APA_Unit1 - Security Policy Elements Running Head: SP...

Info iconThis preview shows pages 1–4. Sign up to view the full content.

View Full Document Right Arrow Icon
Security Policy Elements Running Head: SP Security Policy Elements - Week 1 Assignment Tushar Agarwal Kaplan University
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Security Policy Elements PART 1 When devising a Security Policy for Home Network / Small Business organization which elements should be considered have been outlined below with appropriate reasoning. The elements in consideration have been picked up from the Assignment Document: 1. Introduction – Can be skipped 2. Purpose – This is required as it defines what is the intent of drafting this document. Also what questions this document can answer in case of a conflict / confusion. 3. Organization Business Objectives – This can be skipped as this can be clubbed to the purpose. We are looking at small Organization. 4. Roles and Responsibilities – This is required as within a small organization there will be people who will be assigned to tasks. 5. Security Enforcement – Required as Violations definition and Action taken should be defined under this. 6. Security Incident Response – This is required for Disaster Recovery and any unknown incident accounted for day-to-day functioning. 7. Agreements with other Organizations – This is required for using licensed product and need to be recorded. 8. Applications Used a. Email, web, DNS, DHCP, File and print sharing – Required for the day to day functioning b. Special applications listed – Required. 9. Technical Security – This mainly concerns a System Policy but is there is not one applicable it should be part of this document. a. Security requirements – Required, brief outline for System Policy b. Security architecture – NA, Should be covered in Design. c. Security infrastructure - NA, Should be covered in Design. d. Encryption requirements – Required. e. Configuration management – NA Implementation details. 10. Identification of Sensitive Information – Required for protecting Proprietary and Business Sensitive Information a. Authentication requirements – Required as it carries over to System Configuration b. Access requirements – Required as this controls Data and System Access. If everyone has access to these it may lead to chaos c. Documentation requirements – Required for internal Use 11. Auditing Requirements – May not be required 12. Business Continuity Plan – Required for Incident Management Plan 13. Data Backup and Recovery Plan – Required for incident Management Plan 14. Appendices – Required for easy understanding
Background image of page 2
Security Policy Elements PART 2: Threats to top 10 Element in an organization I have been involved with Software Development and Delivery and the most important Items and threats include: 1. Workstation (This Include developer workstation, Salesperson PC / Laptop and other support staff PCs) a. Internal Threats– Data Stealing, Unauthorized Access, Password sharing etc. b.
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 4
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 09/05/2011 for the course IT IT 540 taught by Professor Kennethl.flick during the Spring '10 term at Kaplan University.

Page1 / 9

APA_Unit1 - Security Policy Elements Running Head: SP...

This preview shows document pages 1 - 4. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online