Technical Security Policy Proposal For Small Company

1266 words - 5 pages

TicTek Inc is a small company with about a hundred employees and one facility. The company sells home security electronics online. The devices are manufactured by a third party company and shipped to TicTek, whereupon they are warehoused until they are purchased through the company’s website. The warehouse staff prepares and ships customer orders in the same facility which houses the office staff and management. TicTek has a few major stockholders, but the majority of the company’s stock is owned by its executives and employees. Due to the online nature of the company’s business dealings, TicTek has placed a high priority on the security of network resources, including vendor data, customer data, high availability, and incident response. Mr. Tic, the CEO, has recently requested a security proposal from the IT department to formally put into place a comprehensive security plan to keep the company’s network secure.
Technical Security Aspects
In creating an effective security policy, it is important to identify what needs to be protected, and the likelihood of attack for each network device. The lifeblood of TicTek is its online sales; therefore it is vital to protect the company’s web servers and payment processing server, bearing in mind confidentiality, integrity, and availability. A vulnerability assessment will need to be conducted before and after technical security measure are in place for the purpose of identifying specific network vulnerabilities. According to Joseph Migga Kizza (2011), “Vulnerability assessment is a periodic process that works on a system to identify, track, and manage the repair of vulnerabilities on the system” (p.139). Thereafter, a vulnerability assessment will be scheduled every six months to identify any new threats to the network. The network and its servers will be protected by the use of an intrusion detection system (IDS), firewalls, and anti-malware programs.
Firewalls will be placed between the web servers and the outer edge of the network, facing the Internet. Such a configuration, called a demilitarized zone (DMZ), will provide an additional layer of defense from a network breach. If the web servers are compromised, there will be an additional barrier between them and the intranet. The firewalls will be configured to deny everything, and then the ports that are needed for the functioning of the network will be allowed. For the sake of expense and administrative simplicity, the firewall will be a stateful packet filter firewall, as opposed to an application proxy firewall, which would offer higher security and configurability at the expense of administrative complexity due to the need for a proxy for each application in use by the company. The packet filtering firewall filters traffic based on predefined rules.
A network based IDS will be used on all network subnets and the system will be anomaly based. An anomaly based IDS is preferable for its ability to detect zero day attacks. With a signature...

Find Another Essay On Technical Security Policy Proposal for Small Company

Policy Proposal for Economic Reform in Russia

2761 words - 11 pages Policy Proposal for Economic Reform in Russia Despite making a recovery after the 1998 market crash, Russia remains weighted with numerous holdovers from the Communist era that keep its economy from taking advantage of free-market reforms. In short, Russia has not prospered under capitalism because it has not yet discovered it. In order to do so, the Russian government must engage in extensive reform in several key areas: improving the rule

Proposal to Help Set Goals for the SC Company

1080 words - 4 pages workers are worried about their jobs and feel they are "just trying to do the best they can." This proposal is to help set goals for the workers at SC Company. Locke and Latham (2002), define goals as an object or aim of an action. The following theories are to address the problems at the SC Company. The notion is once there is collaboration between management and their workers, employee performance may enhance. In addition, implementing the next

The importance of a comprehensive security policy for modern businesses.

2140 words - 9 pages , provides a guideline for the actions. The security policy will help the companies to achieve success in three ways (Dorey, 1996).Most importantly, security requirements for the corporation are clear with a feasible security policy. It is hard to imagine how messy the security jobs are without this indicator light. And also, the policy contributes to the responsibility allocation, as well as the system control. To continue, it is also very

Huffman Trucking Company: Database Management System - Request for Proposal: Description of Team Red Consulting, Inc.

1005 words - 4 pages termination.TRCI afforded the opportunity to propose an enterprise investigation and feasibility study on the development of database management system for the Huffman Trucking Company (HTC), per their service request SR-ht-002. The database is designed for the transportation department, specifically their vehicle maintenance scheduling system.The TRCI members that will complete HTC's service request SR-ht-002 are the following:- Project Manager: Laine

Project Proposal for a new computer system at a bank...Customer Assist and how the company will improve.

