Security Policy

In: Computers and Technology

Submitted By torresmd
Words 3526
Pages 15
|MCSD IT Plan Document Information |
|Title: |MCSD IT Security Plan |
|Type: |MCSD Procedural Plan |
|Audience: |MCSD IT Employees and Management |
|Approval Authority: |Assistant Superintendent for Technology & Personnel |
|Contact: |mail to: bakatsm@marlboroschools.org |
|Status: |Proposed: |January 17, 2010 |
| |Approved: |TBA |

[pic]

MARLBORO CENTRAL SCHOOL DISTRICT

Information Technology Security Plan

January 17th, 2010

Table of Contents
Introduction................................................................................................................ 3
Information Technology Security Safeguards........................................................... 4
Physical Security....................................................................................................... 5
Personnel Security..................................................................................................... 5
Data Communications Security................................................................................. 5
Phone System Security.............................................................................................. 5
System Access…...

Similar Documents

Security Policy

...Security Policy CMGT 441 Security Policy Current Loan Process      McBride currently has two methods of applying for a loan: in-person or online. Either method eventually will return the same results; however, the online application method is faster as customers do not physically have to show up to an office to complete the paperwork. The obvious benefits of completing the loan application online far outweigh the physical appearance; however, there are a few downsides. The major downside is that should customers have questions about any portion of the loan application or loan process, they must either wait until their application has been received and turned over to a loan officer or contact one of eight offices via telephone. Current Security Issues Security of information is a major concern for businesses, but when dealing with the Internet, additional security threats emerge. Because McBride uses both an office setting and an online environment setting to accept loan applications, different security issues are related to each one. In-Person Almost all of McBride’s offices lack proper security features that will protect client information from getting stolen. All buildings located in each of the eight offices lack any sort of surveillance equipment. Because of this, hallways, offices, cubicles, and the parking area are not monitored for potential criminal activity. There are also no security measures in place that protect against unauthorized access into...

Words: 891 - Pages: 4

Security Policy

...Riordan Manufacturing Security Policy Smith Systems Consulting has been hired to evaluate and consult on the creation of a new information technology security policy to span the complete enterprise infrastructure. This document will serve as a recommendation for Riordan Manufacturing as it pertains to the enterprise wide information security strategy. Riordan Manufacturing currently has three locations within the United States and one location in Hangzhou, China. All of these locations have been evaluated and are considered part of the enterprise security policy. The review of the current information technology security policy was conducted based on the idea of improvement with respect to current technology trends and best practices. An evaluation of the enterprise infrastructure as a whole, as it pertains to information technology security, was also conducted. These evaluations were the starting point for Smith Systems Consulting to design a security strategy to best fit Riordan Manufacturing. The existing security policy consists of location-based data access to on-site servers and on-site access to Unix servers for ERP and MRP systems. Also, it was evident that there are a number of servers and data to be accessed from different operating systems that are deployed throughout the locations. The management of the existing security strategy is one that requires each individual to be assigned access permissions manually throughout their term of employment. This strategy......

Words: 304 - Pages: 2

Security Policies

...IT Security and Compliance Policy | IS3350/Security Issues; Roger Neveau; 3/12/2013; Mike Taylor, Instructor | This document is the Final Project for IS3350 Security Issues, creating and improving security policies for LenderLive Network | | Table of Contents Introduction2 Risk Analysis2 SWOT Analysis2 Physical Security5 Data Classification6 Regulatory Compliance8 Intellectual Property…………………………………………………………………………………………………………………………….10 Training……………………………………………………………………………………………………………………………………..............11 Security Breach……………………………………………………………………………………………………………………………………..12 Appendix A SWOT Analysis…………………………………………………………………………………………………………………..14 Appendix B Definitions………………………………………………………………………………………………………………………….17 Appendix C Roles…………………………………………………………………………………………………………………………………..18 Works Cited…………………………………………………………………………………………………………………………………………..19 Introduction An effective IT Security policy protects the organization against possible threats to the infrastructure and data that the organization has. It will provide and maintain its ability to provide confidentiality, integrity, availability, and security of the client’s data within the organization’s environment. Overview The IT Security and Compliance policy for LenderLive Network Inc. will detail the policies, procedures, and guidelines that the organization will adhere to, to ensure compliance of the Graham-Leach-Bliley Act (GLBA) and Federal Trade Commission’s Safeguards Rule. It......

