Note: Sample below may appear distorted but all corresponding word document files contain proper formattingExcerpt from Term Paper:
Company Network Security Policy
This paper is intended to address the importance of having a written and enforceable Computer Network Security Policy for The Financial Group, an accounting corporation. The company's accounting systems comprise three major elements: a Web-based front-end server, a back-end database, and business-logic applications. OS-level console access is used for system administration. Accountants access the system with Web browsers using HTTP only and are authenticated via the HTTP basic authentication mechanism.
Network Security Policy Components
Network security is the most critical element of The Financial Group's IT security program. This security policy identifies the rules and procedures that all persons accessing computer resources must adhere to in order to ensure the confidentiality, integrity, and availability of data and resources.
Security Definition: This security policy is intended to ensure the confidentiality, integrity, and availability of data and resources through the use of effective and established IT security processes and procedures.
Enforcement: The Chief Information Officer (CIO) and the Information Systems Security Officer (ISSO) will have the primary responsibility for implementing the policy and ensuring compliance. However, members of senior management will be represented as well.
All exceptions to the policy should be reviewed and approved, or denied, by the Security Officer. Senior management, however, should not be given the flexibility to overrule decisions. Otherwise, the security program will be full of exceptions that will lend themselves toward failure.
User Access to Computer Resources: The roles and responsibilities of users accessing resources on the company's computer network should be strictly implemented. This includes: procedures for obtaining network access and resource level permission; policies prohibiting personal use of organizational computer systems; procedures for using portable media devices; procedures for identifying applicable e-mail standards of conduct; specifications for both acceptable and prohibited Internet usage; guidelines for using software applications; restrictions on installing applications and hardware; procedures for Remote Access; guidelines for use of personal machines to access resources (remote access); procedures for account termination; procedures for routine auditing; procedures for threat notification; and Security awareness training.
In addition, external companies with which The Financial Group conducts business (via LAN, WAN, VPN) will be required to meet the terms and conditions identified in the organization's security policy before they are granted access. This is done for the simple reason that the security policy is only as good as the weakest link. (Frye 349-382)
Security Profiles: Security profiles will be applied uniformly across common devices used by the company (e.g., servers, workstations, routers, switches, firewalls, proxy servers, etc.).
Applicable standards and procedures will be followed for locking down devices. In addition, an assessment needs to be completed to determine what services are necessary on which devices to meet the company's organizational needs and requirements. All other services should be turned off and/or removed and documented in the corresponding standard operating procedure.
Passwords: Passwords are a critical element in protecting the company infrastructure. Remember, the security policy is only as good as the weakest link. If users have weak passwords then the company is at a higher risk for compromise not only by external threats, but also from insiders. If a password is compromised through social engineering or password cracking techniques, an intruder now has access to the company's resources. The result is the loss of confidentiality and possibly the integrity of the company's data as well.
Users will be required to use a minimum of eight characters for passwords, use a combination of symbols, alpha charters, and numerals, and a mixture of uppercase and lowercase. Users will be required to change their password at least quarterly. Previous passwords should not be authorized. Lastly, an account lockout policy will be implemented after a predetermined number of unsuccessful logon attempts.
E-mail: A strict e-mail usage policy is a must. Several viruses, Trojans, and malware use e-mail as the vehicle to propagate themselves throughout the Internet. A few of the more recent worms were Code Red, Nimda, and Gonner. (Ogletree. 48) These types of exploits prey on the unsuspecting user to double click on the attachment thereby infecting the machine and launching propagation throughout the entire network. This could cause several hours and/or days of downtime while remedial efforts are taken.
To address this, content filtering of e-mail messages will be required by the company. Attachments with extensions such as *.exe, *.scr, *.bat, *.com, and *.inf will be filtered.…[continue]
"Social Security Company Network Security Policy This" (2003, May 16) Retrieved December 5, 2016, from http://www.paperdue.com/essay/social-security-company-network-149787
"Social Security Company Network Security Policy This" 16 May 2003. Web.5 December. 2016. <http://www.paperdue.com/essay/social-security-company-network-149787>
"Social Security Company Network Security Policy This", 16 May 2003, Accessed.5 December. 2016, http://www.paperdue.com/essay/social-security-company-network-149787
networking and TCP/IP and internetworking. Also discussed are risk management, network threats, firewalls, and also more special purpose network devices. The paper will provide a better insight on the general aspects of security and also get a better understanding of how to be able to reduce and manage risk personally at the workplace and at home. In today's world, the Computer has become a common feature in any organization anywhere
Data destruction is when an attacker goes in and starts deleting things (Curtin, 1997). There are a number of ways that a company's network can get attacked. One being if you have a single component to provide security, an attacker only has that one thing to get around in order to gaining full control of your system. Also not having secure modems can give access to unwanted attacks. However, these
Network Security: Past, Present and Future The work of Curtin (2007) states that a network is defined as "any set of interlinking lines resembling a net, a network of roads -- an interconnected system, a network of alliances." Quite simply a computer network is a system of computers that are interconnected. There are seven layers of communication types identified by the International Standards Organization (ISO) Open Systems Interconnect (OSI) Reference Model
All network authorized personnel must be instructed to use "strong" passwords consisting of at least 8 characters; they must include at least one upper and one lower case letter, at least one Arabic number, and at least one "special character" in addition to avoiding any form or abbreviation of the user's first or last name (Boyce, 2002; Kizza, 2005). Network administrators must also implement applications capable of ensuring compliance by
Tracking normal activity patterns of users is essential to enable abnormal activity to be flagged. Also, unintentional user errors such as logging onto unsecure websites and opening up potentially infected documents must be flagged. Sending an email from an odd-looking address and seeing if employees open the email is one way to gage the relative wariness of employees. If employees open up the email, it staff can include a
Attacks on the system security include password theft, back doors and bugs, social engineering, protocol failures, authentication failures, Denial of Service attacks, active attacks, botnets, exponential attacks including worms and viruses, and information leakage. (Fortify Software Inc., 2008); (Fortify Software, n. d.) Servers are targets of security attacks due to the fact that servers contain valuable data and services. For instance, if a server contains personal information about employees, it
In some instances, policies implemented mainly as cost-effective shortcuts to network system security have cost otherwise good employees their jobs for violations of excessively restrictive network use policies. In the realm of the home computer user, it is possible to buy many new redundant or unnecessary security programs and features. Generally, appropriate network security should not interfere noticeably with either personal home computer use or computer system use in