PROPOSAL TO INCREASE THE SECURITY LEVEL

Proposal to Increase the Security Level

System Structure

All the computers currently running in the organization should have firewall (Online Armor) installed in them to protect the systems from external threats.

All the computers should have Windows Firewall enabled on the server

Norton Anti-Virus should be installed in all the systems with automatic updates to make computer safer from spywares, viruses and Trojans.

There should be Span-filtering software installed in all the systems to protect the infrastructure to protect the outlook by getting suspicious programs.

Disable the service set identifier (SSID). WPA encryption and MAC filtering should be enabled. Access point should be configured that will allow traffic only from laptop and desktop computers in our office.

All systems should be having Windows Vista latest version

All systems should be automatically refreshed for updates.

All serial numbers should be logged

The server room should be locked properly.

Make strong backup plan for all the computers in external hard drives.

Teach all the employees to apply password to their computers and emails. The Password should be very strong.

The graph below shows the number of characters used in passwords verses the time needed to hack them. One extra character added to a password would make it more difficult for a hacker to crack it. The graph below shows that if the password contains 3 characters it will need 0.86 seconds to crack, where as 4 characters will require 1.36 minutes, 5 characters 2.15 hours, 6 characters 8.51 days, and 7 characters needs 2.21 years. Therefore, employees' passwords should contain at least 8 characters.

Following are some important considerations:

1) Develop a Policy on Information Security

A security policy must first have the support and commitment of all senior management, and it must be communicated to all employees as one of their responsibilities in any type of contractual relationship between employer and employees. This policy is to classify the different types of information, depending on the nature of each, the basic guidelines for the management and treatment in areas such as storage, backup and access. It should also establish fixed dates for formal review by management and the IT department. 2) Develop the processes needed to implement and maintain the policy

It is appropriate that a senior manager at management level takes responsibility to ensure that safety requirements are allocated to the relevant business areas. If no one in the organization is there who know and understand all the issues related to security, you can go to foreign aid. In any case, each business area has to have a security officer responsible for matters directly related to their core business, from IT security to physical security. Also, make sure you also know the safety rules outside the business that has access to partial information of the company, such as suppliers or partners.

3) Preserve and maintain the physical assets and data

You must create and maintain an updated inventory of assets including software and business information resources. It also has to assess each asset and classify information according to their importance ...