Organizational security strategies must be designed for agility and speed through the use of state-of-the-art systems that can quickly be reconfigured to match changing roles in an organization. Organizational security will be defined through role-based access, configurable through authenticated, clearly delineated processes that can be administered at the administrator level (Hone, Eloff, 2002). The organizational security strategy will also be designed on the empirically validated Confidential, Integrity and Availability (CIA) triad model that successfully balances the need for data accuracy, security and access. Metrics and analytics will also be used for tracking the effectiveness of this strategy, as CIA-based implementations can be quantified from a reconciliation network performance standpoint (Gymnopoulos, Tsoumas, Soupionis, et. al., 2005).

Access Control and Cryptography Security

The it security policy will require the use of a proxy server-based approach to defining access control, authentication and cryptography. As there are a myriad of new technologies being released in this area, it is imperative that a Certificate Server-based authentication workflow be designed to ensure the goals of the organization can be achieved while information assets and systems are protected (Cisco Tutorial, 2013). Figure 2 illustrates the recommended configuration for the authentication and cryptography server (Hegyi, Maliosz, Ladanyi, Cinkler, 2005).

Figure 2: Using a Certificate Server for a Secured Network

Sources: (Cisco Tutorial, 2013) (Hegyi, Maliosz, Ladanyi, Cinkler, 2005) (Opus One, 2013)

Laws and Regulatory Compliance

As the organization is a publically-traded entity with operations globally, reporting requirements include compliance to the Sarbanes-Oxley (SOX), which has specific data access, retrieval and reporting requirements including the reporting of material events electronically. Reporting material events, creating and keeping...

In addition it is a requirement of this plan that all security system logs and activity be stored in 256-bit encrypted files and system that are consistent with certification server requirements. Laws and regulatory compliance standards will be defined by the CIO and it security operating committee, with dashboards and periodic reporting requirements also completed to ensure the organization meets and exceeds federal, state and local reporting requirements. The use of dashboards and advanced reporting systems is a critical success factor in the managing of it security polices to strategically-driven goals and objectives (Lee, Wong, Kim, 2012).
References

Amsel, E. (1988). Network security and access controls. Computers & Security, 7(1), 53.

Banks, S. (1990). Security policy. Computers & Security, 9(7), 605.

Burgess, M., Canright, G., & Kenth Engo-Monsen. (2004). A graph-theoretical model of computer security. International Journal of Information Security, 3(2), 70-85.

Eloff, J.H.P. (1988). Computer security policy: Important issues. Computers & Security, 7(6), 559.

Gymnopoulos, L., Tsoumas, V., Soupionis, I., & Gritzalis, S. (2005). A generic grid security policy reconciliation framework. Internet Research, 15(5), 508-517.

Peter Hegyi, Maliosz, M., Akos Ladanyi, & Cinkler, T. (2005). Virtual Private/Overlay network design with traffic concentration and shared protection. Journal of Network and Systems Management, 13(1), 119-138.

Hone, K., & Eloff, J.H.P. (2002). Information security policy - what do international information security standards say? Computers & Security, 21(5), 402-409.

Lee, S., Wong, T., & Kim, H.S. (2012). Improving manageability through reorganization…