logo

Information Security Policy for EnsureSello: Principles, Risk Management, and Business Continuity

5 Pages2316 Words147 Views
   

Added on  2019-10-18

About This Document

This article discusses the information security policy of EnsureSello, an insurance company that deals with personal and organizational data. It covers the principles, risk identification, identity and access management, risk management, and business continuity. The article also talks about the cost-benefit analysis, value of control, and risk response planning.

Information Security Policy for EnsureSello: Principles, Risk Management, and Business Continuity

   Added on 2019-10-18

ShareRelated Documents
Information Security Policy1.1 SCOPEAs we can see that information security play an important role in increasing the business. But its performance totally depends upon the size of the company. EnsureSello is a bif company which sells various types of insurance policies like home, business , car , and medical for both personal and organisations. People data like their name , address, contact no and their card cash card information are going to stored. After the registration the profile is created. The data is divided in totwo catogeries public and private data. Once user is successfully authenticated then the user will usethe information according to their needs. Security policy of any company always reflect their actual work. EnsureSello uses backend database with single server to host a single tire network architecture. EnsureSello is going to completes its audit in next coming four months.1.2 PrinciplesIn order to make EnsureSello information security policy document first we have to define the objective of the security and management strategy dicuss with every one for securing the company information. As we know that the document of security industry standards is going to used as a baseline framework for the EnsureSello. Its information security is related with guaranteed availability, confidentiality, integrity and authentication. Here we can see that the effective security is only achieved through working in a proper framework. To make a good information security policy we have to determine the scope of the security policy. Identifies the upcoming threat people face due to lack of proper information security policy.1.3 Policy StatementsEnsureSello informations and IT infrastructure is protected by security policies which is totally based upon ISO 27001 and ISO 27002. here we can see that the information system security policy makes a standards and guidelines for accessing the company applications system and informations. It is responsibilites of the IT department to give adequate confidentiality and security which place inlocal media or remotely area. In EnsureSello only authorised and genuine software is installed as well as internet and other services can be only used by authorised person only.2. Risk IdentificationDue to increasing dependence on IT also increased the risk impact of IT on overall organization business. Nowadays threats in IT services is increased because its vulnerabilities is exposed across the world. EnsureSello wants to start their business in UK but their main center is going to stay in USA. When we check in business model then we found that only the location of site is risky thing otherwise company purpose and plan are same and good.
Information Security Policy for EnsureSello: Principles, Risk Management, and Business Continuity_1
IT risk constantly put pressure to company core business. In business essenetial data is also a risk factor for the company. We have to store the data of customers as well as our products in such a manner so that we can use it in future without any hinderances. End user are the customers who visit our website put their details in our form and register themselves . After password authentication process they choose the policy or do other things on their profile. If any customers put their wrong credentials during login then he is not able to buy the policy from EnsureSello website. During the sending and processing to third party the security of customer data is at very high risk. There are so many risk factors available in the infrastructure. The software and hardware part which are going to use in the EnsureSello is also checked by the IT professional for upcoming risks. Session management, ID management, security events and logging are the major risk factor areas of the EnsureSello.3. Identity & Access Management3.1 Risk IdentificationAs we already know that the password policy is mainly uses to protect the integrity and confidentiality of the system from unauthorized people. Due to lack of password policy enforcement in EnsureSello attackers can easily controls the content of password protected things . Due to weak password policy there are so many ways through which attackers can get the passwordof the system or user page. To stop this EnsureSello should perform a security audit at regular interval of time . They should also introduce a strong policy which forces end users to make a strong passwords. 3.2 Password PolicyIt is a set of rules which mainly designed to increased the security of the system and networks by making people to choose passwords strong and use them properly. There are so many sailent features of the password policy like enforced password history , password maximum age, password minimum age, password minimum length, passwords must meet the complexity requirements and then after stores the passwords using the reversible encryption. In today time there are so many systems like google and other IT giant have built in password methods to set the policy.4. Risk Management4.1 Qualitative Risk AnalysisThe person who manage the data center is regularly fighting the risk of threat to database. Before managing the risk at data center data manager first have to understand the different type of risk which directly affect the core of the data center. The main basic risk catogery is power loss at data center. Frequent power loss at data center cause important data loss. The second major risk faced at the data center is frequent service disruption due to malfunctioned software equipment as well as physical euipment. After that third risk which mainly affected the data center is physical environment or climate. Last but not the least risk of physical security and logical security at data center play a major role in risk management. In qualitative risk analysis logs of all risks and issues is sorted out with various action plan. Data center don’t function alone so the risk at data center is always a major problem. The main reason behind the testing of web security is to avoid potential threats. To test the security of web app we have to go for its lower level. We should frequently used
Information Security Policy for EnsureSello: Principles, Risk Management, and Business Continuity_2

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
Cyber Security in Practice
|10
|3837
|96

CERT Assessment Tool: Assignment
|5
|1237
|416

Information Security Awareness Policy
|5
|1155
|196

Biometrics and Cyber Security: Future Direction
|4
|825
|211

ITC596 - IT Risk Management - Assignment
|15
|2520
|51

Professional Issues in Computing - Assignment
|5
|774
|82