Comprehensive Network Security Policies for ACME Company Report

Verified

Added on 2023/04/04

AI Summary

This report outlines a comprehensive network security policy for ACME Company, a small private company with 120 employees across two divisions: property management and commercial real estate. The report addresses the company's need to restrict data access between divisions and limit access for contractors and sales personnel. It identifies key sections of a basic network security policy, including purpose, scope, responsibilities, awareness, and compliance. The report then creates specific data security policies focusing on unauthorized access prevention, data access levels (public, employee, management), and email usage guidelines. Finally, it provides network equipment security guidelines, emphasizing password updates, malware detection, and controlled public file access. This detailed policy aims to enhance ACME's overall network security posture and data protection measures.

Running HEAD: SECURITY POLICIES 1
Security Policies
Name
Code
Course
Date

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

SECURITY POLICIES 2
Task 1: Identify potential sections of a basic network security policy.
It is very important for any organization to consider carefully the guiding principles in
any sector of their work. All the systems of a company should be characterized by a certain set of
standard that defines the bounds (Ciampa, 2012). There should be defined principles that dictate
how far one can access what in the system. When there are no basic security tools put in place
the staffs can mishandle the controls they are not supposed just because there is no regulation
that is put in place (Cimbala, n.d.). In this matter, it is paramount to outline the basic
components that form the security policy that can be adopted in the implementation of the
network system in the company. The following facets form the security program that can be
adapted to any premise to guide it in any time and situation (Fabbri & Volpe, 2013). Purpose
forms the foundation of all the components which defines the objectives that a company may be
geared towards. The major components that are found in this program help to guide the
organization in all perspectives. In the instances where the systems put in place may be
inconsistent, how can they be alleviated to ensure consistencies in the production of the correct
output as needed for decision making (Fischer, 2012) .The second component of this program is
scope which gives a direction on the boundaries the organization has in terms of the staffs they
have, the technologies they are using and to which extent are they incorporated in the general
affairs of the company.
The third important component to be put in place is how the responsibilities are
dispatched among the employees. This is one of the most intrinsic segments of the security
program for each and every individual is always aware of the position he or she is supposed to
pursue in the organization. In matters of the current problem in the organization, this would help
define what each and every member should do (Kotenko & Skormin, 2012). The fourth aspect is
actually awareness that is concerned with informing the staffs and the stakeholders on their part
as a well. Reminding them of the fundamental issues they need to understand in the general
services. Finally compliance as a part of the security program lies at the foundation of all the
issues, in case one of the staffs violates the principles laid he can be convicted (McClure,
Scambray & Kurtz, 2012). It helps in the implementation of the entire security program of the
organization.
Task 2: Create security policies for two of the sections you have listed.

SECURITY POLICIES 3
Data Security Policy
Purpose
The main aim of this policy is to protect unauthorized access to sensitive data from those
individuals who are not permitted for the same. These guidelines have been made for each and
member to follow. These principles will govern the access to the servers, sharing of the
information and the usage of the email as well (Perez, n.d.). It is the responsibility of each and
every staff to be acquainted with the policies set out so that they can guide those who may be
young in the same. Any point that may not be clear, the director who is the custodian of the
information is available for any guidance.
Scope
In this aspect of the policy, we determine to define the levels of abstraction of data. Data
access scope is very necessary to be defined in order to ensure that one does not go overboard. In
this organization, data access is classified into three branches which determines who can get it
without any restriction. Public level of data access will allow any visitor that may come into the
organization with a desire to be informed. There is some basic information that he or she can
access to maybe the telephone numbers of the directors and the contact information describing
the various departmental organizations (Sidorov & Singh, 2010). The next level is actual which
the employees can access and should not be accessed by any other person who is not a staff In
this organization. The ICT director is the custodian and controller of this manner of information.
Passwords shall be given to each and every member to access the information they just need.
There must be verified to confirm who has logged into the system to curb down the rampant
condition of things where everyone can get in and source for information not necessary needed.
The management will be reserved with the authority of managing some few important parts of
the entire information. The production of passwords, how the software is produced and the
trademarks that are only confidential to the company.
Task 3: Create a “Network Equipment Security Guidelines” Document as a supplement to
a Basic Security Policy. Note this task can be found on page 4 of the LAB – CCNA Security
Comprehensive Lab. This is the basis for the actual equipment configuration that is done in
this lab.

SECURITY POLICIES 4
There are some few guidelines that are important in the security of all the networking devices.
They are outlined as follows:
 In the initial configurations of the entire systems, all the passwords should be updated to the real
situations of the company (Perez, n.d.).
 Security measures that are geared towards detection of malware should be installed to block all
the foreign traffic that may be realized.
 There should not direct access of the public files from the servers this will ensure security and
control traffic overly.
References
Ciampa, M. (2012). Security+ guide to network security fundamentals. Boston, MA:
Course Technology, Cengage Learning.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

SECURITY POLICIES 5
Cimbala, S. The George W .
Fabbri, R., & Volpe, F. (2013). Getting started with FortiGate. Birmingham: Packt
Publishing.
Fischer, P. (2012). Information flow based security control beyond RBAC. Wiesbaden:
Springer Vieweg.
Kotenko, I., & Skormin, V. (2012). Computer Network Security. Berlin, Heidelberg:
Springer Berlin Heidelberg.
McClure, S., Scambray, J., & Kurtz, G. (2012). Hacking exposed 7. New York:
McGraw-Hill.
Perez, A. Network Security.
Sidorov, P., & Singh, G. (2010). Russian-American security. New York: Nova
Science Publishers.