University Network Security Policies, Standards, and Practices Report
VerifiedAdded on 2022/08/24
|12
|2327
|21
Report
AI Summary
This report assesses the security needs of a company operating within a shopping mall, proposing measures to secure its IT infrastructure. It addresses the increasing security concerns arising from smartphone, laptop, and public Wi-Fi usage, which attackers exploit. The report outlines security policies, standards, and practices to counter threats, comparing them with industry standards. It begins with the company's background, identifies key risks like Wi-Fi network hijacking, malware, and infected flash drives, and then details the company's security policies, including password protection, email security, and network security mechanisms. The report also establishes security standards such as password complexity requirements and hardware security measures. Furthermore, it emphasizes security practices like asset monitoring, data backup, and staff training. Finally, the report compares the proposed policies with industry-standard SOPHOS policies and concludes by summarizing the identified security needs and proposed solutions. This document is a past paper and solved assignment available on Desklib.
Running head: NETWORK SECURITY POLICIES AND STANDARDS
Network Security Policies and Standards
Name of the Student
Name of the University
Author Note
Network Security Policies and Standards
Name of the Student
Name of the University
Author Note
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1NETWORK SECURITY POLICIES AND STANDARDS
Executive Summary
The rapid increase in adoption of ICT components by companies as well as the increased
usage of smartphones and public Wi-Fi networks has led to increasing security concerns for
companies operating within a shopping mall. The report is to suggest the security policies,
develop security standards, specify security services and compare them with existing
industrial security policies. The report first provides a background of the company followed
by identifying three major risks relevant for the company. Then the security policies,
standards and practices are listed and explained. Next, after comparing the suggested policies
with existing industrial policies the report ends with conclusions.
Executive Summary
The rapid increase in adoption of ICT components by companies as well as the increased
usage of smartphones and public Wi-Fi networks has led to increasing security concerns for
companies operating within a shopping mall. The report is to suggest the security policies,
develop security standards, specify security services and compare them with existing
industrial security policies. The report first provides a background of the company followed
by identifying three major risks relevant for the company. Then the security policies,
standards and practices are listed and explained. Next, after comparing the suggested policies
with existing industrial policies the report ends with conclusions.
2NETWORK SECURITY POLICIES AND STANDARDS
Table of Contents
Introduction................................................................................................................................3
Business Background.................................................................................................................3
Risk Identification......................................................................................................................4
Security Policies.........................................................................................................................5
Security Standards......................................................................................................................6
Security Practises.......................................................................................................................7
Sample Policy Research.............................................................................................................8
Conclusion..................................................................................................................................9
References................................................................................................................................10
Table of Contents
Introduction................................................................................................................................3
Business Background.................................................................................................................3
Risk Identification......................................................................................................................4
Security Policies.........................................................................................................................5
Security Standards......................................................................................................................6
Security Practises.......................................................................................................................7
Sample Policy Research.............................................................................................................8
Conclusion..................................................................................................................................9
References................................................................................................................................10
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3NETWORK SECURITY POLICIES AND STANDARDS
Introduction
The report attempts to identify the security needs of a company operating from within
a shopping mall and goes on to suggest the measures to secure their IT infrastructure. The
increased usage of smartphones, laptops and public Wi-Fi networks in shopping malls make
it easier for attackers to target companies that operate from within shopping malls thereby
raising the security concerns (McShane, Gregory & Wilson, 2016). The countermeasures
against such threats include security policies, develop security standards and specify security
services as also how well they fare with existing security policies used by the industry (Safa,
Von Solms & Furnell, 2016). The report begins by providing background of the company and
then identifying three key risks relevant for the company based on the IT components being
used. Then the report lists the security policies, develops a set of standards and mentions the
practices for the particular company and justifies them (Rahman & Williams, 2016). Next,
having compared these suggested policies with existing industrial policies the report ends
with conclusions.
Business Background
The company XYZ has opened recently inside a shopping mall. The company obtains
their network services from the network infrastructure of the shopping mall. The company
looks to sell their products both physically from within the mall and through their website.
The network of the company connects to the public internet through the main router of the
shopping mall. Apart from the systems connected through Ethernet cables, the company staff
make use of the company’s own Wi-Fi network through supported devices.
