Verified Document

Computer Security: Corporate Security Documentation Suitable For Essay

Computer Security: Corporate Security Documentation Suitable for a Large Corporation Item

(I) in-Depth Defense Measures

(II) Firewall Design

(III) Intrusion Detection System

(IV) Operating System Security

(V) Database Security

(VI) Corporate Contingency of Operation

(VII) Corporate Disaster Recovery Plan

(VIII) Team Members and Roles of Each

(IX) Timeline with Goal Description

(X) Data Schema

(XI) Graphical Interface Design

(XII) Testing Plan

(XIII) Support Plan

(XIV) Schematics

Computer Security: Corporate Security Documentation Suitable for a Large Corporation

(I) In-Depth Defense Measures

Information Technology (IT) Acceptable Use Policy

The intentions of IT for the publication of an Acceptable Use Policy are to ensure that non-restrictions are imposed that are not contrary to the organizations' culture of openness, integrity and trust. IT has a firm commitment to the protection of the company's employees, partners and the company from any individuals that are illegal or that would otherwise cause damage with or without knowledge or intent to the following:

Internet/Intranet/Extranet-related systems, including but not limited to computer equipment, software, operating systems, storage media, network accounts providing electronic mail, WWW browsing, and FTP, are the property of the company and these systems are to be used for business purposes in serving the interests of the company, and of our clients and customers in the course of normal operations.

Required in the effective security initiative is a team effort with full participation and support of each company employee. Each individual in the company that uses a computer has a responsibility to be aware of the guidelines and to follow these guidelines.

The purpose of this publication is to outline the appropriate use of computers in the organization. These rules are for the purpose of protecting the employee and the company against virus attacks and network systems services and to avoid legal situations. This policy is applicable to employees, contractors, consultants, temporaries and any other workers with this organization. Furthermore, included are personnel affiliated with other or third parties.

General Use and Ownership

Good judgment is required to be exercised by all employees and individual departments are responsible for development of guidelines on the personal use of the Internet/Intranet/Extranet systems. Any sensitive information or information considered vulnerable should be encrypted. The network may be monitored by authorized persons including equipment, systems and network traffic at any time for security purposes.

Security and Proprietary Information

The user interface for information included on the related systems will be classified as confidential or alternatively as non-confidential. Confidential information includes but is not limited to the following:

(1) company private information;

(2) corporate strategies;

(3) competitor sensitive information;

(4) trade secrets;

(5) specifications;

(6) customer lists; and (7) research data.

All PCs, laptops and workstations of the company will be security with a password-protected screensaver with automatic activation feature set for ten minutes or less or through logging off when the host is to be unattended. All host computers used by employees in conducting business for the company shall be equipped with an anti-virus program. Activities that are prohibited in general include any activity deemed illegal by local, state, federal or international law. Activities that are strictly prohibited include:

(1) violations of the right of any individual or company protected under copyright, trade secret, patent or other type of intellectual property including any similar laws or regulations.

(2) unauthorized copying of copyrighted material -- this includes photographs from magazines, books or other sources under copyright protection as well as music and any copyright software.

(3) exporting software, technical information, encryption software or technology in violation of international or regional laws controlling exports.

(4) introducing programs that are malicious into the network or server that contain any types of virus, worm, Trojan horse, email bomb or any other type of threat;

(5) revealing their password to others or allowing use of their account by others.

(6) Using the company computer or system to engage in the procurement or transmission of material that violate sexual harassment or hostile workplace laws in the jurisdiction of the company or the user.

(7) Making fraudulent offers relating to products, services, or items that originate from any company account.

(8) making statements concerning express or implied warranties unless that is part of the individual normal and regular tasks with the company.

(9) Committing breaches of security or network communication disruptions.

(10) Scanning ports or security scanning is prohibited unless IT is first informed.

(11) Execution of any type of monitoring on the network that will intercept data not intended for the host of the employee is prohibited.

(II) Firewall Design

The Network Support Organization maintained firewall devices are required...

