Premium Essay

Implementation of an Organization-Wide Security Plan

In: Computers and Technology

Submitted By jeromejj
Words 1112
Pages 5
Implementation of an Organization-Wide Security Plan
Implementation of an Organization-Wide Security
Purpose
The purpose of this security plan is to establish security requirements to have a controlled access to the information resources.
Scope
This plan applies to all users of information assets including employees, employees of temporary employment agencies, vendors, business partners, and contractor personnel.
Definitions
Definition of some of the common terms:
Authentication: is the process of determining whether someone or something is, in fact, who or what it is declared to be
Availability: Ensuring that authorized users have access to information and associated assets when required.
Confidentiality: is a set of rules or a promise that limits access or places restrictions on certain types of information
Critical: Degree to which an organization depends on the continued availability of the system or services to conduct its normal operations.
Integrity: is the assurance that information can only be accessed and modified by those authorized to do so
Sensitive: Concerned with highly classified information or involving discretionary authority over important official matters.
Policy Statement
Access controls are necessary for the organization systems that contain sensitive or limited access data. This plan describes the mechanisms used to implement access controls and responsibilities to ensure a high level of information security.
Access control policy
Access for contractors, consultants, or vendor personnel to the organization critical business information assets will be provided only on the basis of a contractual agreement.
User access management
User registration
The registration and termination of users must be in accordance with the User Registration and Termination Procedure.
All users of information resources must have a unique User ID…...

Similar Documents

Premium Essay

Implementation Plan

...Implementing an Effective Risk Management Program The Guiding Principles of Risk Management (RM) A. Integrate RM into all phases of missions and operations. Effective RM requires that the process be integrated into all phases of mission or operational planning, preparation, execution, and recovery on a continuing basis. It is much more cost effective to plan up front during building construction and renovation to imbed safety, fire and environmental protection systems than to retro-fit after the fact. B. Make risk decisions at the appropriate level. As a decision-making tool, RM is only effective when the information is concentrated on the appropriate supervisory level for decision. The higher the risk, the higher the management level of who should make the decision to accept a risk or not. Often this will require the decision to apply resources, whether manpower, dollars or both, to mitigate risks to an acceptable level so the management decision-making level must be where the purse strings are controlled. C. Accept no unnecessary risk. Accept no level of risk unless the potential gain or benefit outweighs the potential loss. RM is a decision-making tool to assist the supervisor or individual in identifying, assessing, and controlling risks in order to make informed decisions that balance risk costs (potential losses) against mission benefits (potential gains). An unnecessary risk is one that if not taken, you can still accomplish the mission. For......

Words: 4698 - Pages: 19

Free Essay

Is535 Implementation Plan

...* Running Header: EAGLE MAIL IMPLEMENTATION PLAN IS 535 - Managerial Applications of Information Technology 4/10/2012 Contents Section I: Purpose of Plan Section II: Strategic Business Plan Rationale Disruptive Forces in USPS Market: Opportunity for Future Relevance: Raison d'être/ Justification for plan: Porter’s Model and EagleMail I. Rivalry among Competing Firms II. Potential Development of Substitutes III. Buyer Power IV. Bargaining Power of suppliers V. Threat Of New Entrants Rationale Summarized Section III: Current Systems Major Systems Supporting Business Functions and Processes List of Current USPS MIS Specific Examples of Innovation by Foreign Postal Services Section IV: New Developments System Projects Identity and access management Account Creation Figure 1: Overview of Account Creation Process Email infrastructure Figure 2: Illustration of Email Process in Company Environment Web portal Business Information Systems Business continuity and disaster recovery Section V: Management Strategy Senior Management: Middle Management: Security Validation: Sales and Marketing: Human Resources: Operational Management: Section VI: Budget Requirements Budgeting the New Implementations Table 1: Illustration of Costs for Implementation of Proof of Concept EagleMail Plan Cost benefits and models to evaluate the cost and assets. Is the project at risk? What are the......

