Tuesday, August 6, 2019
GDI Security Policy Document
GDI Security Policy Document 1.0 Introduction This security policy document offers a sufficient summary of the state of security concerns with the herein mention corporation and no alteration of the information contained herein is allowed without the consent of the Global Distribution Inc. The document offers a brief outlay of the corporation and the structures of its state of security as well as propositions set in order to ensure a safe, secure and smooth running of the GDI for the best client trust and satisfaction. 1.1 The Corporationââ¬â¢s Background Global Distribution Inc. (GDI) is an internally recognized firm whose core objective is to deliver security sensitive electronic oriented assets from sellers to buyers as well as from manufactures to clients. The GDI headquarters is in the Central Business of the Washington DC in the united States of America and all its outlets in major cities all over the world, including cities in European nations, Africa, the Asian continent as well as the Far East, are controlled through a protected signal mode of communication which relies on the expertise of the best IT brains in the world. In its modest structure of operation, The GDI acts as a shipping corporation, although its operations and client trust rests on an ultra-modern state of cyber and advanced computer security platform. Just to mention, the corporation contracts in shipping high security electronic cards, gadgets, personalized fingerprint devices as well as critical secret machinery such as ultra-modern Military machinery in ge neral among others. These electronics contain coded private information and the process of successful business of GDI relies on IT expertise right from its website to its employees. 1.2 Problem statement The preparation of this document was elicited by the wiki leaks concerns that the GDI servers had been hacked by cyber criminals whose intentions were to gather certain targeted countriesââ¬â¢ national banking and security information in the wake of uprising terrorism and cyber theft. The GDI officially confirms that these claims are valid although the attempts of the attackers were counteracted by the corporationââ¬â¢s cloud computing team through the intrusion detection systems. Owing to the fact that most of the assets which are handled by the GDI are airlifted to set destinations and huge quantities of such being shipped through the sea worldwide, the awakening movements of terror and piracy both physical and cyber based has elicited, we, the top secret management of the GDI to release this document as an act of assurance to our esteemed clients. Also, considering that possible employee interference with clientsââ¬â¢ information may occur, the issue of security, and thus documenting it to the target relevant clients is a matter of great importance. 2.0 Important Assets for GDI The GDI relies on a variety of assets in its daily activities which are security oriented in all ways of their operation. For instance, the corporation owns a fleet of customized aircrafts and modern ships whose controls are computer based. For instance, the cargo compartments are code operated and rely on the doctrine of one time password which is generated at the headquarters. The company also stocks secure servers which are intended to prevent hackers from accessing the corporationââ¬â¢s database (Laughlin, 2012). Also, the password transmission technology relies on an expiring ââ¬Ëpingââ¬â¢ signals which deters forth and back tracing by cyber insurgents. Behind the GDI security is a pile of super computers, stationed in different parts of the world and secret and secured locations, and whose input to the communication and secrecy of the corporation is immense. The corporation also harbors skilled human assets which as mentioned earlier is a team of specially trained code r and hackers. Important to note is that the corporation owns the clientsââ¬â¢ good in transit and is responsible for retaining the security encrypted within the goods. Most of the times, the sellers and manufactures entrust the GDI with the duties of configuring information as required for the devices. The greatest challenge of retaining security of the information which circulates within these systems is that they are prone to cyber intrusion by malicious individuals as well as firmware. 3.0 Security Architecture for GDI The GDI puts its utmost trust within the following hierarchy or rather chain of command when it comes to its security matters. The top entrusted individual is the companyââ¬â¢s chief executive officer who doubles as the president of the company. The second in the descending order are the CEOââ¬â¢s vice presidents. Stemming down in that order are the Executive assistants who in turn issue orders to the managers. Most important to note is that these managers are specially trained IT and coding experts whose mandate is to ensure privacy of data and other credentials are upheld. The security of the servers is ensured through the recent versions of the intrusion detection systems. In a brief overview, network intrusion systems collect network traffic for analysis and detection. Packets are usually intercepted as they move across the network between a number of hosts. The packets already intercepted are compared with a database that contains known signatures and any anomalous activity suggestive of malicious behavior is highlighted (Di Mancini, 2008). This way, our IT experts are able to check for intruders. However, the coding of the information contained in the gadgets is encrypted through the use of the supercomputers and every dispatch set encrypted with a one-time password which is sent in coded format once consignment reach destination. 4.0 Ten Possible Security Policies The GDI has identified that just like any other business entity; it owns assets which are sought after by others. The others in this case entail competitors, hackers, criminals or even its employees. Due to this reason, the GDI has keynoted the importance of reshuffling its security policies. It is these security policies which outline the company rules and procedures which help protect its assets from intruders. The items in the GDIââ¬â¢s context encompass data and the valuable electronics which include ATM sets and ATM cards. Most important, these security policies shall help define the companyââ¬â¢s communication structure for the safe destination of its goals. Generally speaking, security, policies entail a governing, technical and end-user policies, all of which ought to be observed. The case for GDI is quite complex and challenging since it ought to consider online and offline platforms bearing in mind its clients and its internal community. In this case, the possible sec urity policies include: Incidence response security policy (Security Response Plan Policy), Audit/Risks assessment, security Policy, Computer Security Policy, Emails Security Policy, , Internet Security Policy, Personal devices and Mobile Security Policy, Networks, Security Policy, Physical Security Policy, Application policies, Server Security Policies, password Security policy and Wireless (Wi-Fi) Security Policy (Greene, 2006). 