Information Security Policy Essay examples

3401 Words Sep 2nd, 2011 14 Pages
Appendix B

INFORMATION SECURITY POLICY

Table of Contents
1. Executive Summary 1
2. Introduction 2
3. Disaster Recovery Plan 5
3.1. Key elements of the Disaster Recovery Plan 5
3.2. Disaster Recovery Test Plan 6
4. Physical Security Policy 8
4.1. Security of the facilities 8
4.1.1. Physical entry controls 8
4.1.2. Security offices, rooms and facilities 8
4.1.3. Isolated delivery and loading areas 9
4.2. Security of the information systems 9
4.2.1. Workplace protection 9
4.2.2. Unused ports and cabling 9
4.2.3. Network/server equipment 10
4.2.4. Equipment maintenance 10
4.2.5. Security of laptops/roaming equipment 10
5. Access Control Policy 11
6. Network Security Policy 14
7. References 16 1. Executive Summary
…show more content…
Furthermore, the security policy will allow for the rapid availability of information to authorized personnel.
2.3.1. Confidentiality
Confidentiality is of the utmost importance to company and the consumer, therefore, all personal information such as customer name, address, phone number, and email address will be stored on the accounting server, with only authorized employees having access to this information. On the same server, a higher level of security will further protect information such as the financial records of the company and employee's personal information. Only authorized accounting personal and upper level management will have access to this level.
2.3.2. Integrity
The integrity of the data collected must be accurate or it is useless. Therefore, as associates enter information, they will read the information back to the customer to confirm it is correct. Odd entries such as email addresses will be entered two times for verification. Whenever an associate begins a conversation with a customer, they will verify the information again by asking the customer their name, address, and phone number. This not only ensures the data is correct in the system, but also confirms who the customer is prior to discussing account information with them.
2.3.3. Availability
The system will utilize a RAID 1 mirror imaging and duplexing setup, as well as running a weekly tape backup. This will allow for fault tolerance by having the

Related Documents