SECURITY POLICY

Creating a security policy

Kaplan University

Abstract

Security policy plays a vital role in securing the information on any network. It contains principles that help in securing the data and eliminating the thread available for these types of organizations that deals in information technology or networking. In this assignment we understand how to create an effective security policy for any network by defining and creating policy for an organization that provides internet service in an area. The second part of this assignment is based on analysis of a case study of Acme security policy. In the policy of Acme there are many weaknesses are found that should be eliminated by this organization as it may provide various thread of data or information security to this organization network.

Creating a security policy

Introduction

A security policy is a strategy that explains how an organization will implement principles and technologies of Information Security. It is basically a business plan that deals with the aspect of Information Security of a business or organization (Bieber, 1992; Cuppens, 1993). A security policy is different from security processes and procedures. This policy will provide both specific and high level guidelines on how an organization can protect its data, but will not specify exactly how that is to be accomplished. This provides a way to choose which security devices and methods are best for your organization according to your needs and budget. A security policy should cover all your company's electronic systems and data. As a general rule, a security policy would not cover hard copies of company data but some overlap is inevitable, since hard copies invariably were soft copies at some point. Where the security policy applies to hard copies of information, this must be specifically stated in the applicable policy (Cholvy, 1995, 1997). In this assignment we are going to develop a security policy for an organization network that provides internet facility in any specific area. The security policy for the network of this organization can be developed using following steps:

Part 1

List of Ten important functions and information

This list is comprises on the items and information data that are used in the business of selected organization to provide internet service in an area. Important items and information data that are critical in this business includes:

Server Computer Systems

Wireless Routers and Switches

Web contents

Email services between networks

Internet Access

User Data

Access Rights for Users

Network Information

Data Storage or Data Sharing Disks

Maintenance of Network equipment

Threads for selected parts and information of network

Illegal use of wireless routers

The most common practice and thread for internet service providers in any area is the illegal use of wireless routers as the wireless routers does not require any type of wire for making connection (Wood, 2005). If the password of the wireless routers are not setup effectively and if number of users connected with the respective wireless router cannot be monitored effectively, then everyone that lies within the range of this router have the chance to connect with that router which is a serious thread for any network service ...