5.0 Details and Rationale of the Ten Security Policies The security policies listed under the preceding section would therefore be considered as outlined below within the GDI security system. Firstly, owing to the fact that much of the data are in softcopy format and coordinated through web data transfer protocols which then calls for sound rules. Incidence response security policy Under this security policy, the GDI aims to ensure that sound approach of handling an encroachment by foreign individuals is handled at the preventive stage. The seriousness of this matter demands keen attention as most of the data and communication flow of the GDI is transmitted through VPNs and encrypted via Trusted Computing Based internal networks. This means that once an intruder manages to hack the system, data will be accessed. Early planning and response policy is therefore critical. Physical security policy Generally, physical security policies usually encompass on ensuring that the computer systems and other assets are not physically tampered with in an organization. This for instance ensures that all removable data carrying drives are not accessed manually and made away with. Cases of fire are also considered here and a road map to addressing the same offered. Personal gadget and mobile device security policies This security policy aims to restrict the importing of data by any employees from the central network for any unaccounted reasons. Communication and device usage in the streams of analogue as well as ISDN lines policy need have a clear outline: Define Also, image capturing devices would be a threat cause getting an image of the security centers would give intruders a road map to break into them. Server Security Policies An international corporation like the GDI would definitely focus to ensure that its servers are well secured. This can be through the hiring of professional hackers and cloud computing expatriates in all ways keep testing the system and ensure that the ISP and VPNs are secure (Laughlin, 2012).. Wi-Fi Security policies Many organizations usually install wireless networks within their premises for the fast and convenient communication among the employees. However, the focus ought to be placed on such networks as they can easily be configured by hackers to and give an entry point to the organization enabling them to steal data. Thus, protecting such Wi-Fi networks are very critical. Passwords security policies These policies generally outline the formal protocols in which the corporate management ensures its how its passwords are safe and the chain of command in handling and usage of the same. A legal criterion has to be set in place for accountability. Remote Access security policies This generally denotes the degree the surrounding community could manage to use say the Wi-Fi of a corporation. At times, when the workers are housed within the corporationââ¬â¢s premises, they usually are given passwords to access the corporationsââ¬â¢ wireless network which can be vulnerable to network hackers. Computer Security policies The usage of both the super computers and personal computers in a multinational organization need clear guidelines since computers are very sensitive since they offer the weakest link for accessing company information. The case for GDI is similarly sensitive and more vigilant on the same since its assets are computer integrated. Data recovery and Backup security policies These define the procedures for recovering data in case of a systems breakdown or any unexpected malfunctioning of the network devices. This would position a corporation at the vantage of all time data security. Administratorsââ¬â¢ security policies These security policies aim at outlining how security concerns which entails top secrets and data sharing and circulation changes hands within the top management. Generally, most institutions provide for a hierarchical flow of data and security details from the chief executive officer to the lowest level employee in the corporation for example Application policies Last but not least, it is important to appreciate that some organizations usually develop their web applications which can be downloaded and installed by third party and clients. For instance, this could be an application regarding the tracking of items under transit, say under shipment. This can be especially prone to piracy and theft of physical assets. It is under this security policy, such matters are addressed. 6.0 Ten Security Policies that should be applied to GDI The success of any international corporation that handles huge volumes of critical data depends on the statement of policies and implementation of such. For instance, virtually all the discussed policies under section 5 offer a clear insight that the GDI has to apply its running to all the security policies. For instance, a summarized opinion would simply show that all the policies target ensuring data security which is the core reason as to why all need be applied for the safe and efficient running of the corporationââ¬â¢s activities and operations. Password security policies coupled with administratorsââ¬â¢ security polices for instance, offer a way of addressing the commonest ways of ethical data handling and accountability would be pronounced. Likewise, the application policies ought to have clear rules of usage since without keen attention, the GDI can fall victim of being intruded and hacked. Data Backup and recovery security policies ought to be implemented since the cor poration is data and information oriented. A good system being in mechanism would make things better for the company. Internet, email, personal computer as well as mobile device usage, security policies within the premises by the employees ought to be addressed and applied in the GDI on an advanced scale since most of the communications could be tapped via these avenues. The fact that the GDI organizes its infrastructure right from programs to gadgets and machinery under the control of networks therefore dictates and calls for an intensified concern for all the ten security policies. 7.0 Conclusion The GDI Corporation handles huge amounts of sensitive assets and data and thus its reliability by clients rests on the team the corporation has especially the coders. In order for the GDI to run safely and secure without fear of being hacked despite its wide usage of coded data, its skilled staff ought to stay on high alert (Laughlin, 2012). Also, for effective and sustainable safety of clientââ¬â¢s data, the various security policies described shall be implemented. This way, the recent threats of attempted intrusion into the GDI servers would be minimized with greater clientsââ¬â¢ satisfaction. News such as those witnessed recently on wiki leaks would be a thing of the past in the GDIââ¬â¢s context. References Di, P. R., Mancini, L. V. (2008).Intrusion detection systems. New York: Springer. Greene, S. S. (2006). Security policies and procedures: Principles and practices. Upper Saddle River, N.J: Pearson Prentice Hall. Laughlin, C. (2012). Guide for servers. Chicago, IL: Liturgy Training Publications.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.