PROJECT 4: CASE STUDY 1 (CON’T) SECURITY PLAN AND RECOMMENDATION MEMO
This project involves the development of a Security Plan and a Recommendation Memo to the CIO. The plan communicates the security, policies, and the technologies being recommended from Projects 1, 2, and 3.
Information Security Plan
Executive Summary
This information security plan is meant to establish and state the policies that govern Banking Solutions Inc.’s IT standards as well as practices. The plan will protect the organization’s information and its critical data resources from possible threats. The main objective is to ensure the existing business continuity in the organization, minimize business risks, and maximize the organization’s return on investment including business opportunities. The information security will be achieved through the implementation of suitable controls, which include policies, security technology processes, procedures, hardware and software functions, and organizational structures. The controls have to be established and implemented, monitored and reviewed, as well as improved accordingly. This would ensure that the organization’s security, as one of the many business objectives, is achieved. This involves governing the privacy, security, as well as confidentiality of the organization’s data. All users of the organization are required to follow the Banking Solutions Inc. policies. It is also required that the organization’s employees maintain a shared responsibility regarding security of the organization’s information with respect to their departments.
Purpose
The main purpose of this security plan is to see that Banking Solutions maintains confidentiality, integrity, and data availability. The plan also will ensure that Banking Solutions defines, develops, and documents information policies as well as procedures supporting the goals and objectives of the organization. The plan also aims to allow Banking Solutions to satisfy responsibilities regarding the legal and ethical requirements with respect to the organization’s IT resources. The security policies and procedures stand for the organization’s foundation. Internal controls would provide a system of checks as well as balances meant for identifying irregularities, preventing waste, as well as fraud and abuse of information.
Scope
The plan will apply to the whole organization including the management, employees, and other stakeholders. The key idea is to ensure data security. The information to be protected is typically part of the organization’s assets such as data, images, text, software, and related information resources whether stored online, on computers, or on paper among other storage media.
IT Governance Committee and Responsibilities
It governance is typically the management’s responsibility. It consists of aspects such as the leadership, the organizational structure, and the process for ensuring that IT sustains and extends the organization’s strategies and objectives. The management, in this case, will be responsible for the people to govern the information security and the strategic direction to be taken. It will ensure that the information security objectives are achieved accordingly.
The Organization’s Policy Statement
All departments within the organization will be obligated to protect the organization’s information resources. This will be done by implementing the security standards as well as procedures that are developed and approved by the government and the Information Security Board of Review. The organization’s departments will be required to meet all the minimum security standards. All departments would be encouraged to adopt the standards exceeding the minimum requirements. The information users will be responsible for complying with the general policies and their respective departments’ policies.
Enforcement
All users will be required to comply with both federal and state laws as well as the organization’s policies and procedures that govern the high-sensitive data security. Any user caught engaging in unauthorized access, use, alteration, destruction, or disclosure of data/information will be violating this plan and will be subjected to the appropriate disciplinary action such dismissal or legal action or even both.
Information Security Program
Information security programs have been established, documented, and implemented. The programs are typically designed to improve IT operations effectiveness and ability to satisfy the existing regulatory requirements. The program is mainly set to ensure confidentiality as well as integrity of information within the organization. It is also meant to maintain an appropriate level of information and data accessibility. Three technological means have been put in place to ensure that information is protected from all reasonable forms of threat. The most technological/program measures include the use of firewall protection, use of remote access technology, and the use of account lockout technology/program (Avoyan, 2011). These technological means have both software and hardware components aimed at keeping information and related facilities secure.
Regarding the firewall protection technology, the organization’s computers would be protected from internet threats by a firewall. An ISA Server is used to provide proxy firewall solutions to the organization. The firewall protection network diagram would be as shown in figure 1 below (Avoyan, 2011).
Firewall Protection Technology
Figure 1: Firewall Protection Network Diagram
Remote Access Technology
For the remote access technology, Banking Solutions Inc. would be able to control its users such that they can only connect to the internet from a specified remote location. This will allow the use of network resources, but at a controlled usage such that external threats are minimized. The same technology minimizes the risk of attackers gaining unauthorized access to the organization’s threats. The technology will enhance information security and allow user flexibility, even those willing to work from home (Microsoft, 2014). The remote access technology can be designed as shown in figure 2 below.
Figure 2: Remote Access Technology Network Diagram
Account Lockout and Password Technology Concept
This technology program would be important because the security of the organization’s information relies on the restriction level against unauthorized users. This program controls aspects like the number of possible login attempts, password length, password uniqueness, as well as password lifespan. Other than logon attempts, it prevents dictionary attacks, which involve the use of known words to try to access account information (Microsoft, Account Lockout and Password Concepts, 2004). Brute force attacks in which unauthorized users try all possible permutations, are prevented. Figure 3 describes the authentication process using the steps, which occur whenever logon attempts fail to work.
