PROJECT 4: CASE STUDY 1 (CON’T) SECURITY PLAN AND RECOMMENDATION MEMO
This project involves the development of a Security Plan and a Recommendation Memo to the CIO. The plan communicates the security, policies, and the technologies being recommended from Projects 1, 2, and 3.
Information Security Plan
Need Help Writing an Essay?
Tell us about your assignment and we will find the best writer for your project.
Write My Essay For MeExecutive Summary
This information security plan is meant to establish and state the policies that govern Banking Solutions Inc.’s IT standards as well as practices. The plan will protect the organization’s information and its critical data resources from possible threats. The main objective is to ensure the existing business continuity in the organization, minimize business risks, and maximize the organization’s return on investment including business opportunities. The information security will be achieved through the implementation of suitable controls, which include policies, security technology processes, procedures, hardware and software functions, and organizational structures. The controls have to be established and implemented, monitored and reviewed, as well as improved accordingly. This would ensure that the organization’s security, as one of the many business objectives, is achieved. This involves governing the privacy, security, as well as confidentiality of the organization’s data. All users of the organization are required to follow the Banking Solutions Inc. policies. It is also required that the organization’s employees maintain a shared responsibility regarding security of the organization’s information with respect to their departments.
Purpose
The main purpose of this security plan is to see that Banking Solutions maintains confidentiality, integrity, and data availability. The plan also will ensure that Banking Solutions defines, develops, and documents information policies as well as procedures supporting the goals and objectives of the organization. The plan also aims to allow Banking Solutions to satisfy responsibilities regarding the legal and ethical requirements with respect to the organization’s IT resources. The security policies and procedures stand for the organization’s foundation. Internal controls would provide a system of checks as well as balances meant for identifying irregularities, preventing waste, as well as fraud and abuse of information.
Scope
The plan will apply to the whole organization including the management, employees, and other stakeholders. The key idea is to ensure data security. The information to be protected is typically part of the organization’s assets such as data, images, text, software, and related information resources whether stored online, on computers, or on paper among other storage media.
IT Governance Committee and Responsibilities
It governance is typically the management’s responsibility. It consists of aspects such as the leadership, the organizational structure, and the process for ensuring that IT sustains and extends the organization’s strategies and objectives. The management, in this case, will be responsible for the people to govern the information security and the strategic direction to be taken. It will ensure that the information security objectives are achieved accordingly.
The Organization’s Policy Statement
All departments within the organization will be obligated to protect the organization’s information resources. This will be done by implementing the security standards as well as procedures that are developed and approved by the government and the Information Security Board of Review. The organization’s departments will be required to meet all the minimum security standards. All departments would be encouraged to adopt the standards exceeding the minimum requirements. The information users will be responsible for complying with the general policies and their respective departments’ policies.
Enforcement
All users will be required to comply with both federal and state laws as well as the organization’s policies and procedures that govern the high-sensitive data security. Any user caught engaging in unauthorized access, use, alteration, destruction, or disclosure of data/information will be violating this plan and will be subjected to the appropriate disciplinary action such dismissal or legal action or even both.
Information Security Program
Information security programs have been established, documented, and implemented. The programs are typically designed to improve IT operations effectiveness and ability to satisfy the existing regulatory requirements. The program is mainly set to ensure confidentiality as well as integrity of information within the organization. It is also meant to maintain an appropriate level of information and data accessibility. Three technological means have been put in place to ensure that information is protected from all reasonable forms of threat. The most technological/program measures include the use of firewall protection, use of remote access technology, and the use of account lockout technology/program (Avoyan, 2011). These technological means have both software and hardware components aimed at keeping information and related facilities secure.
Regarding the firewall protection technology, the organization’s computers would be protected from internet threats by a firewall. An ISA Server is used to provide proxy firewall solutions to the organization. The firewall protection network diagram would be as shown in figure 1 below (Avoyan, 2011).
Firewall Protection Technology
Figure 1: Firewall Protection Network Diagram
Remote Access Technology
For the remote access technology, Banking Solutions Inc. would be able to control its users such that they can only connect to the internet from a specified remote location. This will allow the use of network resources, but at a controlled usage such that external threats are minimized. The same technology minimizes the risk of attackers gaining unauthorized access to the organization’s threats. The technology will enhance information security and allow user flexibility, even those willing to work from home (Microsoft, 2014). The remote access technology can be designed as shown in figure 2 below.
