• Uncategorized

Security Proposal

SecurityProposal

SecurityProposal

Accordingto Fischer R, (2012), security involves protection againstcontingencies that might put a stop to normal company operation,ongoing and making of profits. The aftermath of 9/11, the attacks onTrade Centre and the Pentagon shocked the nation. It is now a dailyreality for the government to get involved in the business ofsecurity. Also, the security industry has, in turn, responded to thethreat of terrorism. It is an absolute need for the safety firms tokeep up with the rapidly changing technology that is now in use inthe industry. Criminals have learned ways to use the same technologyagainst innocent people and organizations. Protecting information hasbecome a complicated thing to do as it is migrated to and fro incomputer files and networks. Containing information that ranges frompersonal identification, criminal records, government information,and company and inventory records is make life easy yet complicated.The dependency on information technology can be of help, butconsequences of security breaching can mean a lot of losses for thecompany. This can be monetary losses, damage of internal processesand communication not to mention the negative it would cause to acompany`s reputation, trust and goodwill and loss of competitiveadvantage. Information systems need to be safe and secure for asmooth run of business.

Thefollowing is a list of the ABC, facility`s requirement. Meaning, thisis the challenges to be tackled by the security firm under the ABCCorporation.

  • Controlled access to the building for everyone.

  • Lobby, conference area, and sales area that needs controlling access

  • A highly secure area for system designers

  • An extremely safe area to house the data center.

  • Secure transfer of archival data between Atlanta and New York

  • Secure access to the Internet for employees

Thepurpose of an information security program is to protect the valuableinformation resources of an enterprise (Peltier 2016). The policiesand objectives of the firm need to be able to meet the requirementsof the facility are to ensure that providing security for allinformation and employees as well as those who access the building.

SecurityPolicies

  • To protect the confidentiality of the company and that of the information assets appropriately

  • Preventing and controlling unauthorized data access by properly protecting information assets

  • Preventing unintentional actions that may lead to information getting to a third party during transmission

  • Appropriate reporting mechanisms of security flaws to ensure they are investigated and handled.

Objectives

  • Confidentiality-controlling and preventing external access to information assets.

  • Availability- security personnel and equipment is kept strategically and inaccessible locations.

  • Integrity-ensuring that the information assets are not in any way mishandled leading to information falling into the wrong hands.

  • Non-repudiation-a security program that can give undisputable evidence that a particular action has happened.

  • Professionalism-having a staff membership that is qualified and has professional skills, very well conversant with information technology and information security management.

  • Establishment of quantified information, able to ensure the safety goals through security review meeting and administration over a given time.

Solutions

  • To control access to the building for everyone, by installing cost effective building access control systems that will help achieve maximum security. The system should allow the user to access the platform from a certain location or through internet connected devices.

  • Through security auditing, the facility can look into threats that could disrupt its operations, and also systems that could affect the occupants. It should be able to check the ability of occupants to be able to be evacuated from the facility in cases of emergency.

  • Controlling access to rooms to where computers and data are held using security systems and personnel to secure the area that is to house the data center.

  • To secure system designs by installing firewall systems and locking the computer systems with a password. Adding whole disk encryptions, Vacca R, to laptop computers is also a new way of ensuring data security,

  • Being up to date with security related upgrades. It will help to avoid viruses those nasty codes.

  • So as to contain confidential data, the facility`s security should impose non-disclosure measures for the users and also the managers.

  • Develop a system that should be able to detect and thwart, Johnson R, (2015) attempts to perform an in-authorized activity.

  • Ensuring safe transfer of archived data. Index the data and store in a way it can be easily accessed.

Toachieve high-quality security measures the facility needs to havequalified information personnel and information technologists. Theyshould be able to

  • Pay attention to detail in this they should be able to ensure everything works efficiently. The slightest mistake can lead to a change in how programs run and may result in information falling into the wrong hands. Competence is essential,

  • They should be open and committed to learning. Technology is changing on a daily basis. They should be able to keep up with new technologies and security systems. This will also prevent their systems from being hacked or acquiring viruses

  • Having a good memory is a plus for an information technologist. They should have the ability to memorize programming languages and also know how to use a lot of computer programs.

  • It is also important for computer technologists to have other skills such as finance and business. It will also be suitable for the facility when they can be able to know the inexpensive but quality systems.

  • Information technologists should have outstanding analytical skills, able to solve security problems efficient and fast in developing new ideas. Be able to understand how complex is the safety of the information is, how to control it and the feedback. (Jacobs 2014).

ImplementationStrategies

Thefull security for the facility must cover three crucial aspects ofthe area. These aspects include industrial security, network securityand system security (Johnson 2015). The industrial security dealswith the actual physical protection of the facility. Entry should bebarred from unauthorized people using secure doors, alarm systems,and a protection detail. The network security involves managing theinterfaces between various sections of the organization. This controlof access to information and data is meant to protect sensitivedetails from being accessed by the wrong people. Network security isthe best way of avoiding industrial espionage (Johnson 2015). The useof firewalls is one of the best approaches towards this type ofsecurity. Another strategy will be to split up the network of theorganization into separate levels that can only be reached by variousstages of clearance. System security ensures that every sector of thesystem is not compromised in any manner. The best measures thatguarantee the integrity of the system include the use of antivirusprograms, use of authentication of authorized personnel, regularmaintenance and updates of software, and a combined method ofaccessing information, especially for the automated processes(Johnson 2015).

Thebest approach to avoiding hazards and security risks at the facilityis by improving the security management of the firm. Every memberinvolved with securing the facility should know their roles and theyshould always be aware of the potential threats that their departmentmight face (Johnson 2015). Making the personnel more cautious aboutthe risks that can occur greatly improves their ability to protectthe organization.

Belowis a Performance Outcome Measurement Process Chart.

Type

Category

Example

Purpose

Out come

Inventory secured

The facility is protected to an acceptable risk level, compliant to ISC

The facility is equipped with adequate countermeasures

Working security measures

Security countermeasure is working to meet the goal.

Effective security measures

Incident reduction

Reducing thefts, vandalism and data mishandling

Strategic goal execution geared to reduce violations

Efficiency in programming

Physical security program operating efficiently

Mission accomplished within resources

Outcome

Preparedness in cases of emergency

Everyone in the facility is trained and prepared to respond in the event of an emergency

Employees based on successful training

ISC-InteragencySecurity Committee

References

Fischer,R., Halibozek, E., &amp Walters, D. (2012).&nbspIntroduction toSecurity. Burlington: Elsevier Science.&nbsp

Jacobs,J. (2014).&nbspData-Driven Security: Analysis, Visualization andDashboards. Wiley.&nbsp

Johnson,R. (2015).&nbspSecurity policies and implementation issues, secondedition. Burlington, MA: Jones &amp Bartlett Learning.

&nbspPeltier,T. R. (2016).&nbspInformation security policies, procedures, andstandards: Guidelines for effective information security management.Boca Raton: Auerbach Publications.&nbsp

Vacca,J. R. (2013).&nbspComputer and information security handbook.Amsterdam: Morgan Kaufmann Publishers is an imprint of Elsevier.&nbsp