Final Project: Creation of a Security Policy;Based on your consulting work over the last 15 weeks for Joe?s Emporium, you have earned;enough confidence from Joe that he wishes to enlist your aid in creating a security policy for his;company. In order to accomplish this goal, he has provided you with the following information;Network Setup;Manufacturing: 20 Windows XP computers connected to a centralized Windows 2003 server;containing plans for the various proprietary furniture designs created by Joe?s Emporium.;Administration: 5 Windows XP computers connected to the same centralized server as;manufacturing, containing various administrative, financial, human resource, and strategic;business files. The central server also provides authentication services for all the computers;through use of Active Directory.;Internet: A UNIX?based server used to house the company website, e?commerce applications;and email. The server is currently being ?protected? by a software?based firewall installed on;the web server. Additionally, all Internet access from the internal computers is channeled;through this server.;Wireless: A wireless router has been installed to allow executive staff to use their laptops;without having to physically connect to the network. The laptops are all running Vista.;Organizational Structure;Joe?s Emporium is a relatively flat organization, with the following groups;Executive: Comprised of Joe as the President, a COO, and VP?s of Marketing, Finance, and;Human Resources.;Administrative: This group is comprised of HR personnel and administrative staff for Joe and the;VPs.;Operations: This group is comprised of the shift managers that oversee manufacturing. There is;also an IT person who oversees maintenance of the computer systems.;Manufacturing: This group is comprised of the employees ? including the previously;incarcerated personnel Joe hires as part of the community reintegration program ? who;manufacture and ship the products created by the company.;Physical Infrastructure;Joe?s Emporium is located in one of Gotham?s secluded business parks, and is housed in a single;building containing all operations. Primary access is through the front, with a door to the left;leading to the administrative and executive offices, and a door to the right leading to the;manufacturing floor. Both doors are normally unlocked, and the entrance door is locked at;night when the administrative staff leaves for the day. There is a loading dock in the rear of the;manufacturing floor, which is accessible 24/7, as Joe runs a continuous operation. Workers on;the Evening and Midnight shifts access the building through the loading dock after the front;door is locked. There is no video surveillance, and police protection is available through normal;channels (e.g., 911).;The network infrastructure is secured as follows: The centralized server is located in a server;room located off the administrative offices, which is unlocked during the day because this is;where the administrative printers and copier are located, as well as the IT person?s ?workshop?.;Joe, his administrative assistant, and the IT person have keys to the server room, which is;supposed to be locked by the last person to leave the administrative offices for the day. Cables;are routed through the overhead to the various workstations via cable drops in the walls.;Administrative employees are encouraged to shut down their workstations when they leave for;the day, but this is not strictly enforced. The manufacturing computers run 24/7 to support;manufacturing activities. The manufacturing staff is required to log out/in during shift changes;but, again, this is not strictly enforced.;The Project;Because of the various discussions you have had with Joe over the last few weeks, he is;beginning to suspect that he doesn?t have to most secure operation. Therefore, he wants you;to do the following;1. Using the ?Security Policy Roadmap ? Process for Creating Security Policies? as a guide;he would like you to conduct a threat assessment in accordance with section 4 of the;guide. For clarity, he would like to see the analysis summarized in a table, similar to that;in section 4.3. This analysis should include both logical and physical threats to the IT;infrastructure.;2. Using the above analysis, he would like you to propose logical and physical controls;including possible infrastructure changes, to improve the security of the IT;infrastructure. So that spending is appropriate, your recommendations should be;justified and relevant to the needs of Joe?s business (i.e., don?t recommend Fort Knox?;level security if you don?t think he needs it).;3. He would like you to define access privileges for each of the organization?s groups;based on the provided information. Include in your definition the need for a dedicated;security resource(s) and level (coordinator, director, VP), with justification.;4. Finally, he would like you to draft a basic training plan for training the employees on;basic security and the security policy.;Joe would like to see your response returned in an 8?12 page APA report, with coversheet and;table of contents. Upload your report to the Final Project drop box when you are complete.
Paper#70342 | Written in 18-Jul-2015Price : $27