Figure 3: A Network Diagram for Failed Logon Attempt Process
Associated Costs
The cost of ensuring security on the organizations information is relatively high. The cost would include installation cost for the three technologies, running costs, maintenance costs, and labor cost. The management will need to set a budget to meet these cost.
Risk Assessment
Risk assessment would be important to determine the vulnerability of the organization information to attacks. There is generally a high risk since Banking Solutions is a financial institutions with some online transactions and mode of payment. Besides, financial information is highly vulnerable to security attacks. The management can thus formulate effective strategies after an effective risk assessment (Microsoft, Account Lockout and Password Concepts, 2004).
Expected Return on Investment (ROI)
ROI would be the benefits resulting from the investment of security technologies. The technologies are likely to yield high ROI in which the investment gains would compare favourably to the investment costs. As long as risks and previous security problems will be eliminated, the technologies will result to increased profitability of the business. ROI will determine the plan effectiveness (Farris, Bendle, Pfeifer, & Reibstein, 2010). It will be computed as follows:
ROI = (Net profits / Investment Cost) × 100
Where:
Net Profit = Gross Profits –Total Expenses
Recommendation Memo
MEMO TO: The CIO
FROM: Information Security Planner
DATE: October 25, 2014
SUBJECT: INFORMATION SECURITY PLAN FOR BANKING SOLUTIONS INC.
Banking Solutions Inc. is currently facing significant information security problems. The sensitivity of its business operations requires the use of highly secured information systems. An information security plan has been designed to help solve the problem. The plan incorporates three key technological security programs. These include firewall protection technology, account lockout technological process, and a remotely controlled access technology. A combination of these technologies would ensure that all possible threats to the organization’s information are mitigated.
The security plan will ensure that security on information is promoted with respect to the organization’s policies and government regulations. The main objective will be ensuring continuity of the business, minimizing information security risks, and maximizing the returns on investment (ROI). A close analysis has shown that although the investment cost would be relatively high, the financial benefits would be high. This is because the number of risks would be minimized greatly. Investors are likely to be attracted to the business because of the increased profitability and decreased risks of losses. This follows the fact that security controls would be in place to increase customer confidence as well. It is therefore recommended that the plan be reviewed the soonest possible in order to facilitate the necessary steps for implementation. It is also advisable to initiate any changes on the plan where necessary to perfectly meet the organization’s needs and budget especially given the prevailing changes within the business environment.
References
Avoyan, H. (2011, August 17). How to Protect Your Network: Firewall Best Practices. Retrieved from blog.monitis.com: http://blog.monitis.com/2011/08/17/how-to-protect-your-network-firewall-best-practices/
Farris, P. W., Bendle, N. T., Pfeifer, P. E., & Reibstein, D. J. (2010). Marketing Metrics: The Definitive Guide to Measuring Marketing Performance. Upper Saddle River, New Jersey: Pearson Education, Inc.
Microsoft. (2014, July 31). Account Lockout and Password Concepts. Retrieved from technet.microsoft.com: http://technet.microsoft.com/en-us/library/cc780271%28v=ws.10%29.aspx
Microsoft. (2014). Securing Remote Access. Retrieved from technet.microsoft.com: http://technet.microsoft.com/en-us/library/cc875831.aspx
Get Professional Assignment Help Cheaply
Are you busy and do not have time to handle your assignment? Are you scared that your paper will not make the grade? Do you have responsibilities that may hinder you from turning in your assignment on time? Are you tired and can barely handle your assignment? Are your grades inconsistent?
Whichever your reason is, it is valid! You can get professional academic help from our service at affordable rates. We have a team of professional academic writers who can handle all your assignments.
Why Choose Our Academic Writing Service?
- Plagiarism free papers
- Timely delivery
- Any deadline
- Skilled, Experienced Native English Writers
- Subject-relevant academic writer
- Adherence to paper instructions
- Ability to tackle bulk assignments
- Reasonable prices
- 24/7 Customer Support
- Get superb grades consistently
Online Academic Help With Different Subjects
Literature
Students barely have time to read. We got you! Have your literature essay or book review written without having the hassle of reading the book. You can get your literature paper custom-written for you by our literature specialists.
Finance
Do you struggle with finance? No need to torture yourself if finance is not your cup of tea. You can order your finance paper from our academic writing service and get 100% original work from competent finance experts.
Computer science
Computer science is a tough subject. Fortunately, our computer science experts are up to the match. No need to stress and have sleepless nights. Our academic writers will tackle all your computer science assignments and deliver them on time. Let us handle all your python, java, ruby, JavaScript, php , C+ assignments!
Psychology
While psychology may be an interesting subject, you may lack sufficient time to handle your assignments. Don’t despair; by using our academic writing service, you can be assured of perfect grades. Moreover, your grades will be consistent.
Engineering
Engineering is quite a demanding subject. Students face a lot of pressure and barely have enough time to do what they love to do. Our academic writing service got you covered! Our engineering specialists follow the paper instructions and ensure timely delivery of the paper.
