Security Plan

Security Plan

Name:

Institution:

Security Plan

Organizing the Security Elements

There are three main categories of security controls or elements. They include physical, technical, and procedural controls. These are the main areas addressed when handling security matters with the Physical security control supplementing an organization in a physical manner, technical security controls coming in to address technical issues and procedural security controls looking at operations in which both technical and physician aspects are used (Hawke, 2009). Physically, there are the everyday controls that people have to interact with such as, lighting, locks and fences, tokens, ID badges, and the guards. To control this aspect, this security plan will limit the interactions of the organization to a team such that within the team, there is a member of two placed in charge of each area.

The control of technological advances, especially in instances where they are deployed as virtual appliances, will improve the functioning of the organization (Karoly, 2005). This is because they become more limited to the everyday user smoothening out the networking traffic that controls the connection from the inbound to the outbound devices within the organization. This means that they can be secured in such a way that they are transparent to the user and at the same time, suitable as the organization’s infrastructure. Technical security controls affect the switches, the proxy servers, the routers, the Network Access Control devices and the firewalls among others.

Lastly, it is important to have a security plan that protects the procedures used and the overall, decision-making process (Laskowski, 2011). This means that a suitable plan should encompass the identification of the most favorable policies, procedural rules, and regulations and the attainment of relevant legal documents. This means that the organization is able to spell out what is allowed or prohibited, the acceptable punishments such as employment termination or dismissal and formal requirements such as signature authentication among others. This security plan having addressed these areas ensures that there is protection from any violations and irregularities.

Internet Use Policy

Internet use is the most critical part in the creation of security measures. For this reason, having policies that regulate the overall access to the internet in the organization offers a certain level of security. In this security plan, therefore, the key policy on internet usage will be effective in three areas (Hawke, 2009). The first one is that the organizations should institute an email-tampering directive such that, the IT department should ensure that all files are deleted, concealed or made inaccessible to individuals not authorized to access. In addition, the policy should ensure that all emails received or sent are not altered or re-accessed without permission and that the organizational secrets are not forwarded to other emails without consent.

Secondly, to further minimize internet access interruptions, the company needs to minimize the use of personal electronic equipment such that, all usage of camera phones, digital or video cameras and recording devices are prohibited to prevent the leakage of important information to the wrong hands(Karoly, 2005). With this policy in place, therefore, any violation would constitute a civil or criminal offense especially if any obtained information is used for purposes of harassment and invasion of privacy. The third policy will be about privacy such that, there will be no exceptions to the use devices or access sites that interfere with data and files in the computer or office network (Laskowski, 2011). The level of harm, in this case, will be evaluated against the provisions protecting intellectual property and the harm brought to the operations of the company. There is a need for the organization to enforce and check passwords to ensure only trained personnel with software experience are chosen to handle any organizational tasks.

Remote Policy Access and Procedure

Once the policy has been established and the security controls identified, the procedures of operations need to be identified and addressed. The security plan of the organization can, therefore, take up the following measures (Hawke, 2009). They include the disabling of all passwords caching in all office computers. Likewise, the disabling of JavaScript and Active X secures all web browsers and email programs for the benefit of the company. The CD-ROM autorun should also be disabled as an uncontrolled activity, as well as, removal of files and other scripts from the web server storage at all times. Office chats that use applications such as internet messenger should not be encouraged as they could be used as mediums to transfer valuable information to and from departments

Concurrently, speed is valuable when dealing with valuable information and therefore, computers in the office ought to be upgraded for instance from XP internal firewall to Windows XP machines (Laskowski, 2011). The web server should authenticate user traffic and reject attempts of remote administration; file sharing should be limited to the Internet or by personal means with all stations required to come up with password protected screensavers and locks (Karoly, 2005). Lastly, training can be offered on locking of workstations and other complex matters to ensure convenience and reliability. Overall, proper evaluation of all these areas will provide promising results in the safeguarding of an organization’s security and help in business continuity and growth.

References

Hawke, C. S. (2009). Computer and Internet use on campus: A legal guide to issues of intellectual property, free speech, and privacy. San Francisco: Jossey-Bass.

Karoly, L. A. (2005). The 21st century at work: Forces shaping the future workforce and workplace in the United States. Santa Monica, Calif: RAND.

Laskowski, J. (2011). Agile IT security implementation methodology: Plan, develop, and execute your organization’s robust agile security with IBM’s Senior IT Specialist. Birmingham: Packt Pub.