Words: 4550 - Pages: 19

Security Policy

...sure all of the security policy is enforced by mechanisms that are strong enough. There are many organized methodologies and risk assessment strategies to assure completeness of security policies and assure that they are completely enforced. In complex systems, such as information systems, policies can be decomposed into sub-policies to facilitate the allocation of security mechanisms to enforce sub-policies. However, this practice has pitfalls. It is too easy to simply go directly to the sub-policies, which are essentially the rules of operation and dispense with the top level policy. That gives the false sense that the rules of operation address some overall definition of security when they do not. Because it is so difficult to think clearly with completeness about security, rules of operation stated as "sub-policies" with no "super-policy" usually turn out to be rambling rules that fail to enforce anything with completeness. Consequently, a top level security policy is essential to any serious security scheme and sub-policies and rules of operation are meaningless without it. If it is important to be secure, then it is important to be sure all of the security policy is enforced by mechanisms that are strong enough. There are many organized methodologies and risk assessment strategies to assure completeness of security policies and assure that they are completely enforced. In complex systems, such as information systems, policies can be decomposed into sub-policies to......

Words: 374 - Pages: 2

Security Policies

...Security At (Red)E IT Solutions we are dedicated to bringing you the most comprehensive and secure security solutions available anywhere today. These policies are put in place to keep company and personal resources secure, maximize company productivity, and keep systems working in proper condition. In order for these policies to work careful and comprehensive training on all of the workplace security policies must take place. The policies can only be as strong as the employees following them. Educated employees and careful monitoring will be the strongest foundations to our secure infrastructure. Internet Security Policy Purpose The purpose of this policy is to define standards for systems that monitor and limit web use from any host within the network. These standards are designed to ensure employees use the Internet in a safe and responsible manner, and ensure that employee web use can be monitored or researched during an incident. Scope This policy applies to all employees, contractors, vendors and agents with a company owned or personally-owned computer or workstation connected to the network. This policy applies to all end user initiated communications between our network and the Internet, including web browsing, instant messaging, file transfer, file sharing, and other standard and proprietary protocols. Server to Server communications, such as SMTP traffic, backups, automated data transfers or database communications are excluded from......

Words: 1791 - Pages: 8

Security Policy

...Law and Policy Case Study September 15, 2013 Introduction In the field of information security, there are many types of law. As senior managers, it is important to be knowledgeable of the legal environment. Once this information is learned and retained, then it will increase access and understanding of information security. Laws and practices that are related to information security will be discussed and how these laws impact organizations today and ensures confidentiality, integrity, and availability, of information and information systems. Governance policy will be discussed and recommendations for development of governance policy in an organization. Analysis The law in information security is very broad. There are different types of laws in information security. Civil law, criminal law, administrative law, and constitutional law are all part of law in information security. Civil law deals with law associated with individuals and organizations. Criminal laws are laws that effect society and are prosecuted by the state. Cornell University defines administrative law as “Branch of law governing the creation and operation of administrative agencies. Of special importance are the powers granted to administrative agencies, the substantive rules that such agencies make, and the legal relationships between such agencies, other government bodies, and the public at large (Cornell, 2010).” Constitutional law deals with how law...

Words: 824 - Pages: 4

Security Policy

...TABLE OF CONTENTS 1. POLICY STATEMENT ..................................................................2 2. ACCESS CONTROL.....................................................................3 4. DOCUMENTED DATA SECURITY POLICY.................................4 1. POLICY STATEMENT It shall be the responsibility of the I.T. Department to provide adequate protection and confidentiality of all corporate data and software systems, whether held centrally, on local storage media, or remotely, to ensure the continued availability of data and programs to all authorized members of staff, and to ensure the integrity of all data and configuration controls. Summary of Main Security Policies 1.1. Confidentiality of all data is to be maintained through discretionary and mandatory access controls, and wherever possible these access controls should meet with C2 class security functionality. 1.2. Access to data on all laptop computers is to be secured through encryption or other means, to provide confidentiality of data in the event of loss or theft of equipment. 1.3. The use of unauthorized software is prohibited. In the event of unauthorized software being discovered it will be removed from the workstation immediately. 1.4. Data may only be transferred for the purposes determined in the corporate data- protection policy. 1.5. All disk drives and removable media from external sources must be virus checked before they are used within the corporation. 1.6. Passwords......

