraction of business operations in the event recovery is needed due to loss.A risk analysis will be created to further see and take steps to secu re the companys data. Full cooperation from from each one department and the administration of the company is needed for these plans to be effective. Training will be conducted in order to ensure that all are manageable to the plan. (Merkow & Breithaupt, 2006). 4. Disaster Recovery Plan Due in Week Three For your selected scenario, describe the key elements of the Disaster Recovery Plan to be used in case of a disaster and the plan for testing the DRP. 4. 1. Risk Assessment 4. 1. 1.Critical business processes List the mission-critical business systems and services that must be protected by the DRP. The Bloom Design Group has the need of protecting their general support systems. These are the mission-critical systems and services to be concerned with. They are related to network connectivity, access to the internet and conglomerate resources through applications that will rest on the network that will aid in the daily productivity of the company. The following list of systems is includes the assets that must be protected by this plan.