Security Policy Document Global Distributions Inc The essay

Download this essay in word format (.doc)

Note: Sample below may appear distorted but all corresponding word document files contain proper formatting

Excerpt from essay:

Security Policy Document: Global Distributions, Inc.

The purpose of this document is to establish key security parameters and guidelines for Global Distributions, Inc. (GDI) in order to protect the interests of the company and its clients.


These policies apply to all operations managed by GDI, including interactions and interfaces with client companies that are managed by GDI. All communication networks, database systems, and servers full under the purview of this policy.


Definition of Sensitive Information

All information that could identify a client of GDI, monetary values of client goods or contracts, physical addresses of client goods or business locations, physical addresses of GDI company locations, any details of client-specific services rendered by GDI to clients, and any personally identifying information for any client or GDI personnel shall be considered sensitive information and treated as such. This designation applies to this policy document and to other documents, guidelines, and directives issued by GDI as they may be from time to time.

Rationale: This definition is necessary for simplifying further security policies and future guidelines. The definition of sensitive information is purposefully broad, as over-conclusion is far less problematic than under-inclusion.

3.1.2 Definition of GDI/GDI Client Personnel and Property

All movable items located on or within GDI buildings, grounds, and/or transportation vehicles (whether owned, leased, or contracted to GDI) as well as the buildings, grounds, and vehicles themselves shall be considered GDI property for the purposes of this document. All employees, contracted workers, and any other personnel with legitimate business-related tasks to perform on or with GDI property shall be considered GDI personnel for the purposes of this document. All physical items owned by GDI clients that GDI is in possession of, has contracted for possession of, is monitoring, or is in any other way connected to GDI services, shall be considered client property for the purposes of this document. All employees, contract workers, and other individuals with legitimate business tasks related to client property shall be considered GDI client personnel for the purposes of this document.

Rationale: This definition is necessary for simplifying, clarifying, and making explicit those properties and personnel included in this document's security policies.

3.1.3 Safety of Personnel and Property as Overriding Concerns

All GDI personnel are primarily tasked first with acting in a manner that ensures the safety of all personnel and other individuals, and second with acting in a manner that protects the property of GDI and GDI clients. No security policy in this document or any other shall supersede these primary tasks.

Rationale: Ensuring the security and safety of personnel and property must be central to overall security, as there are no company interests or security concerns without the personnel and property with which company operations are concerned.

3.1.4 General GDI Personnel Conduct

No GDI personnel shall engage in tasks, access information, or enter areas of GDI operation that are not directly pertinent to the performance of the tasks for which they are responsible and that they have been expressly authorized to perform. No deviations from this policy are allowed save in cases of emergency situations that cause threat to the safety of personnel or of GDI/GDI client property, and reviews shall be conducted following all such emergency exceptions.

Rationale: Limiting the scope of activities for all personnel to those they have been expressly authorized to perform limits the potential for security breaches, both purposeful and accidental, and also greatly simplifies and eases investigations carried out in the wake of potential security breaches.


3.2.1 Limitations on the Communication of Sensitive Information

No sensitive information shall be transmitted via any medium, including direct oral communication, without verifying the authorization of the receiving party(ies) to receive the sensitive information. Regular authorization verification of common GDI communication partners need not be obtained for every communication, so as to maintain practicality in daily operations, however all non-GDI communication partners must be verified on a per-communication basis.

Rationale: Ensuring authorization for the receipt of sensitive information will help to ensure that sensitive information does not reach those who do not have a proper and legitimate use for this information. Stringent verification procedures will also limit incorrect assumptions of a legitimate need to communicate sensitive information.

3.2.2 Communication of Sensitive Information Using Physical Media

Sensitive information stored on physical media, including directly-readable media (e.g. ink and paper) as well as information stored electronically on physical media (e.g. computer disks) shall be transported only in sealed GDI-provided envelopes marked "confidential." This policy applies to inter-office communications, communications between separate GDI departments, communications with GDI clients, and communications with such governmental agencies that might require such communication from time to time.

Rationale: Controlling the means by which physical media are transmitted will help to track the movement of sensitive information, and will greatly reduce the potential for accidental unauthorized access of sensitive information.

3.2.3 Communication of Sensitive Information Using Non-Physical Media

Sensitive information that is to be communicated via non-physical means, including emails, faxes, and all other means of electronic transmission shall be appropriately encrypted, and encryption shall be tested and ensured prior to the transmission of such information. This shall also include communication with electronic entities, as in the storage and retrieval of sensitive information from databases.

Rationale: Proper encryption and regular monitoring of encryption by all personnel involved in the communication of sensitive information will reduce individual instances of potential security breaches while also assisting in the rapid identification of system problems with encryption and the potential for unauthorized access.

3.2.4 Set-Up and Maintenance of Information Security Systems and Programs

Identified information technology specialists are tasked with developing, implementing, maintaining, and regularly testing encryption systems, password locks, and other systems meant to prevent unauthorized access to sensitive information and to prevent any accidental release of sensitive information.

Rationale: Identifying and directly tasking specific personnel to not only develop but also maintain the working order of security systems clarifies the role that these specialists play in a system in which all are responsible for information security.

3.2.5 Maintenance of Password and Access Code Security

All GDI personnel are responsible for maintaining the security of any and all passwords or other access codes that enable access to sensitive information or to systems/programs/areas (both physical and computer-based) on/in which sensitive information is stored, through the regular changing of such passwords and access codes no less frequently than every 180 days, through refraining from the recording of these passwords and access codes in any media, and through refraining from communicating any personal codes for any circumstance.