1190 words - 5 pages a systems solution is imperative. The Customer Assist software system has proven to be the most beneficial for our needs. The mechanism included in both the software and hardware, as detailed above, provides the enhancements needed to modify the components to meet the specific needs of our company. One of the most important concepts in technology planning is that the business determines project proposal. Thus, curriculum and instruction decisions

Sexual Harassment In the Workplace: a formal report for a sexual harassment policy for a mock-company, Sound and Vision Inc., SVI

2872 words - 11 pages policy can be established at our company, SVI.LIST OF WORKS CITEDBland, Tim and Stalcup, Sue. "Ten Strategies for Management of Harassment." Ford & Harrison LLP 21.3 (June 1999). 15 July 2001 .Covey, Anne. The Workplace Law Advisor. Cambridge, Massachusetts: Perseus, 2000."Effective Anti-Harassment Policies." BNA Communications 16.2 (1998). 15 July 2001 .Harroch, Richard D. "Sexual Harassment Policy." AllBusiness.com (1999). 15 July 2001 &lt

Riordan Manufacturing Supplier Solicitation and Selection

1437 words - 6 pages As with any company operating today, Riordan Manufacturing, Inc. does not posses the necessary resources or skill set in-house to produce all the materials required to meet project goals and objectives. Riordan must obtain material and services from outside sources, which is accomplished through the procurement process. Once Riordan has submitted a request for proposal (RFP), companies are able to evaluate the RFP requirements and submit

Request for Proposal Process

917 words - 4 pages . Companies are selected on several criteria: policy consideration, locale, capability to provide the requested service. Company, state and federal policy weigh heavily in determining qualified bidders. For instance, the federal government must adhere to such policies as the Small Business Act and those set forth by the Office of Minority Business Enterprise that state that small businesses and those owned by the ethnic minority are given equal

Auditing the IT Security Function: An Effective Framework

3483 words - 14 pages ---policy and system maintenance. The IT security policy, like other policies of organizations or government, provides a guideline for the actions. The security policy will help the companies to achieve success in three ways (Dorey, 1996). Most importantly, security requirements for the corporation are clear with a feasible security policy. It is hard to imagine how messy the security jobs are without this indicator light. And also, the policy

Security Risk Management SRM and Auditing

1022 words - 4 pages them to execute these IT security functions. However, even with the best technical expertise, IT security within an organization would still be vulnerable due to lack of participation support from top management and the users of these IT systems. Another management approach is the top-down approach. The IT security audit is initiated by the top management. Top management is responsible for setting the organization's goals and making sure that

A Security Plan for Businesses by Virtual Protectors

1757 words - 7 pages a formal security plan to better prepare for the uncertainties. Approach In an ideal world, there would be an unlimited amount of money to fund security procedures. However, this is not something feasible for most small businesses. The recommendations laid out in this proposal take into consideration DAD’s budget and provide the minimum requirements for protection within that budget. Additionally, recommendations are made to bring an even

Similar Essays

Proposal For Artemis Sportswear Company Essay

1815 words - 7 pages Cutting operational expenses is something ever organization must learn to balance to ensure productivity and profit margins increase for the company. An increase profit margin is the bottom line for any business and its stakeholders. In order to cut operational expenses productively Artemis Sportswear needs a comprehensive look at the everyday operational expenses. Cutting the everyday expenditures is in need of balance, because to much cuts

Novell Network For Company Security Essay

4530 words - 18 pages Novell Network for Company Security As today's businesses increase in sizes, there is a more demanding need for an increase in security needs. Many businesses today have to answer the question of, "When do I know that have too much security and which network system is more secure for my company?" To answer this question many points of views have to immerge with the best compatible solution. Companies should consider involving many

Research Proposal For Company Website And Blog

837 words - 3 pages DECISION MAKERS The decision makers for this research proposal involve Brad McClain and Robert Belworth. Their job titles consist of marketing manager and operating manager. Hence, there authority will allow me to conduct the required research to creation a company website and blog. THE PROBLEM Our company has been profitable for many years and our marketing approach has been proven successful. However, we are currently lacking the use of

Proposal For A Sustainable Forestry Management Policy

741 words - 3 pages Proposal for a Sustainable Forestry Management Policy Forests are an invaluable natural resource with multiple conflicting uses. When left to stand, forests help conserve biodiversity, stabilize the environment and control erosion; when logged, they provide building materials, fuel and agricultural land for human use. The challenge is to find an equilibrium between these uses: in other words, to make the transition toward sustainable