Figure 2: Remote Access Technology Network Diagram
Account Lockout and Password Technology Concept
This technology program would be important because the security of the organization’s information relies on the restriction level against unauthorized users. This program controls aspects like the number of possible login attempts, password length, password uniqueness, as well as password lifespan. Other than logon attempts, it prevents dictionary attacks, which involve the use of known words to try to access account information (Microsoft, Account Lockout and Password Concepts, 2004). Brute force attacks in which unauthorized users try all possible permutations, are prevented. Figure 3 describes the authentication process using the steps, which occur whenever logon attempts fail to work.
Figure 3: A Network Diagram for Failed Logon Attempt Process
Associated Costs
The cost of ensuring security on the organizations information is relatively high. The cost would include installation cost for the three technologies, running costs, maintenance costs, and labor cost. The management will need to set a budget to meet these cost.
Risk Assessment
Risk assessment would be important to determine the vulnerability of the organization information to attacks. There is generally a high risk since Banking Solutions is a financial institutions with some online transactions and mode of payment. Besides, financial information is highly vulnerable to security attacks. The management can thus formulate effective strategies after an effective risk assessment (Microsoft, Account Lockout and Password Concepts, 2004).
Expected Return on Investment (ROI)
ROI would be the benefits resulting from the investment of security technologies. The technologies are likely to yield high ROI in which the investment gains would compare favourably to the investment costs. As long as risks and previous security problems will be eliminated, the technologies will result to increased profitability of the business. ROI will determine the plan effectiveness (Farris, Bendle, Pfeifer, & Reibstein, 2010). It will be computed as follows:
ROI = (Net profits / Investment Cost) × 100
Where:
Net Profit = Gross Profits –Total Expenses
Recommendation Memo
MEMO TO: The CIO
FROM: Information Security Planner
DATE: October 25, 2014
SUBJECT: INFORMATION SECURITY PLAN FOR BANKING SOLUTIONS INC.
Banking Solutions Inc. is currently facing significant information security problems. The sensitivity of its business operations requires the use of highly secured information systems. An information security plan has been designed to help solve the problem. The plan incorporates three key technological security programs. These include firewall protection technology, account lockout technological process, and a remotely controlled access technology. A combination of these technologies would ensure that all possible threats to the organization’s information are mitigated.
The security plan will ensure that security on information is promoted with respect to the organization’s policies and government regulations. The main objective will be ensuring continuity of the business, minimizing information security risks, and maximizing the returns on investment (ROI). A close analysis has shown that although the investment cost would be relatively high, the financial benefits would be high. This is because the number of risks would be minimized greatly. Investors are likely to be attracted to the business because of the increased profitability and decreased risks of losses. This follows the fact that security controls would be in place to increase customer confidence as well. It is therefore recommended that the plan be reviewed the soonest possible in order to facilitate the necessary steps for implementation. It is also advisable to initiate any changes on the plan where necessary to perfectly meet the organization’s needs and budget especially given the prevailing changes within the business environment.
References
Avoyan, H. (2011, August 17). How to Protect Your Network: Firewall Best Practices. Retrieved from blog.monitis.com: http://blog.monitis.com/2011/08/17/how-to-protect-your-network-firewall-best-practices/
Farris, P. W., Bendle, N. T., Pfeifer, P. E., & Reibstein, D. J. (2010). Marketing Metrics: The Definitive Guide to Measuring Marketing Performance. Upper Saddle River, New Jersey: Pearson Education, Inc.
Microsoft. (2014, July 31). Account Lockout and Password Concepts. Retrieved from technet.microsoft.com: http://technet.microsoft.com/en-us/library/cc780271%28v=ws.10%29.aspx
Microsoft. (2014). Securing Remote Access. Retrieved from technet.microsoft.com: http://technet.microsoft.com/en-us/library/cc875831.aspx
PLACE THIS ORDER OR A SIMILAR ORDER WITH GRADE VALLEY TODAY AND GET AN AMAZING DISCOUNT
The post Development of a security plan paper appeared first on Grade Ninjas.
Order essays, research proposal, capstone project, speech/presentation, book report/review, annotated bibliography, discussion, article critique, coursework, projects, case study, term papers, research papers, reaction paper, movie review,and more.
TOO MANY ASSIGNMENTS? Let our professional writers help you!