Student Name: Shelby Hartsell
University of Phoenix
IT/244 Intro to IT Security
Instructor’s Name: Dr. Flores Date: 06/21/2015
Due in Week One: Give an overview of the company and the security goals to be achieved.
As relates to your selected scenario, give a brief 100- to 200-word overview of the company.
The Bloom Design group offers interior design services to their customers nationwide. They have locations in New York and Los Angeles. The main focal point is their website. On this website, there is a virtual designing tool that gives their customers access to see what their ideas look like in front of them, prior to making ordering decisions. Interior decorators can access these files and the guides from the company with a login. They can also process orders electronically for the materials needed to complete the project. The workforce of the company is remote, and uses a secure VPN to access the network.
1.2.Security policy overview
Of the different types of security policies—program-level, program-framework, Issue-specific, and system-specific—briefly cover which type is appropriate to your selected business scenario and why.
System-specific policy is efficient in adding policies to the website. Due to the specific nature of the business scenario, I feel that going with a system-specific policy will set a good security guideline to all aspects of the website that the Bloom Design uses for their interior design
1.3.Security policy goals
As applies to your selected scenario, explain how the confidentiality, integrity, and availability principles of information security will be addressed by the information security policy.
Briefly explain how the policy will protect information.
With this policy, we need to make sure that user’s information states safe, as well as easy to access for their interior designer. We do not want other customers or designers having access to information that doesn’t belong to them, so implementing a login for customers could help keep their information secure
Give a brief overview of how the policy will provide rules for authentication and verification. Include a description of formal methods and system transactions.
The policy would provide rules with the login in for the customers, a separate login for the designers as well as the VPN mentioned for the workforce. I feel that a simple user name and password, with both capital, lowercase letters and symbols can keep a strong and secure method. Transactions should also be secure, with using a third party program like https://escrow.com/ or an option to PayPal’s services where they secure the customer’s payment information but it also doesn’t save their information on our website in case there is a possibility of a breach. A confirmation should be sent to the customer as well as an access to track and locate their order history,