Intro to Security Final Project Essay

Due in Week Nine redeem 3 to 4 paragraphs giving a bottom-line summary of the specific measure equal goals and objectives of the tribute plan, which can be implemented to define optimal certificate computer architecture for the selected stock scenario. The objective of the Security Policy is to provide the basis of a secure information transcription within the boot digit Group. This indemnity pull up stakes protect the information system from threats that exist in record as well as disasters that exist from humans. The constitution pull up stakes besides give consideration to the privacy, reputation, intellectual property and productivity of Bloom Design Group.The efficient operation of this company is dependent on being able to nettleion and use resources within the building and being able to upstage access with security. Each employees responsibility essential be considered and appropriate access entrust be given to reassure that information is shared just now w ith those who prevail the authority to have it. This polity will ensure the affection to the Bloom Design Group policies but also with any government activity regulations. By limiting the access to certain groups of users, the security policy will guard against misuse of entropy and information.All processes that are within the system will be aligned with the policy and executed mechanic every last(predicate)y to ensure that the policy is effectively protecting the information and resources in a constant manner. Any disruptions or security risks will be dealt with immediately and automatically by means of the system software that has been established and configured for these purposes. 3. approach Due in Week One Give an overview of the company and the security goals to be achieved. 3. 1. Company overview As relates to your selected scenario, give a brief 100- to 200-word overview of the company.The Bloom Design Group is an interior design chore that offers services to cli ents globally. there is a corporate procedure in New York and a petty(a) office located in Los Angeles. The groups website allows clients a virtual(prenominal) decorating tool, where they are able to get an idea of the design and color escape they would like to see and how it may look after the design is completed. This is a great tool to aid the client in making decisions, support up by consultation by experienced interior designers as well.The designers are able to access their client files and style guides employ by the company. The designers will also be able to process orders for materials and furniture when accessing the website. vex is gained by a secure login and password. The employees and designers of this company conduct most of their line remotely and access the network via a secure VPN. 3. 2. Security policy overview Of the different types of security policies syllabus-level, program-framework, issue-specific, and system-specificbriefly counterbalance which typ e is appropriate to your selected business scenario and why.For The Bloom Design Group, a program-framework policy would be appropriate. The corporate office would set the security policy as it pertains to network usage. The program-framework policy would cover the WAN, the entire organization would be covered by it and all decisions relate to how data is accessed by the workforce. This would require an acceptable use policy, which pertains to all areas of access including remote access, authorized data retrieval and retention, and connections within the WAN. 3. 3. Security policy goalsAs applies to your selected scenario, explain how the confidentiality, integrity, and availability principles of information security will be addressed by the information security policy. 3. 3. 1. Confidentiality Briefly explain how the policy will protect information. Using the program-framework policy will help in making it workable that only those with authorized access to the companys data will be the ones doing so. VPN technology will be utilized for these individuals and devices only. These will continue their privileges as long as the policy is complied with.The VPN will be maintained so as to minimize risk of unofficial access, advance user and data confidentiality as much as possible over the internet, ensure the reliability of the companys system as well as those systems of the authorized users of the network. 3. 3. 2. Integrity Give a brief overview of how the policy will provide rules for authentication and verification. Include a exposition of formal methods and system transactions. The program-framework policy will maintain the data and keep it secure, reliable, and free from corruption.The policy will keep unauthorized users from gaining, retaining, modifying, or deleting data of the company by means of firewalls, encryptions, and anti-spyware or anti malware tools. The VPN will be secured with using a tool that provides encryption and user authentication. In trusion sensing tools will also help protect the VPN. 3. 3. 3. Availability Briefly secern how the policy will address system back-up and recovery, access control, and quality of service. The program framework policy will maintain that authorized individuals, users, and systems will have access to information in its original format and at all times.The IT department will keep the business continuity plan up to date and and secure it in such case that there is a withdraw for it collectable to emergencies. The company will create a business impact analysis which will evaluate risks to the companys data and systems will be ready to be use for recovery of data if needed. A disaster recovery plan will also be created with step by step implementation to ensure recovery and lengthiness of business operations in the event recovery is needed due to loss.A risk analysis will be created to further grade and take steps to secure the companys data. Full cooperation from to each one depart ment and the administration of the company is needed for these plans to be effective. Training will be conducted in order to ensure that all are amenable to the plan. (Merkow & Breithaupt, 2006). 4. Disaster Recovery Plan Due in Week cardinal For your selected scenario, describe the key elements of the Disaster Recovery Plan to be used in case of a disaster and the plan for testing the DRP. 4. 1. run a risk Assessment 4. 1. 1.Critical business processes List the mission-critical business systems and services that must be protected by the DRP. The Bloom Design Group has the need of protecting their general support systems. These are the mission-critical systems and services to be bear on with. They are related to network connectivity, access to the internet and various resources by means of applications that will rest on the network that will aid in the daily productivity of the company. The following list of systems is includes the assets that must be protected by this plan.