The firewall device is required to be the only access point between the host computers and the company's networks and the Internet. Any type of cross-connection bypassing the company's firewall device is prohibited.
Changes to the original firewall configurations are required to be reviewed and approved by company IT and this includes both general configurations as well as rule sets. If additional security measures are needed these may be instituted by IT for the company. All routers and switches that are not testing or training utilized are under a requirement to conform to the company router and switch standardization documents. All operating systems of host computers internal to the company must be configured to the secure host installation and configuration standards.

Current applicable security patches and hot-fixes for applications that are Internet services must be applied and administrative owners groups must have procedures in place to stay current on the patches and hotfixes that are appropriate. All applicable security patches and hot-fixes that the vendor recommends are required to be installed. Services and applications that are not serving requirements of the company should be disabled.

Company information that is confidential is prohibited to be kept on host computers where company personnel have physical access as required by the information sensitivity classification policy for the company. Remote administration has a requirement of being performed over channels that are secure through use of encrypted network connections.

(III) Intrusion Detection System

The company network will be inclusive of an intrusion detection system (IDS) for the purpose of monitoring network traffic and monitoring for suspicious activity. Should the system detect such incidences the network administrator will be notified. The intrusion detection system utilized by the company will be a network based (NIDS) intrusion detection system. In addition, the company's host computers will have host intrusion detection systems (HIDS) installed for the purpose of monitoring the inbound and outbound packets from the device and which will alert the network administrator should any incidences occur.

Included in the intrusion detection system for the company is a signature-based IDS and an anomaly-based IDS. The signature-based IDS monitors network packets and conducts a comparison of these against a database of signatures from known malicious threats while the anomaly-based IDS will monitor the network traffic and conduct comparison of it against an established baseline that identifies 'normal ' network activity.

(IV) Operating System Security

The work of Heidari (2011) states that operating system security "revolves around the appropriate protection of four elements:

(1) confidentiality;

(2) integrity;

(3) availability; and (4) authenticity.

Confidentiality and integrity "deal with the three important roles of:

(1) protection models;

(2) capability; and (3) assurance. (Heidari, 2011)

Multiprogramming includes resource sharing among users including memory sharing, sharing of I/O devices as well as sharing of programs and data. The Operating System for the company should offer protection that is based on shared access through access limitation involving the operating system (OS) checking the permission levels of each access according to the specific users and the specific object thereby acting as a guard between users and objects and ensuring that the only accesses to occur are those properly authorized. The access control that will be utilized will be 'user-oriented access control' or 'authentication. This is the most commonly used technique for user access control and required an ID and Password.

File sharing will involve several access rights:

(1) reading;

(2) appending; and (3) updating.

These access rights will be granted to different classes of users. When access is granted to more than one individual users to make changes or updates to a file the operating system will enforce discipline with the approach allowing the user to lock the file when it is updated.

The work of Heidari states that there are five common security problems in regards to the operating system including:

(1) improper input validation;

(2) weak cryptographic algorithms;

(3) weak authentication protocols;

(4) insecure bootstrapping; and (5) mistakes in configurations

The first four are such that have a "technical or system-related basis, while the latter is related to organizational problems or management." (Heidari, nd) Therefore, these common security problems must be guarded against by the network administrator and IT department.

(V) Database Security

The largest concern for the system administrator at the server level is that of security because this is where all the action takes place. Microsoft SQL Server 2005 makes provision of effective support for diverse types of data encryption through utilization of symmetric and asymmetric keys along with digital certification. Moreover, management of encryption keys are performed by the system. As management of encryption keys is by far the hardest aspect of key management this is a bonus.

The key encryption hierarchy is shown in the following figure labeled Figure 1 in this document. The database administrator will manage the service…

Sources used in this document:
Bibliography

Checklist Details for Database Security Checklist for MS SQL Server 2005 Version 8, Release 1.7. Checklist ID: 157, 25 Dec 2009. Retrieved from: http://web.nvd.nist.gov/view/ncp/repository/checklistDetail?id=157

Heidari, Mohammad (2011) Operating Systems Security Considerations. PacketSource -- Security White Papers. 5 Nov 2011. Retrieved from: http://www.packetsource.com/article/operating-system/40069/None

Kiely, Don (2005) Microsoft SQL Server 2005. Security Overview for Database Administrators. SQL Server Technical Article. Jan 2007. SQL Server 2005 RTM and SP1.