Introduction
The report attempts to identify the security needs of a company operating from within
a shopping mall and goes on to suggest the measures to secure their IT infrastructure. The
increased usage of smartphones, laptops and public Wi-Fi networks in shopping malls make
it easier for attackers to target companies that operate from within shopping malls thereby
raising the security concerns (McShane, Gregory & Wilson, 2016). The countermeasures
against such threats include security policies, develop security standards and specify security
services as also how well they fare with existing security policies used by the industry (Safa,
Von Solms & Furnell, 2016). The report begins by providing background of the company and
then identifying three key risks relevant for the company based on the IT components being
used. Then the report lists the security policies, develops a set of standards and mentions the
practices for the particular company and justifies them (Rahman & Williams, 2016). Next,
having compared these suggested policies with existing industrial policies the report ends
with conclusions.
Business Background
The company XYZ has opened recently inside a shopping mall. The company obtains
their network services from the network infrastructure of the shopping mall. The company
looks to sell their products both physically from within the mall and through their website.
The network of the company connects to the public internet through the main router of the
shopping mall. Apart from the systems connected through Ethernet cables, the company staff
make use of the company’s own Wi-Fi network through supported devices.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4NETWORK SECURITY POLICIES AND STANDARDS
Risk Identification
The company is exposed to several security risks. The report highlights IT specific
security risks pertaining to the company. The several IT specific security risks are given in
the table below:
Risk Device Description Severity Probability
Network Hijack Wireless Access
Points
Attackers can
scan and invade
Wi-Fi networks
from within the
mall.
High High
Malware Attack All network
devices
The public
network of the
mall is exposed
to innumerable
infected devices
from where
malware attacks
can spread.
High Medium
Infected flash
device
Host systems The company
staff may use
flash devices
which get easily
infected.
Medium High
Risk Identification
The company is exposed to several security risks. The report highlights IT specific
security risks pertaining to the company. The several IT specific security risks are given in
the table below:
Risk Device Description Severity Probability
Network Hijack Wireless Access
Points
Attackers can
scan and invade
Wi-Fi networks
from within the
mall.
High High
Malware Attack All network
devices
The public
network of the
mall is exposed
to innumerable
infected devices
from where
malware attacks
can spread.
High Medium
Infected flash
device
Host systems The company
staff may use
flash devices
which get easily
infected.
Medium High
5NETWORK SECURITY POLICIES AND STANDARDS
The above table for risk identification suggests three of the major IT security risks
that the company can face while operating from within the shopping mall. These are the
hijacking of their Wi-Fi network, malwares from the public mall network as well as infected
flash drives carried by the company employees (Suharyanto, 2019). The countermeasures
against these risks are discussed next.
Security Policies
The company employs several security policies for ensuring their network equipment
remains as much secure as possible from the above mentioned IT security risks (Soomro,
Shah & Ahmed, 2016). These are:
Only administrators can access the different network equipment like routers, switches and
access points by keeping them password protected.
All users should use their own accounts and set up passwords as per company security
standards.
Passwords of all devices and accounts must change periodically.
Emails from unknown senders must not be entertained.
Links in emails must require administration permission before opening.
Apply any available network security mechanisms of the network equipment like
IPsec shall be applied to further secure the network.
Scan all compressed files for viruses and malwares before extracting.
Administrators must block unauthorized installation of applications in the host
systems of the company.
Administrators must configure the system to prompt for passwords when
executing .exe files.
The above table for risk identification suggests three of the major IT security risks
that the company can face while operating from within the shopping mall. These are the
hijacking of their Wi-Fi network, malwares from the public mall network as well as infected
flash drives carried by the company employees (Suharyanto, 2019). The countermeasures
against these risks are discussed next.
Security Policies
The company employs several security policies for ensuring their network equipment
remains as much secure as possible from the above mentioned IT security risks (Soomro,
Shah & Ahmed, 2016). These are:
Only administrators can access the different network equipment like routers, switches and
access points by keeping them password protected.
All users should use their own accounts and set up passwords as per company security
standards.
Passwords of all devices and accounts must change periodically.
Emails from unknown senders must not be entertained.
Links in emails must require administration permission before opening.
Apply any available network security mechanisms of the network equipment like
IPsec shall be applied to further secure the network.
Scan all compressed files for viruses and malwares before extracting.
Administrators must block unauthorized installation of applications in the host
systems of the company.
Administrators must configure the system to prompt for passwords when
executing .exe files.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6NETWORK SECURITY POLICIES AND STANDARDS
The above mentioned policies address several aspects of IT security for all kinds of
organizations (Flowerday & Tuyikeze, 2016). Hence these policies are can help prevent
critical assets of the company to most of the security risks the company is exposed to.
Security Standards
The security standards which apply for such companies that operates from within a
shopping mall are the 27000 family of cyber security standards. The ISO 27000 series of
security standards have been developed to help fight hackers and zero-day attacks that target
companies and businesses (Hajdarevic, Allen & Spremic, 2016). The security standards
specifically developed for the company are:
Passwords must at least be 8 digits long
Passwords must contain at the minimum a lower case character, an upper case
character, a numerical character and a special case character.
