Sunica Music Essays

Sunica Music Essays Sunica Music Essay Sunica Music Essay Axia College Material Appendix C Introduction Student Name: Robert Joseph Mendoza Axia College IT/244 Intro to IT Security Instructor’s Name: Bryan Berg Date: January 9, 2011 Introduction Due in Week One: Give an overview of the company and the security goals to be achieved. 1 Company overview As relates to your selected scenario, give a brief 100- to 200-word overview of the company. Sunica Music and Movies is a small but growing multimedia chain with currently four locations. These locations currently act independently from each other and have little to no communication between each other and each other’s stock. There is no web site which limits the business to local and word of mouth. There is also an accounting issue due to no centralization of funds. Because of these issues the company has lost customers and revenue. With the implementation of a Wide Area Network (WAN), and proper security steps, Sunica Music and Movies will have the ability to access, implement and use a centralized inventory database from any store. The creation of a webpage will also be necessary to be the company global as well as create an intranet between stores for secure location to location data transfer. There will need to be site set ups, one for the primary location of the web servers and data centralization and a backup location for disaster recovery. 2 Security policy overview Of the different types of security policies- program-level, program-framework, Issue-specific, and system-specific- briefly cover which type is appropriate to your selected business scenario and why. A programme-level policy would be the security policy used. This policy is the best for Sunica Music and Movies due to the fact that not every user will need access to all data be handled. This policy will provide Sunica Music and Movies the with a written an established purpose as well as well as a resources scope, responsibilities of key personnel and compliance guidance, to include but not limited to, on employee training. 3 Security policy goals As applies to your selected scenario, explain how the confidentiality, integrity, and availability principles of information security will be addressed by the information security policy. Confidentiality Briefly explain how the policy will protect information. All date will be automatically encrypted and will only be accessible from the appropriate user. There will be site to site encryption. There will also be stand alone system and network antivirus and internet protection software. There will also be physical firewalls at each location and a physical firewall between the web site and intranet s ite to prevent data leakage. Data saved on individual machines will be encrypted with user specific certificates. 2 Integrity Give a brief overview of how the policy will provide rules for authentication and verification. Include a description of formal methods and system transactions. Authentication and verification for machines will be executed via a two step authentication process. This process contains a physical and digital key. The physical key will be Common Access Cards (CAC) with individual specific certificates and keys, and the digital will be a done by password. Access to data will also be through access list and permissions set on databases and files. Availability Briefly describe how the policy will address system back-up and recovery, access control, and quality of service. System backup and recovery will be done between the two web server locations. These locations will also have network attached storage (NAS) to save data new data and archive older data. One location will be identified as primary and in the event of a disaster the other will become the primary. These locations will update w ith each other daily. Only specific machines will have access to the intranet, and of these machines only authorized users will be allowed on them. Because of the system security and the network makeup Sunica Music and Movies will be able to make informed accurate an secure business transactions and decisions. References Cite all your references by adding the pertinent information to this section by following this example. American Psychological Association. (2001). Publication manual of the American Psychological Association (5th ed. ). Washington, DC: Author.