IT Security Policy, System Design, and Recommendations for Verbania

Verified

Added on 2022/08/26

AI Summary

This report presents an IT security policy developed for a system design project, addressing the essential components required for a secure and robust system. The policy encompasses various critical areas, including disaster recovery, password creation and protection, remote access protocols, router and switch security, wireless communication guidelines, server security measures, acceptable encryption standards, and email security protocols. Each section provides detailed recommendations and best practices to ensure the confidentiality, integrity, and availability of the system's information. The report emphasizes the importance of regular updates to security guidelines and the classification of data based on its sensitivity and legal requirements. Furthermore, it highlights the need for secure authentication, authorization, and encryption methods to protect sensitive data. The discussion section underscores the vital role of these policies in safeguarding the organization's computer system and ensuring accountability in case of data breaches. The report also includes references to relevant research papers supporting the recommendations.

Running Header: SECURITY POLICY 1
INFORMATION SECURITY POLICY
Name
Institution
Date

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

INFORMATION SECURITY POLICY 2
The formal security policies and a security plan. Include the following policies in your IT
security policy:
The companys Information Security Policy and guidelines acts as foundation for the
organization in guarding the privacy, reliability, and availability, organizing and managing
confidential data. The policy is an all-inclusive Information Security document which
comprises of all parts of Information Security and, set prevalence of computerized information
handling techniques, predominantly in regard to Information technology safety.
The organization of Information Security Policy is in line with safety measures which
have been put in place to protect and offer easy linkage between the standards requirements and
associated the firms policy statements.
Purpose
The supervision of data Security is the realistic selection and successful implementation
of proper measures to guard vital organization data assets. Controls and management methods,
coupled with the subsequent monitoring of their effectiveness and appropriateness. The three
objectives of Information Security contain:
Integrity
Confidentiality
Availability
The direction enclosed in Regulation needs the firms Staff to exercise the highest
carefulness with respect to all issues of formal business. The staff are required not talk to any
entity, Government, individual or any different source of data known to them through their
official post unless they gain approval of the companys head. That direction is supported and
implemented by this Policy. This Policy lay rules for the protection of information, smoothing

INFORMATION SECURITY POLICY 2
security management judgements, and guiding those objectives which create, encourage, and
safeguard best Information Security direction and management within the companys working
environment.
Scope
Data shall be categorized and classified in terms of its legal requirements, value,
criticality and sensitivity, to the company. Correct procedures for handling and labeling
sensitive data shall be established and implemented. Such measures may include special
handling front-runners or other distribution cautions such as internal use only and in-
confidence(RA,et al,2017).
1. Disaster recovery
Constructing security into the disaster recovery
Duplicating the security structure, may be more challenging than it may firstly appear.
The network at the primary position will hold servers , routers, firewalls, and the disaster
recovery location may be structured in precisely the same manner. Just installing a similar
apparatus in the same configuration is not enough. Therefore the company will require that all of
devices used for accessing the data to have back up plan and updated security guidelines within
them and these guidelines must be updated regularly , every time the user or applications are
added, removed or amended (Neumann,2014).
2. Password creation and protection
Computing system shall be secured by passwords. The account owners as well as system
managers shall guard the security of those code word by handling the passwords in an
accountable manner. System developers shall build systems which store or convey password

INFORMATION SECURITY POLICY 2
data correctly and that utilize safe authentication and authorization means to manage access to
the accounts (Gkioulos,2017).
3. Remote access
Only handlers with a discernable business to link to firm resources and shall be given
access remote access abilities. This will clearly apply to the offsite workforces, but onsite
workforces should be vetted as a result. Workers with access to the credit card information, for
example, may be unqualified for the remote access ability in case this would create a financial or
security threat. Operators whose duties involve face-to-face interaction or practical may as well
be constrained from the remote access rights.
4. Routers and switches security
All switches and routers will be configured to the basic standard, perimeter devices must
have extra mandatory controls(Yang,et al,2013).
5. Wireless communication
Wireless communication implementations are the duty of the divisions which control the
area in which they work unless an other responsible person is documented with security
task(Xu,2011).
6. Server security
The computer which offers services over the network will be arranged to allow access
by numerous users. However information security personnel will ensure that the sever is
password protected (Rajnoha,et al,2016).
7. Acceptable encryption
Sensitivity data, should to be encrypted in accordance with Acceptable Encryption
guidelines. The usage of proprietary encryption procedures is not permissible for any purpose

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

INFORMATION SECURITY POLICY 2
except if revised by qualified specialists outside of the vendor in question and accepted by
Information Security expert.
8. E-mail
The communication in the company shall only be carried out through email which should
be password protected to avoid hacking or security breach.
Discussion
security plays a vital in part in the organozation computer system the above articulated
policiea will act as a the organization's backbone in matters concering the hardware and software
access.They are very vital to the firm since they points out how information can be accessed and
protected,the policy also defines who is given access or persmission to the information this
createa accountability in situations where there is data breach

INFORMATION SECURITY POLICY 2
REFERENCES
Gkioulos, G. Wangen, S. Katsikas, G. Kavallieratos, and P . Kotzanikolaou, (2017).Security
awareness of the digital natives, Information, vol. 8, no. 2, p. 42. View at Publisher ·
View at Google Scholar ·
Neumann, Gustaf; Sobernig, Stefan; Aram, Michael (2014). "Evolutionary Business Information
Systems". Business and Information Systems Engineering. 6 (1): 3336.
doi:10.1007/s12599-013-0305-1.
Rajnoha, R.; Stefko, R.; Merkova, M. and Dobrovic, J. (2016). Business Intelligence as a key
information and knowledge tool for strategic business performance management.
Information Management.
RA Noe, JR Hollenbeck, B Gerhart, PM Wright(2017) . Human resource management: Gaining
a competitive advantage,pp 46-56.
Xu, H., Luo, X., Carroll, J. M. & Rosson, M. B. (2011). The personalization privacy paradox: An
exploratory study of decision making process for location-aware marketing. Decision
Support Systems, 51, 42-52.
Yang Z, Yang M, and Zhang Y(2013) AppIntent: analyzing sensitive data transmission in
Android for privacy leakage detection. In ACM Conference on Computer and
Communications Security, New York, NY, USA,