Words: 16382 - Pages: 66

Free Essay

Implementation and Analysis of a Wide Area Network

...IMPLEMENTATION AND ANALYSIS OF A WIDE AREA NETWOK (A FEASIBILITY REPORT) BY ISAIAH ADEBAYO STUDENT’S NAME WITH 3121658 STUDENT’S NUMBER COMPUTER SYSTEMS AND NETWORKING ENGINEERING (CSN)-FULL TIME SUBMITTED TO: DR VINCENT SIYAU (SUPERVISOR) TABLE OF CONTENTS CHAPTER ONE 1.0 AIM.............................................................................................................................Page 3 1.1 OBJECTIVES.............................................................................................................Page 3 1.2 INTRODUCTION......................................................................................................Page 4 1.3 EQUIPMENTS USED............................................................................................... Page 4 CHAPTER TWO 2.0 METHODS AND PROCEDURES............................................................................Page 5 2.1 PRESENT NETWORK OVERVIEW........................................................................Page 5 2.2 MAIN OFFICE NETWORK......................................................................................Page 7 2.3 SUBNET OFFICE NETWORK.................................................................................Page 7 2.4 BUSY NETWORK SCENARIO...............................................................................Page 7 CHAPTHER THREE 3.0 PROPOSED NETWORK SCENARIO....................................................

Words: 1948 - Pages: 8

Premium Essay

Implementation Plan

...Implementation Plan CMGT/445 Implementation Plan Project Name: City of Tuscon Case Management Software (City of Tucson, 2013) Project Stakeholders City of Tucson Arizona Nathan Daou - Nathan.Daou@tucsonaz.gov – Contract Officer Project Description * The purpose of this project is to provide the City of Tucson Attorney with Case Management Software * The main challenge of this project will be to provide a proven, open system standards-based solution that requires little or no custom software development to meet the requirements stated in this solicitation * The desired outcome of this project is to improve productivity for the City of Tucson Attorney in this management of cases. Measurable Organizational Value (MOV) · The primary measure of value for this project will be to provide the City of Tucson, AZ with a case management software application to increase productivity of the City Attorney and staff as well as provide a new case management application to replace the old software being used. Employee satisfaction with the improvement can be surveyed and used to further measure the organizational success of this project. Project Scope · The City of Tucson Attorney’s office and the offices of his staff and secretaries will be fitted with new computer systems, upon approval, as well as a copy of the new case management software in a client/server configuration in order to allow all members of the City Attorney’s staff real......

Words: 858 - Pages: 4

Premium Essay

Multi-Layered Security Plan

...NT2580 Introduction to information security | 7 Domain of IT Infrastructure Security Plan | Project Part 1 | | | [Pick the date] | As described by Tipton and Henry, information security management establishes the foundation for a comprehensive security program to ensure the protection of an organization's information assets. Security management encompasses the administrative, technical, and physical controls necessary to adequately protect the confidentiality, integrity, and availability of the information assets in the IT Infrastructure. Each one of the domain of the typical IT Infrastructure needs a proper security controls to ensure the confidentiality, integrity, and availability (CIA Triad). The following are the overview of the seven Domains: User Domain This is the domain of users that access systems, application, and data. It is the information asset of the organization that will be available to a rightful user by authenticating the user by the acceptable use policy (AUP). It is also define that the user is the weakest link in an IT infrastructure, but by educating user of the sensitivity of the IT infrastructure in the security awareness, security control shall be enforced. Security control to this domain can also be enforced by defining and implement the user policy of the IT infrastructure. Workstation Domain This is the domain where users first connect to the IT infrastructure. Because of numerous threats, it is necessary to......