Nursing
In the nursing course, you may have difficulties with literature reviews, annotated bibliographies, critical essays, and other assignments. Our nursing assignment writers will offer you professional nursing paper help at low prices.
Sociology
Truth be told, sociology papers can be quite exhausting. Our academic writing service relieves you of fatigue, pressure, and stress. You can relax and have peace of mind as our academic writers handle your sociology assignment.
Business
We take pride in having some of the best business writers in the industry. Our business writers have a lot of experience in the field. They are reliable, and you can be assured of a high-grade paper. They are able to handle business papers of any subject, length, deadline, and difficulty!
Statistics
We boast of having some of the most experienced statistics experts in the industry. Our statistics experts have diverse skills, expertise, and knowledge to handle any kind of assignment. They have access to all kinds of software to get your assignment done.
Law
Writing a law essay may prove to be an insurmountable obstacle, especially when you need to know the peculiarities of the legislative framework. Take advantage of our top-notch law specialists and get superb grades and 100% satisfaction.
What discipline/subjects do you deal in?
We have highlighted some of the most popular subjects we handle above. Those are just a tip of the iceberg. We deal in all academic disciplines since our writers are as diverse. They have been drawn from across all disciplines, and orders are assigned to those writers believed to be the best in the field. In a nutshell, there is no task we cannot handle; all you need to do is place your order with us. As long as your instructions are clear, just trust we shall deliver irrespective of the discipline.
Are your writers competent enough to handle my paper?
Our essay writers are graduates with bachelor's, masters, Ph.D., and doctorate degrees in various subjects. The minimum requirement to be an essay writer with our essay writing service is to have a college degree. All our academic writers have a minimum of two years of academic writing. We have a stringent recruitment process to ensure that we get only the most competent essay writers in the industry. We also ensure that the writers are handsomely compensated for their value. The majority of our writers are native English speakers. As such, the fluency of language and grammar is impeccable.
What if I don’t like the paper?
There is a very low likelihood that you won’t like the paper.
Reasons being:
- When assigning your order, we match the paper’s discipline with the writer’s field/specialization. Since all our writers are graduates, we match the paper’s subject with the field the writer studied. For instance, if it’s a nursing paper, only a nursing graduate and writer will handle it. Furthermore, all our writers have academic writing experience and top-notch research skills.
- We have a quality assurance that reviews the paper before it gets to you. As such, we ensure that you get a paper that meets the required standard and will most definitely make the grade.
In the event that you don’t like your paper:
- The writer will revise the paper up to your pleasing. You have unlimited revisions. You simply need to highlight what specifically you don’t like about the paper, and the writer will make the amendments. The paper will be revised until you are satisfied. Revisions are free of charge
- We will have a different writer write the paper from scratch.
- Last resort, if the above does not work, we will refund your money.
Will the professor find out I didn’t write the paper myself?
Not at all. All papers are written from scratch. There is no way your tutor or instructor will realize that you did not write the paper yourself. In fact, we recommend using our assignment help services for consistent results.
What if the paper is plagiarized?
We check all papers for plagiarism before we submit them. We use powerful plagiarism checking software such as SafeAssign, LopesWrite, and Turnitin. We also upload the plagiarism report so that you can review it. We understand that plagiarism is academic suicide. We would not take the risk of submitting plagiarized work and jeopardize your academic journey. Furthermore, we do not sell or use prewritten papers, and each paper is written from scratch.
When will I get my paper?
You determine when you get the paper by setting the deadline when placing the order. All papers are delivered within the deadline. We are well aware that we operate in a time-sensitive industry. As such, we have laid out strategies to ensure that the client receives the paper on time and they never miss the deadline. We understand that papers that are submitted late have some points deducted. We do not want you to miss any points due to late submission. We work on beating deadlines by huge margins in order to ensure that you have ample time to review the paper before you submit it.
Will anyone find out that I used your services?
We have a privacy and confidentiality policy that guides our work. We NEVER share any customer information with third parties. Noone will ever know that you used our assignment help services. It’s only between you and us. We are bound by our policies to protect the customer’s identity and information. All your information, such as your names, phone number, email, order information, and so on, are protected. We have robust security systems that ensure that your data is protected. Hacking our systems is close to impossible, and it has never happened.
How our Assignment Help Service Works
1. Place an order
You fill all the paper instructions in the order form. Make sure you include all the helpful materials so that our academic writers can deliver the perfect paper. It will also help to eliminate unnecessary revisions.
2. Pay for the order
Proceed to pay for the paper so that it can be assigned to one of our expert academic writers. The paper subject is matched with the writer’s area of specialization.
3. Track the progress
You communicate with the writer and know about the progress of the paper. The client can ask the writer for drafts of the paper. The client can upload extra material and include additional instructions from the lecturer. Receive a paper.
4. Download the paper
The paper is sent to your email and uploaded to your personal account. You also get a plagiarism report attached to your paper.
PLACE THIS ORDER OR A SIMILAR ORDER WITH US TODAY AND GET A PERFECT SCORE!!!