Passwords must not contain name of individual, birthdate and other identifiable
details.
Usernames of email accounts must contain employee name and ID.
Network device passwords must not contain device name, name of manufacturer,
model name or other related information.
Hardware security measures like IPsec, VPN, WPA and others must not have default
configurations.
At least five biometric impressions must be recorded for registration of employees.
General users must not have access to configuration settings of virus scanners and
firewall applications.
Since the company for which the above standards have been developed uses host PCs for
business activities and servers for hosting the website, custom standards need to be employed
The above mentioned policies address several aspects of IT security for all kinds of
organizations (Flowerday & Tuyikeze, 2016). Hence these policies are can help prevent
critical assets of the company to most of the security risks the company is exposed to.
Security Standards
The security standards which apply for such companies that operates from within a
shopping mall are the 27000 family of cyber security standards. The ISO 27000 series of
security standards have been developed to help fight hackers and zero-day attacks that target
companies and businesses (Hajdarevic, Allen & Spremic, 2016). The security standards
specifically developed for the company are:
Passwords must at least be 8 digits long
Passwords must contain at the minimum a lower case character, an upper case
character, a numerical character and a special case character.
Passwords must not contain name of individual, birthdate and other identifiable
details.
Usernames of email accounts must contain employee name and ID.
Network device passwords must not contain device name, name of manufacturer,
model name or other related information.
Hardware security measures like IPsec, VPN, WPA and others must not have default
configurations.
At least five biometric impressions must be recorded for registration of employees.
General users must not have access to configuration settings of virus scanners and
firewall applications.
Since the company for which the above standards have been developed uses host PCs for
business activities and servers for hosting the website, custom standards need to be employed
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7NETWORK SECURITY POLICIES AND STANDARDS
for applying password protections against attackers (Renaud & Zimmermann, 2018). The
company also requires to protect network equipment like routers and switches should with
custom standards. The security policies of these hardware needs custom standards to make it
difficult for the attacker to penetrate the network. The activities of the company needs to be
regulated with custom standards also. These standards tailored for company helps ensure
uniform security is employed across all end points of the company’s IT infrastructure.
Hardware security features especially WPA helps the company in providing a secure BYOD
experience for the staff.
Security Practises
To have policies and abiding by security standards is not enough, as organizations
also must ensure that their members follow secure practises while operating within the
company (Lal, Taleb & Dutta, 2017). These security practices are:
1. Minute monitoring of organizational assets.
2. Employing formal Information Security Governance Approaches.
3. To ensure prevention of data loss.
4. Backing up data to help with prevention of data loss.
5. To gain awareness of social engineering attacks.
6. To operate with principles of providing minimum privileges.
7. Time bound updating and upgrading of applications and systems.
8. Creating and maintaining a playbook for resolving incidents.
9. To perform audits for ensuring compliance checks.
10. To change the default passwords of IoT devices frequently.
The IT components are essential assets of the company and must should remain secure
from both physical and digital risks. Regular generation of security audit reports can be a
for applying password protections against attackers (Renaud & Zimmermann, 2018). The
company also requires to protect network equipment like routers and switches should with
custom standards. The security policies of these hardware needs custom standards to make it
difficult for the attacker to penetrate the network. The activities of the company needs to be
regulated with custom standards also. These standards tailored for company helps ensure
uniform security is employed across all end points of the company’s IT infrastructure.
Hardware security features especially WPA helps the company in providing a secure BYOD
experience for the staff.
Security Practises
To have policies and abiding by security standards is not enough, as organizations
also must ensure that their members follow secure practises while operating within the
company (Lal, Taleb & Dutta, 2017). These security practices are:
1. Minute monitoring of organizational assets.
2. Employing formal Information Security Governance Approaches.
3. To ensure prevention of data loss.
4. Backing up data to help with prevention of data loss.
5. To gain awareness of social engineering attacks.
6. To operate with principles of providing minimum privileges.
7. Time bound updating and upgrading of applications and systems.
8. Creating and maintaining a playbook for resolving incidents.
9. To perform audits for ensuring compliance checks.
10. To change the default passwords of IoT devices frequently.
The IT components are essential assets of the company and must should remain secure
from both physical and digital risks. Regular generation of security audit reports can be a
8NETWORK SECURITY POLICIES AND STANDARDS
formal approach of governing information security. Using fail safe and redundant systems
architecture can help prevent loss of data. Backup of critical and diagnostic information is
necessary for recovery from damages. Training programs for the staff on phishing attacks is
will help prevent social engineering attacks. Practices of maintaining tight assigning of
privileges will prevent elevation of privilege attacks. Periodic updates, keeping records of
incidents and auditing compliance checks can keep most security risks at bay as incident
response can also help in identifying security breaches. The biometric devices, token
authentication machines and smartphones are the IoT devices that operate with WPA2-PSK
passkeys which must change frequently (Shah, 2016). Therefore, for the company in
consideration, all of the above security practices applies.