Words: 1364 - Pages: 6

Security Policy

...University of Maryland University College CMIS 102 - Introduction to Problem Solving & Algorithm Design Section 6383 (WebTycho) Assignment 4 – Flow Control Statements 8 points Due by Saturday, April 3, 2010 at Midnight   This program is to be submitted via the WebTycho Assignments folder no later than the date and time shown above to avoid losing points per the rules stated in the Syllabus. Do not mail, e-mail or fax this assignment to the instructor or TA! It is your responsibility to review the policies for the assignments and projects specified in the syllabus and adhere to all guidelines. These rules are meant to apply equally to everyone. Please do not ask for special exceptions! There is no extra ‘make-up work’ for points lost on this exercise.   This programming exercise requires you to demonstrate your understanding and mastery of: |Functional Programming |Modules | |Step-wise refinement |Flow control statements | |Selection and Repetition structures |Program documentation | 1. (5 points): Complete the Programming Exercise: Maximum of three floating points. The code template is provided below 2. (3 points): Test your code with the numbers shown in the table below, See if you get the expected answer Develop a test suite for your code. Test......

Words: 485 - Pages: 2

Security Policies

...Bowie State University Department of Management Information Systems INSS 887: Emerging Issues in Information Security Assignment #3 Summer Session, 2014 Instructions: Answer each question thoroughly. Points will be deducted for fragmentary answers. The completed assignment should be submitted in the designated Drop Box by midnight on Sunday, July 27, 2014. 1. ABC Corporation has a thorough security plan for the primary and recovery systems used to ensure that even during a recovery the information is protected. Comprehensive plans are only a part of its efforts in securing recovery. Assuming that ABC will use contract employees for part of the recovery, describe how the company can mitigate the threat from using contract employees. 2. Britain plans to establish a dedicated military unit to counter cyber attacks. The unit will comprise of hundreds of computer experts to help defend Britain's national security. The plan is for the "cyber reservists" to work alongside regular forces in the new Joint Cyber Reserve Unit in a bid to protect key computer networks and safeguard data. According to Prime Minister David Cameron, the new capability would be able to "counter-attack in cyber-space and, if necessary, to strike in cyber-space as part of our full-spectrum military capability". "In response to the growing cyber threat, we are developing a full-spectrum military cyber capability, including a strike capability, to enhance the UK's range of military......

Words: 1401 - Pages: 6

Security Policies

...to initiate logon and authentication to the school realm for access to Remote Desktop through the use of a standard Penn supported web browser. Domain Authentication works the same as in option one. Once authenticated a user has access to their RDP profile and file share access on to the department server. The RDP user profile is configured to provide access to individual workstation. The screen size and resolution, local drive and printer mapping can also be defined if needed.  This option offers a user a secure way to remote desktop to their workstation from home or anywhere on the road. This option is especially useful if the workstation is on a private vLAN where only internal traffic is allowed through the use of a hardware firewall policy....

Words: 282 - Pages: 2

Security Policy

...Subject: Management Information Systems Assignment: Security Poli Cooney Hardware Ltd Security Policy Table Of Contents * Introduction * Purpose * Why do we need a Security Policy * What is a Security Policy * Building Issues * IT Policy * Risk Analysis (Identifying The Assets) * Risk Management(Identifying The Threats) * Personal Security * Health And Safety * Auditing * Security Threats * Network Policy * Delivery Of Goods * Conclusion * Introduction Information Security has come to play an extremely vital role in today’s fast moving but invariably technically fragile business environment. Consequently, secured communications and business are needed in order for both Cooney Hardware Ltd. and our customers to benefit from the advancements the internet has given us. The importance of this fact needs to be clearly highlighted, not only to enhance the company’s daily business procedures and transactions, but also to ensure that the much needed security measures are implemented with an acceptable level of security. It’s sad to see that the possibility of having our data exposed to a malicious attacker is constantly increasing everyday due to the high number of ‘security illiterate’ staff also having access to sensitive and sometime even secret business information. * Purpose The purpose of this policy is to secure and protect the assets owned by Cooney Hardware Ltd, one of the biggest hardware...