Words: 889 - Pages: 4

Free Essay

Unit 4 Assignment 1 Implementation of an Organization-Wide Security Plan

...Unit 4 Assignment 1 Implementation of an Organization-Wide Security Plan In this security plan we will need to consider all 7 IT infrastructure domains when it comes to developing access controls for the network. Access controls for our facilities will have an appropriate entry system access control that will specify which area should be locked at all times. There will be secondary locks on equipment and storage cabinets within the facility to further secure specific pieces of equipment, such as a database server. Preventing social engineering policy will specify goals for stopping social engineering that will include employee training. Access controls for systems will limit access to those employees who have a legitimate need for that resource. Strong password policy will be in effect that will require you to change it often and you will need to have uppercase, lowercase, numeric and special characters. Application access controls will provide standard testing procedures for any third party application installed in the environment for security. Access controls for data will include data encryption on all sensitive data and enforcing the principle of lowest possible access. Access control for remote access will grant access to the VPN through a two stage authentication process that includes a strong password and a token device. All of these controls will be included in our organization-wide access control plan. Now that we know what are access controls are, we will need......

Words: 380 - Pages: 2

Premium Essay

Implementation Plan

...Implementation Plan Simply formulating a strategic plan is not enough for success. The plan must also be successfully implemented for it to be successful. Implementation includes developing short-term objectives, identifying functional tactics, and determining key success factors. These items are critical for the successful implementation of UPMC’s new strategic plan. Short-Term Objectives WebFinance Inc. (2014) defines a short-term objective as “a smaller, intermediate milestone to achieve when moving towards an important goal” (para. 1). Short-term objectives are often long-term goals broken down into smaller pieces. By completing the short-term objectives, we are also completing parts of a long-term objective. The first long-term objective is to come to an agreement and a new contract with Highmark. Let’s see how we can develop some short-term goals from the long-term objective. By March 31, 2015, UPMC needs to start opening the lines of communication with Highmark. This will be done by stopping all anti-Highmark advertisements and propaganda and working to get the company to be agreeable to a new contract. Being the first to declare a cease-fire with Highmark will also go a long way with the people of Pittsburgh to build goodwill and a better reputation for UPMC. The next long-term objective is to dedicate more time and assets into the research and development of better treatment for age-related diseases. The first short-term objective to be......

Words: 893 - Pages: 4

Premium Essay

Software Implementation Plan

... Implementation Plan OVERVIEW The Implementation Plan describes how the information system will be deployed, installed and transitioned into an operational system. The plan contains an overview of the system, a brief description of the major tasks involved in the implementation, the overall resources needed to support the implementation effort (such as hardware, software. facilities, materials, and personnel), and any site-specific implementation requirements. The plan is developed during the Design Phase and is updated during the Development Phase; the final version is provided in the Integration and Test Phase and is used for guidance during the Implementation Phase. The outline shows the structure of the Implementation Plan. INTRODUCTION This section provides an overview of the information system and includes any additional information that may be appropriate. 1 Purpose This section describes tile purpose of the Implementation Plan. Reference the system name and identify information about the system to be implemented. 2 System Overview This section provides a brief overview of the system to be implemented, including a description of the system and its organization. 1 System Description This section provides an overview of the processes the system is intended to support. If the system is a database or an information system, provide a general discussion of the description of the type of data maintained and the operational sources and uses......

Words: 2228 - Pages: 9

Premium Essay

Organization-Wide Aup

...ABC Credit Union Organization-Wide Acceptable Use Policy Policy Statement This Acceptable Usage Policy covers the security and use of all ABC Credit Union’s information and IT equipment. It also includes the use of email, internet, voice and mobile IT equipment. This policy applies to all ABC Credit Union employees, contractors and agents. Purpose\Objectives The purpose of this policy is to provide a description of the acceptable use of our computer systems and internet service. The objectives of this policy are: * To keep the business process in a high working order in order to achieve the maximum amount of profit gained. * To keep morale low, so that employees are constantly being replaced. Work is not supposed to be fun. Scope The scope of the policy includes users, computers, storage media, and internet usage. Standards All computer systems will be imaged to the following standards: * No background pictures * No sounds * 800x600 screen resolution No employees will be granted administrator rights on their computer system in order to prevent any fun software from being downloaded. These standards are in place to provide the dullest work experience ever imagined and the IT department reserves the right to amend these standards at any time without notification. Internet Use Policy The internet will only be used for business purposes and not entertainment. Our company proxy server has been configured to block access to the following......