Sample Policy Research
Three key data security policies used by the industry as per SOPHOS are:
I. Employing security policies as per the employee requirements identified.
II. Employing security policies as per possible data leaks identified.
III. Employing security policies to ensure full disk encryption across host devices.
To identify the full scope of the employee activities, the requirements of the company
employees in performing regular business activities need to be gathered. Then for each of
these requirements individual security policies are to be created.
It can be of significant help if possible areas of the company that are prone to data leaks is
identified beforehand (Solove & Citron, 2017). This will result in creating efficient policies
against data breach.
The idea of encrypting all files stored in host devices will in preventing exposure of data.
This will also make it difficult for hackers to break into the company network.
formal approach of governing information security. Using fail safe and redundant systems
architecture can help prevent loss of data. Backup of critical and diagnostic information is
necessary for recovery from damages. Training programs for the staff on phishing attacks is
will help prevent social engineering attacks. Practices of maintaining tight assigning of
privileges will prevent elevation of privilege attacks. Periodic updates, keeping records of
incidents and auditing compliance checks can keep most security risks at bay as incident
response can also help in identifying security breaches. The biometric devices, token
authentication machines and smartphones are the IoT devices that operate with WPA2-PSK
passkeys which must change frequently (Shah, 2016). Therefore, for the company in
consideration, all of the above security practices applies.
Sample Policy Research
Three key data security policies used by the industry as per SOPHOS are:
I. Employing security policies as per the employee requirements identified.
II. Employing security policies as per possible data leaks identified.
III. Employing security policies to ensure full disk encryption across host devices.
To identify the full scope of the employee activities, the requirements of the company
employees in performing regular business activities need to be gathered. Then for each of
these requirements individual security policies are to be created.
It can be of significant help if possible areas of the company that are prone to data leaks is
identified beforehand (Solove & Citron, 2017). This will result in creating efficient policies
against data breach.
The idea of encrypting all files stored in host devices will in preventing exposure of data.
This will also make it difficult for hackers to break into the company network.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9NETWORK SECURITY POLICIES AND STANDARDS
These are important security policies which if integrated to the security policies,
standards and practices suggested for the company can immensely help in securing the IT
infrastructure of the company. It is worth noting that the first two policies suggested by
SOPHOS includes a set of security policies among which some are already included in the
proposed solution (Houser, 2016). The solution only maps the security schemes with the IT
components of the company but not with other requirements and this is where it falls short
from the SOPHOS data security policy.
Conclusion
In conclusion the report succeeds in identifying the security needs of the company
operating from within a shopping mall and is found to suggest the measures to secure their IT
infrastructure. The rising security concerns is observed to occur due to the increase in usage
of smartphones, laptops and public Wi-Fi networks which are also used by the attackers. The
countermeasures against such threats include security policies, develop security standards and
specify security services as also how well they fare with existing security policies used by the
industry. The report is found to start by providing background of the company and then
identifying three key risks relevant for the company based on the IT components being used.
Then the report lists the security policies, develops a set of standards and mentions the
practices for the particular company and justifies them. Next, having compared these
suggested policies with existing industrial policies the report comes to an end.
These are important security policies which if integrated to the security policies,
standards and practices suggested for the company can immensely help in securing the IT
infrastructure of the company. It is worth noting that the first two policies suggested by
SOPHOS includes a set of security policies among which some are already included in the
proposed solution (Houser, 2016). The solution only maps the security schemes with the IT
components of the company but not with other requirements and this is where it falls short
from the SOPHOS data security policy.
Conclusion
In conclusion the report succeeds in identifying the security needs of the company
operating from within a shopping mall and is found to suggest the measures to secure their IT
infrastructure. The rising security concerns is observed to occur due to the increase in usage
of smartphones, laptops and public Wi-Fi networks which are also used by the attackers. The
countermeasures against such threats include security policies, develop security standards and
specify security services as also how well they fare with existing security policies used by the
industry. The report is found to start by providing background of the company and then
identifying three key risks relevant for the company based on the IT components being used.
