Security Information Essay

Submitted By jumpyshark
Words: 1462
Pages: 6

Executive Summary The project in question is to make our company’s system safer and more reliable, as well as keeping the cost down without losing any information that could harm us if in another person’s hands. We need to keep our most valuable assets safe and one way to do this is to tighten our systems security by limiting certain access to these assets via computer systems. Our most valuable assets are as followed; our vendors systems, warehouse(s), distribution methods, computer technologies, and newest projects. All of these can be found in our operating system and without the proper securities they all can become compromised. In order to keep these assets safe we need to limit the access of some employees that need to know certain things and those who do not need restricted access. We can make this happen but it may take a few days but it will help with limiting who sees what. Another thing we can use to help is to get training done through SANS. SANS gives free resources that can help with the security problem within the computer systems as well as how we use our systems. There is no cost for using these resources. They were compiled to help the people attending SANS training programs, but security of the Internet depends on vigilance by all participants, so we are making this resource available to our entire community, this will help all of us in the long run (SANS, 2104).
Think you don’t have anything of value to protect? Think again. The key asset that a security program helps to protect is your data — and the value of your business is in its data. You already know this if your company is one of many whose data management is dictated by governmental and other regulations — for example, how you manage customer credit card data. If your data management practices are not already covered by regulations (Trent, 2008).
With that said it is not realistic to say we can cover everything, but we can try our hardest to make sure things are covered and if a problem arises we can grab ahold of it and control it. We have to be mindful that our customers/vendors have valuable information that we can see. Our company needs to keep our information as well as our customers/vendors information secure. We can do this in multiple ways, one being having a set password policy. Having our employees change their passwords every 90 days and having to be at least twelve characters long using at least one capital and lower case letter special character and number, minimum life on one password fifteen days, and not using the same password within ten passwords. IE password being A2!gh%GhqJ this password cannot be changed until fifteen days after it was created; it cannot be repeated until after ten different passwords have been used. Another way to keep our customers/vendors information safe is restricting who can see the information. If a manager in accounting is trying to see something in shipping, then they are way outside of their realm. We can set up a system to manage who sees what. Security Policy Recommendations
Security Policy Analysis
A policy is typically a document that outlines specific requirements or rules that must be met. In the information/network security realm, policies are usually point-specific, covering a single area. For example, an "Acceptable Use" policy would cover the rules and regulations for appropriate use of the computing facilities. We can use a standard to protect our systems like our; networks, servers and everything else that we use. However, we need to take time to make requirements to for each item specifically to work at the best possible level.
A standard is typically a collection of system-specific or procedural-specific requirements that must be met by everyone. For example, you might have a standard that describes how to harden a Windows 8.1 workstation, like the tablet I am using, for placement on an external (DMZ) network. People must follow this standard exactly