Technical Security Policy Proposal for Small Company

1062 Words3 Pages

TicTek Inc is a small company with about a hundred employees and one facility. The company sells home security electronics online. The devices are manufactured by a third party company and shipped to TicTek, whereupon they are warehoused until they are purchased through the company’s website. The warehouse staff prepares and ships customer orders in the same facility which houses the office staff and management. TicTek has a few major stockholders, but the majority of the company’s stock is owned by its executives and employees. Due to the online nature of the company’s business dealings, TicTek has placed a high priority on the security of network resources, including vendor data, customer data, high availability, and incident response. Mr. Tic, the CEO, has recently requested a security proposal from the IT department to formally put into place a comprehensive security plan to keep the company’s network secure.

Technical Security Aspects

In creating an effective security policy, it is important to identify what needs to be protected, and the likelihood of attack for each network device. The lifeblood of TicTek is its online sales; therefore it is vital to protect the company’s web servers and payment processing server, bearing in mind confidentiality, integrity, and availability. A vulnerability assessment will need to be conducted before and after technical security measure are in place for the purpose of identifying specific network vulnerabilities. According to Joseph Migga Kizza (2011), “Vulnerability assessment is a periodic process that works on a system to identify, track, and manage the repair of vulnerabilities on the system” (p.139). Thereafter, a vulnerability assessment will be scheduled every six months to ident...

... middle of paper ...

...t of management.

References

Cisco. (2006). How Does RADIUS Work. Retrieved March 29, 2014 from http://www.cisco.com/c/en/us/support/docs/security-vpn/remote-authentication-dial-user-service-radius/12433-32.html#intro

Kizza, J. (2011). Computer network security and cyber ethics. (3rd ed.). Jefferson: McFarland & Company Inc.

Massachusetts Institute of Technology. (n.d.). Viruses, Spyware, and Malware. Retrieved March 29, 2014 from http://ist.mit.edu/security/malware

Securities and Exchange Commission. (2003). SEC Interpretation: Electronic Storage of Broker-Dealer Records. Retrieved March 29, 2014 from http://www.sec.gov/rules/interp/34-47806.htm

SeverCheck.com. (n.d.). Best Practices for Data Center Infrastructure and Server Room Environmental Monitoring. Retrieved March 29, 2014 from http://www.serverscheck.com/sensors/temperature_best_practices.asp

Open Document