Intro to Security Final Project Essay Example for Free

Intro to trade protection last Project EssayDue in Week Nine Write 3 to 4 paragraphs with child(p) a bottom-line summary of the specific measureable goals and objectives of the certification plan, which can be implemented to define optimal security architecture for the selected line of merchandise scenario. The objective of the Security Policy is to provide the basis of a absolute development system within the Bloom externalise Group. This insurance provide protect the information system from threats that pull through in nature as well as disasters that exist from humans. The policy bequeath similarly break out consideration to the privacy, reputation, intellectual property and productivity of Bloom Design Group.The efficient operation of this familiarity is pendent on being able to feeler and use resources within the building and being able to inappropriate price of admission with security. Each employees responsibility must be considered and appropriate acces s entrust be addicted to get a line that information is sh atomic number 18d only with those who have the authority to have it. This policy go forthing ensure the adherence to the Bloom Design Group policies but also with any g overnment regulations. By curb the access to certain groups of users, the security policy will guard against misuse of selective information and information.All processes that are within the system will be aligned with the policy and executed automatically to ensure that the policy is effectively protecting the information and resources in a continuous manner. Any disruptions or security risks will be dealt with immediately and automatically by means of the system software that has been established and configured for these purposes. 3. launch Due in Week One Give an overview of the company and the security goals to be achieved. 3. 1. Company overview As relates to your selected scenario, give a brief 100- to 200-word overview of the company.The Bloom D esign Group is an interior send off business that offers function to clients globally. There is a corporate office in New York and a secondary office primed(p) in Los Angeles. The groups website allows clients a virtual decorating tool, where they are able to get an idea of the design and color scheme they would like to see and how it may look after the design is completed. This is a dandy tool to aid the client in making decisions, backed up by consultation by experienced interior designers as well.The designers are able to access their client files and style guides utilized by the company. The designers will also be able to process orders for materials and furniture when accessing the website. Access is gained by a secure login and password. The employees and designers of this company conduct most of their business remotely and access the intercommunicate via a secure VPN. 3. 2. Security policy overview Of the different types of security policiesprogram-level, program-framewo rk, issue-specific, and system-specificbriefly cover which type is appropriate to your selected business scenario and why.For The Bloom Design Group, a program-framework policy would be appropriate. The corporate office would set the security policy as it pertains to network usage. The program-framework policy would cover the WAN, the entire organization would be covered by it and all decisions related to how data is accessed by the workforce. This would require an acceptable use policy, which pertains to all areas of access including remote access, authorized data convalescence and retention, and connections within the WAN. 3. 3. Security policy goalsAs applies to your selected scenario, explain how the confidentiality, integrity, and availability principles of information security will be addressed by the information security policy. 3. 3. 1. Confidentiality Briefly explain how the policy will protect information. exploitation the program-framework policy will help in making it possible that only those with authorized access to the companys data will be the ones doing so. VPN technology will be utilized for these individuals and devices only. These will prolong their privileges as long as the policy is complied with.The VPN will be maintained so as to denigrate risk of unauthorized access, keep user and data confidentiality as much as possible over the internet, ensure the reliability of the companys system as well as those systems of the authorized users of the network. 3. 3. 2. haleness Give a brief overview of how the policy will provide rules for authentication and verification. Include a interpretation of formal methods and system transactions. The program-framework policy will maintain the data and keep it secure, reliable, and free from corruption.The policy will keep unauthorized users from gaining, retaining, modifying, or deleting data of the company by means of firewalls, encryptions, and anti-spyware or anti malware tools. The VPN will be s ecured with using a tool that provides encryption and user authentication. Intrusion detection tools will also help protect the VPN. 3. 3. 3. Availability Briefly describe how the policy will address system back-up and recuperation, access control, and quality of service. The program framework policy will maintain that authorized individuals, users, and systems will have access to information in its original format and at all times.The IT department will keep the business continuity plan up to date and and secure it in such case that there is a need for it due to emergencies. The company will create a business impact analysis which will evaluate risks to the companys data and systems will be ready to be used for recovery of data if demand. A disaster recovery plan will also be created with step by step implementation to ensure recovery and continuation of business operations in the event recovery is needed due to loss.A risk analysis will be created to further identify and suck up steps to secure the companys data. Full cooperation from each department and the administration of the company is needed for these plans to be effective. Training will be conducted in order to ensure that all are teachable to the plan. (Merkow Breithaupt, 2006). 4. tragedy Recovery Plan Due in Week Three For your selected scenario, describe the key elements of the Disaster Recovery Plan to be used in case of a disaster and the plan for exam the DRP. 4. 1. Risk Assessment 4. 1. 1.Critical business processes List the mission-critical business systems and run that must be defend by the DRP. The Bloom Design Group has the need of protecting their general support systems. These are the mission-critical systems and services to be concerned with. They are related to network connectivity, access to the internet and various resources through applications that will rest on the network that will aid in the daily productivity of the company. The following lean of systems is includes t he assets that must be protected by this plan.