Words: 319 - Pages: 2

Free Essay

Implementation Plan

...Implementation Plan In order to host seasonal cook-offs we formulated a suggested step-by-step executing plan. We assumed that the first seasonal cook-off will take place in the spring. • Organizer presents idea to XXXX (January 08) o The purpose will be to get the rest of the committee interested and excited about the idea. • Contact local Chefs (January 22) o Explain the benefits to the chefs themselves. Outlining the media exposure and positive PR they would receive o Show the benefits their presence will provide to the Fernwood neighborhood o Asses the best possible date for them to attend the event • Set the date (February 12) o Taking in to consideration when most chefs will be available and the best time for XXXX and its volunteers • Generate volunteers (February 19) o Gather the volunteers who are willing to participate in this event o Possibly hire security guards if necessary for the event • Advertise the event (February 22) o Advertise through the local newspapers and magazines o Use the local radio stations o Put up banners and signs throughout the whole neighborhood and maybe the surrounding neighborhoods if appropriate o Spread the word and generate hype locally through word of mouth • Organize the equipment (March 08) o Rent necessary equipment the community doesn’t already have access to; such as tables, disposable plates, napkins and others • Host the event (March 26) o Holding this amazing event and hoping it is a success that will......

Words: 255 - Pages: 2

Premium Essay

Security Plan

...Your Company Security Plan for Unclassified Data Version 1.3 March 20, 2012 Developed By: Your Committee Committee Your Company Important Disclaimer: The Aerospace Industries Association of America, Inc. (“AIA”) has no intellectual property or other interest in this Aerospace Industry Guideline for Developing a Security Plan for Unclassified Data. By developing this Aerospace Industry Guideline for Developing a Security Plan for Unclassified Data Plan and making it freely available to anyone, AIA assumes no responsibility for this Guideline’s content or use, and disclaims any potential liability associated therewith. Executive Overview From time to time an AIA member company may be requested to provide the DOD, a prime contractor or an industry partner an Information Technology Security Plan for unclassified data. This security plan could be required at the enterprise, program or application level depending on the unique requirements of the request. This request might be challenging for those members that have never been required to provide such a document. This “Aerospace Industry Guideline for Developing a Security Plan for Unclassified Data” provides a template and guidance to assist member companies in the development of a security plan to meet their customers or partners needs. Please keep in mind that this document is provided as a guideline and not a mandatory standard. AII member companies are encouraged to use this guideline.......

Words: 2097 - Pages: 9

Free Essay

Develop an Organizaion Wide Policy Framework Implementation Plan

...IS4550: Security Policies and Implementation Mr. Shane Stailey Edy Ngou Date: 09/20/2015 Lab week 1: Organization Wide Security management AUP worksheet ABC Credit Union Acceptable Use Policy Policy Statement The acceptable Use Policy is to ensure compliance with laws such as the Gramm-Leach-Bailey Act (GLBA) and the Federation trade commission (FTC). This policy is also to assist the Credit Union ensuring information technology (IT) security best practices with regard to it associates. Purpose / Objective The purpose of ABC Credit Union’s acceptable use policy is to define requirements for Credit Union acceptable use policies, and define the acceptable and unacceptable uses of computer equipment, internet / intranet / extranet related systems, and email by ABC Credit Union associates in the performance of their duties. This policy requires that all Credit Union electronic information systems be used for Credit Union business with minor exceptions. These rules are in place to protect the associates and ABC Credit Union. These objectives of this policy are: * To keep the business process in a high working order in order to achieve the maximum amount of profit gained. * To keep morale law, so that employees are constantly being replaced. Scope This policy applies to associates, contractors, consultants, and other workers at ABC Credit Union, including all personnel affiliated with third parties. Also this policy applies...

