Information Security Policy
Appendix B
INFORMATION SECURITY POLICY
Table of Contents
1. Executive Summary 1
2. Introduction 2
3. Disaster Recovery Plan 5
3.1. Key elements of the Disaster Recovery Plan 5
3.2. Disaster Recovery Test Plan 6
4. Physical Security Policy 8
4.1. Security of the facilities 8
4.1.1. Physical entry controls 8
4.1.2. Security offices, rooms and facilities 8
4.1.3. Isolated delivery and loading areas 9
4.2. Security of the information systems 9
4.2.1. Workplace protection 9
4.2.2. Unused ports and cabling 9
4.2.3. Network/server equipment 10
4.2.4. Equipment maintenance 10
4.2.5. Security of laptops/roaming equipment 10
5. Access Control Policy 11
6. Network Security Policy 14
7. References 16 1. Executive Summary
Sunica Music and Movies is a company that currently has four locations. This business is ready to improve the way they do business by implementing a computerized network that will allow for centralized accounting and inventory as well as starting a web-based e-commerce site. The following document provides an in-depth look at the implementation of policy and procedures that will help this transition to become successful.
These policies will eliminate confusion and specify the types of security that will ensure the safe and secure operation of the business. Furthermore, the policies have measureable goals and methods of testing the policies to determine their effectiveness in providing confidential information while retaining the integrity of the data and making the data readily available.
The disaster recovery plan provides a risk analyst that lists the possible threats to this company and the critical business processes that require protection. This plan also provides suggestions for preparing a backup site, and goals for getting the business back up and running.
The security sections of the paper outline what steps are required to secure each store to ensure the safety of the employees and customers. Detailed
INFORMATION SECURITY POLICY
Table of Contents
1. Executive Summary 1
2. Introduction 2
3. Disaster Recovery Plan 5
3.1. Key elements of the Disaster Recovery Plan 5
3.2. Disaster Recovery Test Plan 6
4. Physical Security Policy 8
4.1. Security of the facilities 8
4.1.1. Physical entry controls 8
4.1.2. Security offices, rooms and facilities 8
4.1.3. Isolated delivery and loading areas 9
4.2. Security of the information systems 9
4.2.1. Workplace protection 9
4.2.2. Unused ports and cabling 9
4.2.3. Network/server equipment 10
4.2.4. Equipment maintenance 10
4.2.5. Security of laptops/roaming equipment 10
5. Access Control Policy 11
6. Network Security Policy 14
7. References 16 1. Executive Summary
Sunica Music and Movies is a company that currently has four locations. This business is ready to improve the way they do business by implementing a computerized network that will allow for centralized accounting and inventory as well as starting a web-based e-commerce site. The following document provides an in-depth look at the implementation of policy and procedures that will help this transition to become successful.
These policies will eliminate confusion and specify the types of security that will ensure the safe and secure operation of the business. Furthermore, the policies have measureable goals and methods of testing the policies to determine their effectiveness in providing confidential information while retaining the integrity of the data and making the data readily available.
The disaster recovery plan provides a risk analyst that lists the possible threats to this company and the critical business processes that require protection. This plan also provides suggestions for preparing a backup site, and goals for getting the business back up and running.
The security sections of the paper outline what steps are required to secure each store to ensure the safety of the employees and customers. Detailed
References: Merkow, Mark & Breithaupt, Jim. (2006). Information Security: Principles and Practices. Published by Prentice Hall. Retrieved August 19, 2011