Configuring Security
Essay Preview: Configuring Security
Report this essay
When configuring security for information systems, it is important to organize the goals of the security plan. The intentions and goals of the security plan require a strong sense of confidentiality and integrity. Each user is responsible and held accountable for his or her use or possible misuse of confidential information. The main goal for a security plan includes implementation of responsibilities and principles.
In several instances, the security plans may have project constraints such as a weak or vulnerable flaw in the software; environmental and natural threats such as fires, floods, severe weather, etc.; or human threats such as internal (disgruntle or dishonest employees) and external (hackers). The project constraints pertaining to the users can be acknowledged ahead of time with the principle of least privilege, the use of monitoring, and the use of access logging software. The project constraints pertaining to malicious software threats can be acknowledged ahead of time with the proper use of virus protection software or antivirus software. The project constraints from natural occurrences cannot be acknowledged ahead of time but can be taken care of with the use of backup systems, the proper use of removable media, and a proper Disaster Recovery Planning (DRP). The symbolizing for the importance of a security policy should follow with the appropriate repercussions given upon violation of the security policy (Danchev, 2003).
In any instance the goal of security; will implement a ring of trust through a Trusted Computing Base (TCB) that protects from these specific issues. The TCB is shown by the ring of trust model through the defense of depth in a form of layered security. Within a TCB, all data entering the system will be kept safe and confidential. The protection mechanisms that will be used are layering, process isolation, hardware segmentation, and the principle of least privilege.
Information Security Policy
The Bloom Design Group is a company that offers interior design services to businesses and individuals throughout the world (IT/244 course material, 2010). The company has two offices, one office is in New York and the second office is in Los Angeles. The two physical locations are the foundation of the business, which seems to be the main access points for the employees. The ring of trust and the access points, inner ring and outer ring, depend on the employees title and significance within the company. The two physical locations are potentially the most secured systems because of the confidential data of employees files and the companys most valuable data, e.g. financial documents, insurance documents, etc. The company operates and does most of the business via the Internet. The companys website is accessed by clients, designers, and employees with various levels of access. The level of access, the security of the access, and the user remote access are the concerns for the company. The company is seeking to establish an information security system that maintains the principles of confidentiality, integrity, availability, authentication, and non-repudiation (Danchev, 2003).
Physical Security Policy
The physical security for the Bloom Design Group includes the location of the buildings and the authorized access to the buildings through the gates or the doors. The buildings are important to secure to provide a form of visible physical security around the invisible logical security. The security officers stationed throughout the building, and the access control points will provide additional visible security. The video surveillance monitoring inside and outside of the buildings and the alarm systems within the buildings will provide invisible security. Extra security measures are taken with the key card or smart card entry to the building and the highly secured areas within the building.
Security of Information Systems
The physical security entry codes are to be held in confidence and kept secured. Although Bloom Design Group is an Internet-based company, the office in New York and the office in Los Angeles are highly important and require physical security to protect the Internet aspect of the company. The use of virtual private networks provides good security for the concerns of remote user access and authentication. The virtual private network uses strong cryptography. The cryptography authenticates both the senders and receivers of messages and provides a high form of traffic encryption to delete vulnerability from a man-in-the-middle attack (Merkow & Breithaupt, 2006). The user has the ability of connecting to the corporate network via the Internet, via his or her ISP, thus creating a private tunnel. The private tunnel protects against eavesdropping and data modification. The access points to the building without controlled access points and open such as delivery and loading areas require a security officer and surveillance monitoring at all times. Although these areas are not the areas where the highly secured data will be held, these areas are important because of the availability to enter and exit.
The users are responsible for security of their laptops and roaming equipment. The users should enable Encrypting File System (EFS). The user should never leave his or her laptop or roaming equipment unattended. The user should use personal firewall and anti-virus software on laptops and on roaming equipment. The user should never be too careful and should make security a habit. Following certain precautions for their own personal property will in turn protect the companys system, network, and server equipment. The proper maintenance of the systems can provide accurate and effective information security planning (Danchev, 2003).
Security of the Facilities
The corporate office in New York will not have the same security as the Los Angeles office on the outside of the building because of the location. In New York, buildings are close together and security gates are not easy to set-up. The New York office will consist of security within the building. The requirement for the individual to swipe the smart card or key card is a must for gaining entry. Once in the building, the individual is seen through video surveillance and must pass through the security checkpoints and manually login with the logging system. The Los Angeles office is a location that is feasible for a gated building because of the location. The individual will have to swipe the smart card or the key card for entry into the gates. The video surveillance will monitor the individual once on the facility property. As a requirement, the individual must swipe a smart card or key card to gain entry into the building.