Security Plan - Knowledge and Information Security

Contents CONTENTS 4 EXECUTIVE SUMMARY 6 RESPONSIBLE PERSONNEL 7 CHIEF SECURITY OFFICER 7 ELECTRONIC SECURITY MANAGER 7 PHYSICAL SECURITY MANAGER 7 RISK MANAGEMENT OFFICER 7 ASSESSMENT OF RISK 8 PHYSICAL 8 ELECTRONIC 9 DATA ACCESS SECURITY 10 GENERAL SECURITY 10 USER AUTHORISATION 10 USER AUTHENTICATION 11 SECURE DATABASE 11 PHYSICAL FILES 11 ELECTRONIC INTRUDER DETERRENCE – VIRUSES AND MALWARE 12 SOCIAL ENGINEERING 12 FILE SHARING 12 WIRELESS NETWORKS 13 STAFF VETTING AND SEPARATION PROCEDURES 13 GENERAL STATEMENT 13 STAFF SCREENING 13 SEPARATION PROCEDURES 13 PERSONNEL SECURITY 14 GENERAL STATEMENT 14 PASSIVE MONITORING 14 POSITIVE MONITORING 14 PHYSICAL SECURITY 15 GENERAL STATEMENT 15 AUTHORITY FOR†¦show more content†¦2) Electronic surveillance of premises by third party to gain confidential information, may include: a) Wiretaps on telephones of key personnel b) Electronic audio-recording equipment in key locations such as in boardrooms, or management offices 3) Access agents employed by outside entities to gain access to organisation and information repositories a) Persons in the employ of an outside entity to infiltrate the organisation and gain access to confidential information. 4) Outside entity may recruit or subvert staff to gain information a) Pressuring or enticing employees to provide information, or to facilitate electronic or physical access to that information for the benefit of the outside entity. 5) Material damage to physical documents and equipment resulting from fire or other unforseen occurrences e.g. earthquakes and other natural disasters. 6) Portable devices that are used by staff for convenience may be lost or stolen a) Lax password security means that should these portable devices be lost or stolen the information stored on them is available to anyone who cares to view it. Electronic (Volonino Robinson, 2005) Electronic security is meant to guard databases and networks from unauthorised access and malicious or accidental damage. An instituted electronic security system prevents damage to information by intangible means such viruses, bugs, malware,Show MoreRelatedInformation Systems Security Certification Certification1491 Words   |  6 PagesInternational Information Systems Security Certification Consortium or the (ISC) 2 that focuses on the development of a secure application. For a one to qualify for this certification, one must possess at least four years’ experience with the any of the software development lifecycle and thus can be distinguished as an expert in the assessment topics areas in the entire certification. The individual who may be interested in pursuing this certification might be the Information Security Engineer whoRead MoreSec 402 Request for Proposals (Rfp)1191 Words   |  5 PagesSummary Details The Board of Directors request that their information security strategy be upgraded to allow greater opportunities of secure cloud collaboration. Also dress the concerns on the recent number of hack visit attacks that have caused the network to fail across the enterprise. The organization has know brand products across the world and expects top-secret methods for safeguarding proprietary information on its recipes and product lines Note to Proponents: Please be sure to review theRead MoreThe Plan And Budget After The Homeland Security792 Words   |  4 Pagesinvolved in developing a Homeland Security Plan and Budget after the Homeland Security Assessment of the organization has been completed is to first develop the Vision statement The Vision statement is XYZ organization will be the industry leader in providing â€Å"Best Practices† that support homeland security among employees, suppliers, partners, and customers. The second step is to develop the Mission statement, and Mission statement creates ownership of homeland security initiatives among all levels ofRead MoreReport On Online Sales1721 Words   |  7 PagesMr. Raj and Mr. Harjot From: Andre Luis Lumertz Peres Subject: Consulting IT Report – Online Sales Executive Summary The purpose of this report is to provide an analysis, considerations, and information necessary for the implementation of an online sales ordering platform. Based on information from the organization that makes $ 2 to $ 3 million in annual sales selling Drones their store located in Kitchener Ontario and with approximately 20 employees. The strategy of owners is to increaseRead MoreInformation Security In Zanziabar Public Sector1465 Words   |  6 PagesThe information security challenges faced in Zanzibar are persistent in transitional countries as could be seen in the case study â€Å"state of Information Security in Zanzibar’s public sector† (Shaaban, et al., 2012). Most of these challenges are partly attributed to lack of proper budgeting for ICT infrastructures, cultural gap awareness, political instability, trust, business continuity plan, and inadequate human resource management to effectively manage this technology (Dada, 2006). The applicationRead MoreInformation Technology And Security Gaps Of The Bank Solutions Inc.1457 Words   |  6 PagesThere is no debate to clarify that information security is an important asset to any organizations regardless of its size. To be more precise, information security is much important for financial institutions like Bank solutions Inc. whose main priority is to protect the confidentiality, integrity and availability of assets, individuals, information and information systems. Purpose The main purpose of this paper is to elaborate on the information technology/security gaps of the Bank solutions Inc.Read MoreA Plan For Reactive And Proactive Security Planning1173 Words   |  5 PagesJune 29, 2015 Security Planning After assessing the risk invovled with the organization infrastructure. The next step is security planning which involves developing controls and policies with techniques to help with security. The security strategies will define a plan for reactive and proactive security planning. The planning is developed to protect the company assets. Reactivly planning a contingency plan to implement just in case the orginal plan failed. The security plan will consists ofRead MoreStrategic Planning Process And Plan1555 Words   |  7 PagesStrategic Planning Process and Plan Harper College’s Information Technology (IT) Client Services department houses the Information Security group. This group does not gather most of its own data, so the leaders will need to gather metric information from other College areas. Harper College Mission and Vision The Harper College mission is â€Å"Harper College enriches its diverse communities by providing quality, affordable, and accessible education. Harper College, in collaboration with its partnersRead MorePublic Policing vs. Private Policing1556 Words   |  7 PagesPublic Policing vs. Private Security AJS 502/Survey of Justice and Security Jessica Bishop June 3, 2012 Public Policing vs. Private Security Public policing stands for more in society than private security because of the funding provided. Most private security agencies have to acquire more publicRead MoreDescription Of Certified Information Systems Security Professional Practitionor1428 Words   |  6 PagesCertified Information Systems Security Professional (CISSP) certification is considered by many to be the most prestigious certification for security managers (Whitman Mattord, 2013). Cybersecurity is a very important piece of the puzzle. Organizations today depend on it for safety to protect their assets and the privacy of their customers. Each organization should maintain a strong security source. If you are looking for a way to advance your career or become a member of a community of cybersecurity