Words: 461 - Pages: 2

Free Essay

Implementation Plan

...Distance Education Implementation Plan Ed5804-Uo2a1 Pamela A. Scallan Capella University Dr. Ann Armstrong Topic: My topic is the Implementation of a Distance Educational Plan using technology to enhance the existing distance education curriculum, Pre-K-Grade 3, using Audio/Video Media Technology to enhance the reading skills to globally diverse learners, using the Content Management System in a single-site environment. Overview: I am going to attempt to provide a brief overview of the Technologies and Media addressing the interactive/recorded audio and video along with the use of the Internet for transmission of the audio/video material. Print media is used extensively in Distance Education thru the use of study guides, textbooks, reproducible materials such as articles from journals or excerpts of chapters or perhaps entire chapters, course notes created by the instructor for students or pertinent student information related to the course via instructor or institution under which the program is delivered. I choose the various forms of Audio and Video Media by which I will implement my plan as a topic (one lesson), globally from a single-site. When thinking about media and technology (Moore, 2007) suggests answers to the following questions: 1. What are the characteristics of different communication technologies and media, and how can they be used in distance education? 2. Which communications’ media and technologies are the best for......

Words: 659 - Pages: 3

Premium Essay

Security Organizations

...Security Organizations The 9/11 incident resulted to the prioritization of security on top of other priorities in many organizations for the purpose of protecting or guarding itself against the occurrence of risks or threats. Security being defined as freedom from risk or danger makes it difficult to measure the attributes that surround its values since it is measured with what did not happen or take place. In the setting of an organization, security can be viewed as the system of service that involves the utilization of people and appropriate tools and an intelligently-designed system of procedures and policies that deter the occurrence of risks or threats that result from personal faults, emergencies, criminal acts, and other disasters (Ortmeier, 2013). Security programs enable organizations or government to identify risks and threats and accordingly enable them to take countermeasures to protect itself. Organizations make use of various tools in formulating its security programs like laws, information technology, investigation, and other methodologies in making sure that frauds are detected, rehabilitation is carried out after every disaster, businesses are in place, trading are not stopped and energies are efficiently utilized after every occurrence of threats and risks. An organization's security program is also designed to protect its information technology and all other forms of violence. It can be said therefore that security programs affect each citizen's daily......

Words: 942 - Pages: 4

Premium Essay

Cmit 495 Implementation Plan

...World-Wide Trading Company: Project Implementation Plan Group 3 Kristine Bird (AD Forest Domain OU, Groups and GPO Implementation) Ryan Bonisch (Contact list and LAN Implementation Tasks) Anthony Campo (Configuration of Routers, Switches, and VLANs) Gerald Casanada (Voice VLAN, Wireless, DHCP and DNS) Jennifer Coleman (AD Implementation and Tasks lists for AD Policies) Billie Jo Derouin (Security Implementation) Raymond Mack (Security Technology and Timeline) University of Maryland University College CMIT 495 Professor Sam Musa February 28, 2016 Table of Contents Introduction 2 Purpose 3 Implementation Requirements 3 Project Contact List 3 Tool List 3 Equipment Installation Plan 5 Project TimeLine 6 Lan Implementation task 7 Security Implementation task 11 Configuration Routers 41 Switches 46 VLAN Configurations 49 Voice VLAN and Wireless 51 DHCP and DNS 54 Active Directory Implementation Task 56 Active Directory Policies 58 AD Forest Domain OU formation/AD Group Formation/AD GPO Implementation 68 Security Technologies 88 Introduction The implementation of the WWTC is crucial to keep the business functioning and growing. To ensure that new office installation goes smooth group 3 will create a functional implementation plan from the design we proposed to WWTC over the last 7 weeks. Purpose The purpose of this plan is to provide a step by step guide on the network designed......

Words: 13687 - Pages: 55