IS3220 Project Network Security Plan Ch
IS3220 Final Project: Network Security Plan
Chris Wiginton, Jose Rosado
ITT Technical Institute, Tampa FL
Instructor: Sherman Moody
18 November, 2014
Network Security Plan
INTRODUCTION (Purpose and Intent)
The Corporation Tech IT Network Security Plan establishes guidelines for IT practices used on a day to day basis to provide a secure and robust computing environment. These practices are used in order to protect the mission, operation, and reputation of Corporation Tech System and its information systems.
These system security policies, standards, and procedures that have been established for the Corporation Tech System, are intended to comply with the regulations and policies set down by the State of Florida, Corporation Tech, and the Federal Information Security Management Act (FISMA).
SCOPE
These standards and procedures apply to all information systems and resources under the control of Corporation Tech, including all computers connecting to the Corporation Tech network and all Corporation Tech System employees, contractors, and any other individuals who use and/or administer those systems and computers, particularly those involved with information system management.
STANDARD PROVISIONS
Corporation Tech IT will manage risk by identifying, evaluating, controlling, and mitigating vulnerabilities that are a potential threat to the data and information systems under its control.
User accounts and passwords are implemented to maintain individual accountability for network resource usage. Any user who obtains an account and password for accessing a Corporation Tech provided resource, is required to keep these credentials confidential. Users of these systems may only use the accounts and passwords for which they have been assigned and authorized to use, and are prohibited from using the network to access these systems through any other means. This plan also prohibits the sharing of personal user accounts or passwords for accessing Corporation Tech or
Chris Wiginton, Jose Rosado
ITT Technical Institute, Tampa FL
Instructor: Sherman Moody
18 November, 2014
Network Security Plan
INTRODUCTION (Purpose and Intent)
The Corporation Tech IT Network Security Plan establishes guidelines for IT practices used on a day to day basis to provide a secure and robust computing environment. These practices are used in order to protect the mission, operation, and reputation of Corporation Tech System and its information systems.
These system security policies, standards, and procedures that have been established for the Corporation Tech System, are intended to comply with the regulations and policies set down by the State of Florida, Corporation Tech, and the Federal Information Security Management Act (FISMA).
SCOPE
These standards and procedures apply to all information systems and resources under the control of Corporation Tech, including all computers connecting to the Corporation Tech network and all Corporation Tech System employees, contractors, and any other individuals who use and/or administer those systems and computers, particularly those involved with information system management.
STANDARD PROVISIONS
Corporation Tech IT will manage risk by identifying, evaluating, controlling, and mitigating vulnerabilities that are a potential threat to the data and information systems under its control.
User accounts and passwords are implemented to maintain individual accountability for network resource usage. Any user who obtains an account and password for accessing a Corporation Tech provided resource, is required to keep these credentials confidential. Users of these systems may only use the accounts and passwords for which they have been assigned and authorized to use, and are prohibited from using the network to access these systems through any other means. This plan also prohibits the sharing of personal user accounts or passwords for accessing Corporation Tech or
References: BEST: Network Security Policy and Procedures. (n.d.). Retrieved from http://www.ct.gov/best/cwp/view.asp?a=1245&q=253996 Example Security Plan. (2014, November 17). Retrieved from http://www.binomial.com/security_plan/example_security_plan_template.php Hardening Network Infrastructure Security Recommendations for System Accreditors. (n.d.). Retrieved from https://www.nsa.gov/ia/_files/factsheets/Hardening_Network_Infrastructure_FS.pdf Network Security Policy: Best Practices White Paper - Cisco. (2005, October 4). Retrieved from http://www.cisco.com/c/en/us/support/docs/availability/high-availability/13601-secpol.html Paquet, C. (2013, February 5). Security Policies > Network Security Concepts and Policies. Retrieved from http://www.ciscopress.com/articles/article.asp?p=1998559&seqNum=3 SANS - Information Security Resources | Information Security Policy Templates |. (n.d.). Retrieved from http://www.sans.org/security-resources/policies/ SG Ports Database (tcp/udp). (n.d.). Retrieved from http://www.speedguide.net/ports.php Swanson, M. (2006, February). Guide for Developing Security Plans for Federal Information Systems. Retrieved from http://csrc.nist.gov/publications/nistpubs/800-18-Rev1/sp800-18-Rev1-final.pdf