Network Security Policy Report: ACME Company Security Policies

Verified

Added on 2021/05/30

AI Summary

This report addresses the network security challenges faced by the ACME organization, a small-sized private company with 120 employees across two divisions and multiple data centers. The primary issue is the lack of controlled access to company servers and the internet, leading to potential data breaches and inefficiencies. The report proposes the creation of comprehensive network security policies, categorized into general, email, and network policies, to mitigate these risks. The general policies include acceptable use, account access, information sensitivity, acquisition assessment, and personal device policies. Email policies cover spam, automatic forwarding, and overall email usage. Network policies encompass switch/router security, extranet access, network access requirements, and document retention. Furthermore, the report outlines network equipment security guidelines, emphasizing the importance of established frameworks and providing resources such as NSA security configuration guides and NIST computer security resources to aid in the implementation of the proposed security measures. The report concludes by emphasizing the importance of these policies in providing a more secure and efficient network environment for ACME.

NETWORK AND SECURITY

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Table of Contents
1. Introduction..............................................................................................................................3
2. Network Security Policy..........................................................................................................3
3. Create security policies............................................................................................................4
4. Network Equipment Security Guidelines.................................................................................6
References........................................................................................................................................6
2

1. Introduction
The ACME organization is a small sized private company and it currently has 120
employees. It has two floors in a multi story office building in Melbourne. The Company is
divided into two divisions such as property management and commercial real estate. It has more
profit for the company is around 1 million dollars annually. It also has two separate small multi
tenant datacenter. These two servers are used to provide the full redundancy and access to the
internet comes off the firewall in the data centers. It has many problems like general staff have
been accessing the data between the two divisions. So, the organization needs to minimal access
to the company servers and internet but currently have access to everything. So, the company
needs to create the security policies to reduce the organization problems. It also moves the VoIP
to eliminate the separate PABX systems because it replaces the existing phone system. The
organization also needs to changes the wired connection to wireless access across the floors.
2. Network Security Policy
The network security policy is used to compromise the network availability. Generally
the policy begins with accessing the risk to the network. The basic network security policy needs
to requires the implementing a security change management practices to monitoring the network
for security violations. The organization assets are needs the protection of security policies. The
security policies are comprises the set of objectives for the company, requirement for system and
management and behavior rules for users and administrators. These are used to ensure the
network security and computer systems in the company. Generally, the network security is used
to clarifies, communicates and translates the management position on the security as defined in
the high level security principles. Because the security policy are acts as a bridge between the
organization management objective and specific security requirements. The security policies are
used to inform the users, staffs, and managers for organization problems, specify the security
mechanisms and to provide the organization baseline. It is used to protect the organization
people and information, defines the consequences of violations, set the rules for expected
behavior and authorizes staff to monitor, probe and investigate the organization problems and
processes. The basic network security policies are based on three aspects like governing policy,
technical policies and end user policies. The Governing policies are a high level treatment of
security concepts that is most important for an organization. It controls the overall security
3

related interaction amount he business units and documents in the organization. The end user
policies are used to covers all the security topics important to end users. The technical policies
are used to provide the security responsibilities for security staff members. The technical policies
for provide the more benefit for ACME organization (Nces.ed.gov, 2018).
3. Create security policies
The ACME network security policies are categories in below. These are based on two sections in
the company.
General Policies
The ACME company general policies are listed below.
 Acceptable use policy
This policy is used to define the acceptable use of computing services and
equipment and it provide the security measures that take to protect the organization
resources and information.
 Account access request policy
This policy is used to formalize the access and account request process with the
company and it may cause the legal action against the company (Cisco, 2018).
 Information sensitivity policy
This policy is used to define the requirement for securing and classifying the
information in a secure manner to its sensitive level.
 Acquisition assessment policy
This policy is sued to define the company responsibilities regarding company
acquisitions and also define the minimum requirement for information security group and
it must be complete for assessment of acquisition (Northcutt, 2018).
Personal phone and device policies
This policies includes the,
 Analog and ISDN line policy
It is used to define the standards to use the ISDN and analog lines for receiving
and sending the faxes for connection to personal computers.
4

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

 Personal communication policy
It is used to define the security requirement information for personal
communication like smart phones, VoIP and so on (Paquet, 2018).
Wireless communication policy
This policy is used to define the standards for wireless systems that are used to connect
the company networks across three floors.
Email Policies
The email policies are includes the,
 Spam policy
It is used to covers AUP spam.
 Automatically forwarded email policy
It is used to documents the policy restricting the automatic email forwarding to an
external destination.
 Email policy
It is used to define the standards to prevent tarnishing the image of the company.
Network Policies
The network policies includes the
 Switch and Router security policy
It is used to define the configuration of minimal security standards for switches
and routers inside a company production network and capacity (Vacca, 2014).
 Extranet Policy
It is used to define the requirement that third party Company that needs to access
the company network must be sign a third party connection agreement.
 Minimum requirement for network access policy
It is used to define the requirement and standards for any device that requires the
internal network for connectivity.
Document retention policy
This policy is used to define the minimal systematic destruction, retention and review of the
organization documents received or created during the business process. This policies includes
the,
 Employee records retention policy
5

It is used to define the standards for retention of staff personal records.
 Operation records retention policy
It is used to define the standards for retention of supplier lists, past inventories
information and so on.
4. Network Equipment Security Guidelines
The network security policies are used to establish the framework within organization. It
provides the more important detailed documents that are guidelines, procedure and standards
documents. These are policy document and it very much high level overview document that are
useful for security staff and it is used to implement the security policies (Lin, Tsudik and Wang,
2011). The network security document guidelines is used to provide the list of suggestion on how
you can do things better. It is similar to standard document and it more flexible and it is not
basically mandatory. It finds the best practices. The available guidelines are listed in below.
 NSA security configuration Guides
 Defense information system agency
 NIST computer security resource center
References
Cisco. (2018). Network Security Policy: Best Practices White Paper. [online] Available at:
https://www.cisco.com/c/en/us/support/docs/availability/high-availability/13601-secpol.html
[Accessed 13 May 2018].
Lin, D., Tsudik, G. and Wang, X. (2011). Cryptology and network security. Berlin: Springer.
Nces.ed.gov. (2018). Chapter 3-Security Policy: Development and Implementation, from
Safeguarding Your Technology, NCES Publication 98-297 (National Center for Education
Statistics). [online] Available at: https://nces.ed.gov/pubs98/safetech/chapter3.asp [Accessed 13
May 2018].
Northcutt, S. (2018). Network Security: The Basics. [online] CSO Online. Available at:
https://www.csoonline.com/article/2122628/network-security/network-security--the-basics.html
[Accessed 13 May 2018].
6

Paquet, C. (2018). Security Policies > Network Security Concepts and Policies. [online]
Ciscopress.com. Available at: http://www.ciscopress.com/articles/article.asp?
p=1998559&seqNum=3 [Accessed 13 May 2018].
Vacca, J. (2014). Network and system security. Amsterdam: Syngress.
7