logo

Maintaining Confidentiality, Integrity, and Availability in the Digital Era

   

Added on  2019-09-22

14 Pages2582 Words468 Views
 | 
 | 
 | 
Security Policy Framework DocumentStudent Name: Student ID: Course Name: Course ID:Faculty Name: University Name:
Maintaining Confidentiality, Integrity, and Availability in the Digital Era_1

Table of ContentsIntroduction................................................................................................................................2Acceptable Usage Policy............................................................................................................2Business Continuity Planning....................................................................................................4Disaster Recovery Planning.......................................................................................................5Ethics..........................................................................................................................................6Security Architecture and Models..............................................................................................7Security Management Practices.................................................................................................7Applications, Telecommunications and Network Security........................................................8References................................................................................................................................10Appendices...............................................................................................................................11Appendix A: Business Continuity Team Organization Chart..............................................11Appendix B: Risk Attributes................................................................................................12Appendix C: Disaster Impact...............................................................................................12Appendix D: Biba Model.....................................................................................................13Appendix E: Layers..............................................................................................................13Appendix F: Security Management Practices......................................................................13
Maintaining Confidentiality, Integrity, and Availability in the Digital Era_2

IntroductionThe Security Policy Framework Document is the set of properly written policies on security. The security policy framework ensures that the organization has procedures that can be used at the time of potential threat or challenges (Herath & Rao, 2009). The threat or challenge canbe internal to the organization or it can be external to the organization. Moreover, the presence of SPFD within the organization keeps it complied with the ever changing rules and regulation concerning security aspects. SPFD can be used by the organizations that are oriented towards development of measures that can handle the risks or vulnerabilities associated with the organization. The risks can be of various forms such as hardware challenges, software risks, and threat to networks within the organization, challenge from the human side (specifically the individuals who are working within the organization), environmental threats, and others. The SPFD is required in the financial industry as due to the recent development in the technological aspects has equally increased the level of threat to the information contained within the organization or within the entire financial industry. The entire economy of a country relies on the financial industry and any threat to this industry is likely to impact the functioning of whole economy. Therefore, it has always been suggested that the organizationsoperating in a risky environment should consider using security policy framework document. The current paper discusses various aspects of security policy framework development under various sections and subsections. Acceptable Usage PolicyGiven below are the acceptable usage policies for the current organization (Gallagher et al, 2015):
Maintaining Confidentiality, Integrity, and Availability in the Digital Era_3

-The employees should not allow other members to use their id or password.-The passwords or other sensitive materials should not be left at publicly accessible locations. It is suggested to remember the passwords rather than putting them in physical.-One employee should not use other employee’s passwords and id.-The employees should not engage in attempt to access the information for which they are not authorized. -Employees should not use external device with the organization’s device. -Employees are advised not to share any data or information of the organization to the external parties in any circumstances unless authorized by upper management. -The email id provided to the each of the employees and the internet is for the businessuse and no employees are suggested to use these for personal amusement. -Every individual will be accountable for whatever action they take while accessing the internet or the company email systems.-Employees should not place any company information online that is likely to compromise the security of the company.-No employees should engage in sending spam mails to other individual.-The attachments within the mails, if received from outside, must be passed through right security check prior to opening them. -Employees engaging offsite work should abide by the security policy devised by the company for that purpose. -The business documents that are out of use must be properly shredded prior to disposal.
Maintaining Confidentiality, Integrity, and Availability in the Digital Era_4

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
System Administration Assignment
|7
|867
|234

Assignment On ICT Risks & Security Concerns
|13
|3436
|93

Network Security Plan for First National University
|51
|10015
|210

Development of Acceptable Use Policy
|6
|1472
|95

Advanced Network Management and Design
|18
|4115
|318

Information Security Awareness Training | PPT
|20
|1073
|57