Then the report lists the security policies, develops a set of standards and mentions the
practices for the particular company and justifies them. Next, having compared these
suggested policies with existing industrial policies the report comes to an end.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10NETWORK SECURITY POLICIES AND STANDARDS
References
Flowerday, S. V., & Tuyikeze, T. (2016). Information security policy development and
implementation: The what, how and who. computers & security, 61, 169-183.
Hajdarevic, K., Allen, P., & Spremic, M. (2016, November). Proactive security metrics for
bring your own device (BYOD) in ISO 27001 supported environments. In 2016 24th
Telecommunications Forum (TELFOR) (pp. 1-4). IEEE.
Houser, B. M. (2016). A model for real-time data reputation via cyber telemetry. NAVAL
POSTGRADUATE SCHOOL MONTEREY CA MONTEREY United States.
Lal, S., Taleb, T., & Dutta, A. (2017). NFV: Security threats and best practices. IEEE
Communications Magazine, 55(8), 211-217.
McShane, I., Gregory, M., & Wilson, C. (2016). Practicing safe public wi-fi: Assessing and
managing data-security risks. Available at SSRN 2895216.
Rahman, A. A. U., & Williams, L. (2016, May). Software security in devops: synthesizing
practitioners’ perceptions and practices. In 2016 IEEE/ACM International Workshop
on Continuous Software Evolution and Delivery (CSED) (pp. 70-76). IEEE.
Renaud, K., & Zimmermann, V. (2018). Guidelines for ethical nudging in password
authentication. SAIEE Africa Research Journal, 109(2), 102-118.
Safa, N. S., Von Solms, R., & Furnell, S. (2016). Information security policy compliance
model in organizations. computers & security, 56, 70-82.
Shah, D. (2016). IoT based biometrics implementation on Raspberry Pi. Procedia Computer
Science, 79, 328-336.
References
Flowerday, S. V., & Tuyikeze, T. (2016). Information security policy development and
implementation: The what, how and who. computers & security, 61, 169-183.
Hajdarevic, K., Allen, P., & Spremic, M. (2016, November). Proactive security metrics for
bring your own device (BYOD) in ISO 27001 supported environments. In 2016 24th
Telecommunications Forum (TELFOR) (pp. 1-4). IEEE.
Houser, B. M. (2016). A model for real-time data reputation via cyber telemetry. NAVAL
POSTGRADUATE SCHOOL MONTEREY CA MONTEREY United States.
Lal, S., Taleb, T., & Dutta, A. (2017). NFV: Security threats and best practices. IEEE
Communications Magazine, 55(8), 211-217.
McShane, I., Gregory, M., & Wilson, C. (2016). Practicing safe public wi-fi: Assessing and
managing data-security risks. Available at SSRN 2895216.
Rahman, A. A. U., & Williams, L. (2016, May). Software security in devops: synthesizing
practitioners’ perceptions and practices. In 2016 IEEE/ACM International Workshop
on Continuous Software Evolution and Delivery (CSED) (pp. 70-76). IEEE.
Renaud, K., & Zimmermann, V. (2018). Guidelines for ethical nudging in password
authentication. SAIEE Africa Research Journal, 109(2), 102-118.
Safa, N. S., Von Solms, R., & Furnell, S. (2016). Information security policy compliance
model in organizations. computers & security, 56, 70-82.
Shah, D. (2016). IoT based biometrics implementation on Raspberry Pi. Procedia Computer
Science, 79, 328-336.
11NETWORK SECURITY POLICIES AND STANDARDS
Solove, D. J., & Citron, D. K. (2017). Risk and anxiety: A theory of data-breach harms. Tex.
L. Rev., 96, 737.
Soomro, Z. A., Shah, M. H., & Ahmed, J. (2016). Information security management needs
more holistic approach: A literature review. International Journal of Information
Management, 36(2), 215-225.
Suharyanto, C. E. (2019). Potential Threat Analysis Hypertext Transfer Protocol and Secure
Hypertext Transfer Protocol of Public WiFi Users (Batam Case).
Solove, D. J., & Citron, D. K. (2017). Risk and anxiety: A theory of data-breach harms. Tex.
L. Rev., 96, 737.
Soomro, Z. A., Shah, M. H., & Ahmed, J. (2016). Information security management needs
more holistic approach: A literature review. International Journal of Information
Management, 36(2), 215-225.
Suharyanto, C. E. (2019). Potential Threat Analysis Hypertext Transfer Protocol and Secure
Hypertext Transfer Protocol of Public WiFi Users (Batam Case).
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 12
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.