Student ID: 336227
Information Security Modification Recommendations Service Level Agreement Between Finman Account Management, LLC, Datanal Inc., and Minertek, Inc.
After careful review of the current Service Level Agreement(SLA) “A Service Level Agreement for Provvision of Specified IT Services Between Finman Account Management, LLC, Datanal, Inc., and Minertek, Inc.” we have determined that standard Information Technology security measures have not been addressed fully. Following are the recommended changes highlighted in the specific sections that need to be addressed. These changes are being recommended to protect Finman’s data and intellectual property. Established standards such as Best …show more content…
These practices follow a four point approach to establishing a Best Management Practice which includes Communication Awareness Training, Risk Management, Firewall(Spam Filters) and Vendors Manufacturing Agents or Partners. (Clinch, J. (2009, May))
The first step would include training for all agents in Communication Awareness before allowing use of network and company assets. Training would include Information Assurance, basic computer usage and threat prevention during the implementation of AD and CAC card systems. Proof of this training will be submitted along with a signed user agreement and supervisor request for network access. User Agreements will state the responsibilities of the agent as well as penalties for violations of the agreement. Datanal will provide training resources and documentation to all Finman organizations.
The second step , as part of risk management, will be the creation of auditing processes, data backups and disaster recovery(DR). IDS and virus protection systems must be researched, evaluated and implemented to meet ISO standards. Data backup and DR will be implemented along with established DR plans and documentation covering restoration processes and time frames. A data retention plan will be established stating the length of data storage and disposal for outdated data.
The implementation of firewalls, proxy servers, spam