Litchfield, David (2006) Which Database is More Secure? Oracle vs. Microsoft.21 Nov 2006. Retrieved from: http://www.databasesecurity.com/dbsec/comparison.pdf
Overview of SQL Server Security Model and Security Best Practices (2003) TRIPOD 20 May 2003. Retrieved from: http://vyaskn.tripod.com/sql_server_security_best_practices.htm
Ricciuti, Mike (2008) Microsoft Readies Revamped Database, Security Software. CNET 10 June 2008. Retrieved from: http://news.cnet.com/8301-10784_3-9964189-7.html
Swanson, Marianne (1998) Guide for Developing Security Plans for Information Technology Systems. Federal Computer Security Program. Manager's Forum Working Group. Dec 1998. Retrieved from: http://www.cio.gov/Documents/Planguide.pdf
Navicat for SQL Server 10.0.11 (2012) Softpedia. Retrieved from: http://www.softpedia.com/get/Internet/Servers/Database-Utils/Navicat-for-SQL-Server.shtml
Cite this Document:
Copy Bibliography Citation

Related Documents

Security Issues of Online Communities
Words: 15576 Length: 60 Document Type: Term Paper

This researcher rejects the existence of online communities because computer mediated group discussions cannot possibly meet this definition. Weinreich's view is that anyone with even a basic knowledge of sociology understands that information exchange in no way constitutes a community. For a cyber-place with an associated computer mediated group to be labeled as a virtual settlement it is necessary for it to meet a minimum set of conditions. These are:

Security - Agip Kazakhstan North
Words: 14948 Length: 35 Document Type: Term Paper

They need to know what their responsibilities are not only as individuals but also as team members and corporate employees. David cites an excerpt from a corporate security document that illustrates his point: "A security policy serves many functions. It is a central document that describes in detail acceptable network activity and penalties for misuse. A security policy also provides a forum for identifying and clarifying security goals and

Supply Chain Management Hypothesis Defined Concepts of
Words: 24788 Length: 80 Document Type: Thesis

Supply Chain Management Hypothesis defined Concepts of SCM and the evolution to its present day form Critical factors that affect SCM Trust Information sharing and Knowledge management Culture and Belief -- impact on SCM Global environment and Supply Chain management "Social" and "soft" parameter required for SCM Uncertainties This chapter aims to give an outline and scope of the study that will be undertaken in this work. The study lays out the issues faced by manufacturing organizations when it comes

Cross Platform Mobile and Web
Words: 17284 Length: 63 Document Type: Thesis

82). Both desktop and Web widgets have the same basic components. Fundamentally, they use Web compatible formats, even if intended to run in a desktop environment. This means that the core of the widget is HTML and CSS code which contains the actual content of the widget, namely text, linked images/video or content pulled from a server of Web service. Alternatively, the widget content can be created using Flash, although

Data Warehouse a Strategic Weapon of an Organization
Words: 19027 Length: 50 Document Type: Term Paper

Growth Aided by Data Warehousing Adaptability of data warehousing to changes Using existing data effectively can lead to growth Uses of data warehouses for Public Service Getting investment through data warehouse Using Data Warehouse for Business Information Ongoing changes in Data Warehousing The Origin of Data Warehousing and its current importance Relationship between new operating system and data warehousing Developing Organizations through Data Warehousing Telephone and Data Warehousing Choose your own partner Data Warehousing for Societal Causes Updating inaccessible data Data warehousing for investors Usefulness

Open Source Social Science
Words: 3536 Length: 13 Document Type: Term Paper

Open source software has recently emerged as the frontrunner for many industries as the primary method of code production, as it is widely predicted to provide more options for its users in a quicker, quality improved, and cost effective format than the more traditional proprietary software. Linux, the dominant player in the market, is a considerable threat to the Microsoft operating system, which has successfully established itself in the global

Sign Up for Unlimited Study Help

Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.

Get Started Now