Sign Up Now
Get instant access to over 1 million+ study documents
OR
Already registered? click here to login
By creating your account, you agree to our terms of service, privacy policy and student honor code.
Social Security
Company Network Security Policy
This paper is intended to address the importance of having a written and enforceable Computer Network Security Policy for The Financial Group, an accounting corporation. The company's accounting systems comprise three major elements: a Web-based front-end server, a back-end database, and business-logic applications. OS-level console access is used for system administration. Accountants access the system with Web browsers using HTTP only and are authenticated via the HTTP basic authentication mechanism.
Network Security Policy Components
Network security is the most critical element of The Financial Group's IT security program. This security policy identifies the rules and procedures that all persons accessing computer resources must adhere to in order to ensure the confidentiality, integrity, and availability of data and resources.
Security Definition: This security policy is intended to ensure the confidentiality, integrity, and availability of data and resources through the use of effective and established IT security processes and procedures.
Enforcement: The Chief Information Officer (CIO) and the Information Systems Security Officer (ISSO) will have the primary responsibility for implementing the policy and ensuring compliance. However, members of senior management will be represented as well.
All exceptions to the policy should be reviewed and approved, or denied, by the Security Officer. Senior management, however, should not be given the flexibility to overrule decisions. Otherwise, the security program will be full of exceptions that will lend themselves toward failure.
User Access to Computer Resources: The roles and responsibilities of users accessing resources on the company's computer network should be strictly implemented. This includes: procedures for obtaining network access and resource level permission; policies prohibiting personal use of organizational computer systems; procedures for using portable media devices; procedures for identifying applicable e-mail standards of conduct; specifications for both acceptable and prohibited Internet usage; guidelines for using software applications; restrictions on installing applications and hardware; procedures for Remote Access; guidelines for use of personal machines to access resources (remote access); procedures for account termination; procedures for routine auditing; procedures for threat notification; and Security awareness training.
In addition, external companies with which...
This is done for the simple reason that the security policy is only as good as the weakest link. (Frye 349-382)
Security Profiles: Security profiles will be applied uniformly across common devices used by the company (e.g., servers, workstations, routers, switches, firewalls, proxy servers, etc.).
Applicable standards and procedures will be followed for locking down devices. In addition, an assessment needs to be completed to determine what services are necessary on which devices to meet the company's organizational needs and requirements. All other services should be turned off and/or removed and documented in the corresponding standard operating procedure.
Passwords: Passwords are a critical element in protecting the company infrastructure. Remember, the security policy is only as good as the weakest link. If users have weak passwords then the company is at a higher risk for compromise not only by external threats, but also from insiders. If a password is compromised through social engineering or password cracking techniques, an intruder now has access to the company's resources. The result is the loss of confidentiality and possibly the integrity of the company's data as well.
Users will be required to use a minimum of eight characters for passwords, use a combination of symbols, alpha charters, and numerals, and a mixture of uppercase and lowercase. Users will be required to change their password at least quarterly. Previous passwords should not be authorized. Lastly, an account lockout policy will be implemented after a predetermined number of unsuccessful logon attempts.
E-mail: A strict e-mail usage policy is a must. Several viruses, Trojans, and malware use e-mail as the vehicle to propagate themselves throughout the Internet. A few of the more recent worms were Code Red, Nimda, and Gonner. (Ogletree. 48) These types of exploits prey on the unsuspecting user to double click on the attachment thereby infecting the machine and launching propagation throughout the entire network. This could cause several hours and/or days of downtime while remedial efforts are taken.
To address this, content filtering of e-mail messages will be required by the company. Attachments with extensions such as *.exe, *.scr, *.bat, *.com, and *.inf will be filtered. Also, personal use of the e-mail system should be prohibited as e-mail messages can and…
Works Cited
Erlanger, Leon. "Defensive Strategies." PC Magazine 5 November 2002.
Frye, Emily. "The tragedy of the cybercommons: Overcoming fundamental vulnerabilities to critical infrastructures in a networked world." The Business Lawyer November 2002: 349-382.
Goncalves, Marcus and Brown, Steven. Check Point Firewall 1:Administration Guide 2000. Emeryville: McGraw-Hill Osborne Media, 1999.
Greenberg, Eric. Network Application Frameworks, Boston: Addison Wesley Longman, 1998
Wreski, Dave and Pallack, Christopher. "Network Intrusion Detection Using Snort,." Features. 19 June 2000. Linux. 15 May 2003 http://www.linuxsecurity.com/feature_stories/feature_story-49.html.
SECURITY and PRIVACY - the following security and privacy requirements apply: The Office does not accept responsibility for the privacy, confidentiality or security of data or information not generated by this office or transmitted from external sources into the system. The Office does not accept responsibility for loss, corruption, misdirection or delays in transmission of personal data through the system. Users are responsible for the integrity of all data and
All network authorized personnel must be instructed to use "strong" passwords consisting of at least 8 characters; they must include at least one upper and one lower case letter, at least one Arabic number, and at least one "special character" in addition to avoiding any form or abbreviation of the user's first or last name (Boyce, 2002; Kizza, 2005). Network administrators must also implement applications capable of ensuring compliance by
McBride Security Policy Security Policies and Recommendations for McBride Financial Services McBride Financial Services has experienced increased consumer interest in its innovative and economical loan offerings and terms. With rising competition in the market, McBride is now aggressively working to boost market share through a renewed focus on customer service and simple and speedy loan processing (Fluss, 2009). While many automated processes in the financial sector can be convenient for customers, they
Social Media - a New Kind of Security Problem in Business The Newest Threat to any Business: Social Media Social media is one of the most significant changes that has come about in communication today. However, it can also have serious implications for business and for the privacy and protection of businesses and employees. Overall, social media is not something that can be ignored by businesses today, because it can offer worries
Security Plan: Pixel Inc. About Pixel Inc. We are a 100-person strong business dedicated to the production of media, most specifically short animations, for advertising clients worldwide. Our personnel include marketing specialists, visual designers, video editors, and other creative staff. This security plan encompasses the general and pragmatic characteristics of the security risks expected for our business and the specific actions that aim to, first and foremost, minimize such risks, and, if that's
Security Management The role of a security manager varies widely according to the particular organization and its needs, but despite this variety, there remain certain best practices and policies that can help maintain security and stability. This is nowhere more true than in the case of organizational loss, because while loss can mean widely different things depending on the field, the underlying theoretical concepts which inform attempts to minimize loss are