Words: 2252 - Pages: 10

Security Policy

...Abstract 3 Security Policy Part 1 4 Computers 4 Switches 4 Personal Drives 5 Patient Database 5 Department Shared Folders 6 Network Configuration 6 Thumb Drives 7 Email Account 7 Account Management 7 Wireless Network 8 Security Policy Part 2 8 Missing 9 Incomplete 9 Inaccurate 10 Ill advised 10 References 12 Abstract This paper is based on two companies and their security policies. Some companies have a security policy that is complete and some companies have a security policy that is incomplete. The company that has a complete security policy will be able to activate that policy when a security violation occurs. The users and network administrator will know exactly what to do to mitigate the incident. The policy should have a corrective action section that will guide the people involved on how to handle the incident. Then there are those companies that have an incomplete plan so when a security violation occurs the whole company is in an up roar because they do not know what to do. These companies will have to mitigate the incident as they go and when this happens the process is not complete leaving things left undone. The best practice for every company is to have a complete and accurate security plan that is reviewed annually. The Security Policy Security Policy Part 1 I work for a hospital so network security is very important when it comes to keeping patient data safe. Ten things that are subject to compromise are: computers, switches,......

Words: 2464 - Pages: 10

Security Policy

...Security Policy Marc Johnson CMGT/441 December 21, 2014 Praful Dixit Security Policy for McBride Financial Services Information Technology (IT) Security Policy I. SCOPE This IT Security Policy has been undertaken In order to safeguard sensitive, confidential, and proprietary information that is passed through the network of McBride Financial Services. The safety and security of such information is vital to the success of McBride Financial Services and any sensitive information that is compromised would be harmful to McBride Financial Services and its efforts as an organization. Use of information technology networks by employees of McBride Financial Services is permitted and encouraged where such use supports the goals and objectives of the organization. However, McBride Financial Services has a policy for the security of the information that is shared trough these networks. Employees must ensure that they: * Comply With the current IT Security policy, * Use information technology networks in an acceptable, safe, and responsible manner, and * Do not create unnecessary risk to McBride Financial Services by their misuse of information technology networks. II. POLICY STATEMENT All members, employees, guests, and individuals are responsible for adhering to this IT policy and maintaining the security of proprietary information shared on the information technology networks of McBride Financial Services. This IT Security Policy is......

Words: 711 - Pages: 3

Security Policy

...Medical General Hospital Security Policy Introduction Information is an essential asset and is vitally important to Medical General Hospital business operations and long-term viability. Medical General Hospital must ensure that its information assets are protected in a manner that is cost-effective and that reduces the risk of unauthorized information disclosure, modification, or destruction, whether accidental or intentional. The Medical General Hospital Security Policy will adopt a risk management approach to Information Security. The risk management approach requires the identification, assessment, and appropriate mitigation of vulnerabilities and threats that can adversely impact Medical General Hospital information assets and patient records. Objectives • To keep all private patient files confidential • Allow only doctors and nurses access to private documents of patient • Setup username and passwords for employees • Setup badges for contactors and janitors • To comply with all security measures • To make sure private information about company files are prohibited • To make sure all printed documents that can be a threat to the company are shredded and not thrown in trash. • To make sure all staff shutdown workstation after using at the end of the day • To enforce that Surveillance cameras are monitored 24hrs a day 7days a week • To make sure visitors check in at the front before seeing the patient’s • Protect all data from......

Words: 5676 - Pages: 23

Security Policy

...PROJECT 2 Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.[1] The terms information security, computer security and information assurance are frequently used interchangeably. These fields are interrelated often and share the common goals of protecting the confidentiality, integrity and availability of information; however, there are some subtle differences between them. These differences lie primarily in the approach to the subject, the methodologies used, and the areas of concentration. Information security is concerned with the confidentiality, integrity and availability of data regardless of the form the data may take: electronic, print, or other forms. Computer security can focus on ensuring the availability and correct operation of a computer system without concern for the information stored or processed by the computer. Information assurance focuses on the reasons for assurance that information is protected, and is thus reasoning about information security. Governments, military, corporations, financial institutions, hospitals, and private businesses amass a great deal of confidential information about their employees, customers, products, research, and financial status. Most of this information is now collected, processed and stored on electronic computers and transmitted across networks to other computers. Should......

Words: 332 - Pages: 2

1x882 Acacias 38 | Batman: La máscara del fantasma (1993) | Die Schnorchels (0)