Provide a summary of the actual development of your project.
Because small corporations have to work under conditions of conflicting information technology in many instances, the requirement of maintaining these systems details entails far too many time-consuming processes that have to be carried out. This allows for the business to work in a logical order and promotes a more logical approach to the making of business decisions. The end result is organizational progress and consistent profitability. Thus, the lack of having an IT Security Policy Plan in place may keep the organization from reaching its organizational potential. This project's main objective and expected outcome entails designing a network security plan for implementation and then detailing the process of implementing the program. The purpose is to address the various aspects of having a written and enforceable technology security policy as well as describing an overview of the necessary components for an effective policy to remain functional. The intention is to provide enough detail for a reader of this policy to gain the necessary understanding of the underlying processes, methodologies, and procedures that would be needed to initiate the development for the small corporation's system -wide IT Security Policy.
When developing an IT Security Policy Plan, it is important to keep in mind that the 'defense in-depth' model which entails the company not being overly reliant on one single principal means for protection (or layer). Instead, this particular design will take into consideration the development of the security program that has the potential capability to provide multiple layers of defense in order to ensure a maximum level of protection for the organization's data and resources and will minimize the potential for data compromise. As is the expectation of any policy creator, the organization should keep in mind that an IT Security Policy Plan can only protect data from known or existing information compromising processes or other exploits. All organizations' network data and systems are potential targets for hazardous exploits, however, with an effective Information Technology Security Policy Plan, this implementation plan should enable the network administrator to effectively detect blatant or less obvious anomalies in the current or in future network traffic. Therefore, the organization will have the ability to take proper steps toward mitigation of the potential problem, i.e., implantation of this proactive vs. A reactive system.
This project proposal defines a viable IT Security Policy Plan for any small business network that has thirty computers or less with three or less servers and that has an operating range of services that include traffic from Web-based applications, e-mail, and an application database. The E-mail system for smaller organizations will require continual security upgrades based on risk factors the current lack of e-mail security will affect the overall system performance.
Include a precise description of your project.
This project entails delivering an IT Security Policy Plan that would serve to meet the company's most critical elemental needs. The policy has the objective of identifying all of the necessary detailed policies and procedures, rules and process methodologies that everyone who uses or accesses the organizational computer resources must adhere to which will ensure more reliable confidentiality, integrity, and availability of the organization's data and resources. The main advantage of this process will document an organization's security posture as well as describe and assign functions and responsibilities, grant authority to security professionals, and identify which incident and response processes and procedure needs to be followed.
It must be understood that all security-related decision's made or fail to be made determine how well and how secure or insecure the organizational network will be. The functionality of the organization's network will provide insights into how easy or difficult the network will be to use. Part of this implementation process will also take into consideration the organization's security objectives and goals. This will make effective use of the collection of all security tools so that administrators will check for any new restrictions to impose.
Security and ease of use are supposed to be inversely proportional. There will never be a 100% completely secure system. The underlying objective is to concentrate on reducing as much risk as possible while at the same time not bogging down system resources. Network security has the intimidating task of protecting all members of the organization from all potential threats. Consider the responsibility in organizations such as banks and financial institutions, insurance companies, brokerage houses, consulting and governmental contractors and agencies, hospitals or medical facilities, laboratories, internet and television service providers. Other companies that have to provide security services include utility and chemical companies and universities. Security takes on new meanings in each of these situations because of each industry's unique requirements.
Include an expanded discussion of your review of other work done in the area.
Network security for either internet or internal networked infrastructures has been required to deliver three main objectives seamlessly. The small business atmosphere requires that these basic security concepts, confidentiality, integrity, and availability all must be met. IT Security Policy Plans have historically allowed organizations to address these needs by clarifying processes of authentication, authorization, and nonrepudiation." Other networking plans may or may not address these needs because network security means different things to different organizations. For example, one administrator may consider illegal network access to be a stalled computer communication system process similar to those perpetrated on Yahoo a few years ago while another administrator may see the problem to mean the execution of a highly placed spy bot. In each case, the solution to the network security problem would entail a completely different solution based on the administrator's position.
It is critical to understand the significance of work in the area of network security. There have been instances of children at the high school level that were attaining poor overall grades still having the ability to gain unauthorized access to totally secured network infrastructures at the department of defense, the department of transportation and other highly secured environments. These kids know exactly how and what to do because these adolescents have literally grown up with this new networking technology. Kids today generally understand the underlying concepts of network security very well. Add the threat of more sophisticated network hackers and professional terrorists and the reality of whole foreign nation's who need some competitive advantage and the concept of computer criminals and network intruders take on new meanings. Administrators have to be aware of the plethora of techniques of breeching network security such as probes, scans, account compromise, root compromise, packet sniffers, denial of service attacks, exploitation of system trust, basic malicious code implementations, and the many other internet infrastructure attacks. Of course, the real threat to network security in the majority of cases is not some world class hacker, it is usually a typical employee that utilizes an unsecured password or forgets to log off in the evening. A viable and effective IT Security Policy Plan provides a network security engineer the proper tools to address all of these concerns and more. AMR Research has in the past relied on expert-level analysts that have the ability to evaluate trends in the market and therefore be able to offer guidance to organizations in need of VPN and SSL connections. Protecting the organizational intellectual property is a key organizational objective in the proper institution of this IT Security Policy Plans will be mission critical.
Include an expanded discussion of your Rationale and Systems Analysis for the project.
To expand on the Rationale and Systems Analysis, the focus will be in network setup. The underlying goal is to address as many system access points with the intent of securing these various points of security breaches. For example, a single node that may not even have any highly secure data on it directly can still be access point for the entire network and allow unauthorized access to the entire organization's mission critical information. The idea is to create a plan that will keep seemingly innocuous data points from compromising the computer system.
Every single node is an access point that can provide data such as hardware capabilities, software available, operating and network system configuration data, type of network connection and router points, system or individual phone numbers, and most important, access and authentication procedures currently in place. In the hands of a capable individual, this type of information can provide enough data to enable unauthorized individuals to obtain access to the more mission critical data, files and programs needed to secure the system. Even in fun, hackers have established games or contests with the sole intention of gaining system access information with techniques like trashcan diving or social engineering. It is unbelievable how often security information like passwords, access control files and keys, company or personnel data or whole detailed encryption algorithms. The key here is that no organization that utilizes open ended networking infrastructure or who utilizes the internet is immune to these types of networking security breakdowns.