Rationale: Password and access code violations are a major security problem in all industries and settings, and controlling this will greatly enhance information security.

3.2.6 Destruction of Communications Containing Sensitive Information

All communications sent or received that contain sensitive information shall be destroyed when they are no longer needed, provided that the information contained is first stored/verified to be stored in an appropriately controlled environment. Communications that must be kept for legitimate and authorized business purposes shall be properly encrypted (for electronic communications) or physically secured (for physical media) in a manner that ensures only authorized personnel will be able to access the communications and the sensitive information contained therein.

Rationale: The destruction and securing of communications that contain sensitive information limits the potential for unauthorized access of such information through carelessness and through willful security breaches.


3.3.1 Security of GDI Grounds and Buildings

Access to all GDI grounds and buildings is limited to those GDI personnel whose specifically-assigned and authorized tasks require their presence in those specific buildings/grounds. All GDI personnel are tasked with the responsibility to immediately report any unauthorized presence on GDI grounds/property, and to monitor and report and suspicious activity by authorized GDI personnel.

Rationale: Tasking all GDI personnel with maintaining the security of GDI grounds and buildings decreases the risk of unauthorized access and/or activities, and will increase the speed with which such access/activity is responded to, limiting potential harm.

3.3.2 Security of Movable GDI and GDI Client Property

No GDI personnel shall move, touch, or in any way engage with GDI or GDI client movable property unless it is directly necessary for the completion of authorized duties. All GDI personnel are tasked with immediately reporting any unauthorized engagement with GDI and/or GDI client movable property.

Rationale: Again, limiting property engagement limits the potential for harm and tasking all personnel with monitoring duties increases the speed with which unauthorized engagement will be noticed and responded to, while also serving as a deterrent.

3.3.3 Security of GDI Transportation Vehicles

No GDI personnel shall enter, operate, or otherwise engage with any GDI transportation vehicle unless such engagement is necessary for the completion of specifically authorized tasks. All GDI personnel are tasked with immediately reporting any unauthorized engagement with GDI transportation vehicles.

Rationale: Not only is direct security of GDI/GDI client property better protected through limited access to transportation vehicles, but GDI's liability is greatly reduced by reducing those that have authorized access to transportation vehicles.

3.3.4 Handling of…[continue]

Cite This Essay:

"Security Policy Document Global Distributions Inc The" (2013, March 11) Retrieved December 10, 2016, from

"Security Policy Document Global Distributions Inc The" 11 March 2013. Web.10 December. 2016. <>

"Security Policy Document Global Distributions Inc The", 11 March 2013, Accessed.10 December. 2016,

Other Documents Pertaining To This Topic

  • Security Agip Kazakhstan North

    They need to know what their responsibilities are not only as individuals but also as team members and corporate employees. David cites an excerpt from a corporate security document that illustrates his point: "A security policy serves many functions. It is a central document that describes in detail acceptable network activity and penalties for misuse. A security policy also provides a forum for identifying and clarifying security goals and

  • Security Issues Creating a Site

    Even though there is always some form of a risk involved in the coding technique together with the deployment methods of a website, some technologies such as PHP and MySQL form some of the worst aggravators of online website security. The loopholes that exists in the use of these technologies results in some of the worst hack attacks and security breaches ever experienced in the field of web design. The

  • Apple Inc iPhone Apple Inc I Phone

    APPLE INC: iPhone Apple Inc.: I Phone The mobile telecommunications industry is considered one most important sector within the community market, which represents half of the 1.1 billion euros they billed annually worldwide (Merkow and Breithaupt, 2006, p66-69) Since the technology created in the 40s of last century, to the art terminals, you can say that the mobile phone has a global history in the sense that its development has slowed or

  • Information Security Evaluation for OSI Systems a Case Study

    OSIIT An analysis of IT policy transformation The aim of this project is to evaluate the effectiveness of information security policy in the context of an organization, OSI Systems, Inc. With presence in Africa, Australia, Canada, England, Malaysia and the United States, OSI Systems, Inc. is a worldwide company based in California that develops and markets security and inspection systems such as airport security X-ray machines and metal detectors, medical monitoring anesthesia

  • Gillette Company s Global Strategy Today

    His ideas are not important for their uniqueness (though they are singular), but because of the essential similarities between his conservative business utopia and other versions of collectivism" (Gilbert, p. 12). This biographer reports that King Camp Gillette was born in January 1855, the fifth of seven children, to George Wolcott Gillette and Fanny Camp Gillette, in Fond du Lac, Wisconsin; when King was four years old, the family

  • Wireless Broadband Technology

    Wireless Broadband Technology Overview of Wireless technology Presently it is quite evident to come across functioning of a sort of wireless technology in the form of mobile phone, a Palm pilot, a smart phone etc. With the inception of fast connectivity in the sphere of commerce it is customary and useful to operate from central locations communicating with the remote branches, conducting conferences in remote places, discussing with every body at every

  • Delphi Study Influence of Environmental Sustainability Initiatives...

    Delphi Study: Influence of Environmental Sustainability Initiatives on Information Systems Table of Contents (first draft) Green IT Current Methods and Solutions Green IT and energy costs Green It and Email Systems Green IT and ICT Green IT and ESS Green IT and TPS Green IT and DSS Green IT and other support systems Green IT and GHG reduction Green IT and the Government Sector Green IT and the Corporate Sector Future Prospects of Green IT in the software industry The paper focuses on how the

Read Full Essay
Copyright 2016 . All Rights Reserved