Today business is moving faster than it ever has before. With the Internet and e-commerce, even brick and mortar businesses are now open twenty-four hours a day and seven days a week. However, there are security threats that linger with this new age of business that need to be mitigated. According to a survey by the National Cyber Security Alliance (NCSA) and Symantec, a company that offers security solutions, seventy-seven percent of small businesses believe that they will not fall victim to security issues (Symantec, 2012). Even more alarming is that the survey found that eighty-three percent of these businesses did not have any form of security plan.
The projected growth of the Deli and Dessert Co. (DAD’s) makes it essential to implement security procedures to protect the business today and in the future. This document will outline the approach, risks, and recommendations of a formal security plan to better prepare for the uncertainties.
In an ideal world, there would be an unlimited amount of money to fund security procedures. However, this is not something feasible for most small businesses. The recommendations laid out in this proposal take into consideration DAD’s budget and provide the minimum requirements for protection within that budget. Additionally, recommendations are made to bring an even higher level of security to the business.
As with any security plan, it will be necessary to balance security and convenience. Anytime security is increased, there is an inverse relationship with convenience (Ciampa, 2014, p.10-11). Therefore, the solutions presented also take into consideration a maximum level of security without compromising too much convenience.
On page 17 a new design has been proposed...
... middle of paper ...
... April 13, 2014, from https://www.us-cert.gov/ncas/tips/ST05-001
SANS Institute. (2006). InfoSec acceptable use policy. Retrieved April 25, 2014, from http://www.sans.org/security-resources/policies/Acceptable_Use_Policy.pdf
Small Business Administration. (n.d.). Disaster planning. Retrieved April 17, 2014, from http://www.sba.gov/content/disaster-planning
Software & Information Industry Association (SIIA), SPA Anti-Piracy Division. (2001, April 15). Employee internet usage policy. Retrieved April 25, 2014, from http://www.workforce.com/articles/employee-internet-usage-policy
Symantec Corporation. (2012, October 15). New survey shows U.S. small business owners not concerned about cybersecurity; Majority have no policies or contingency plans [Press release]. Retrieved April 13, 2014, from http://www.symantec.com/about/news/release/article.jsp?prid=20121015_01