It244 Appendix C

1. Introduction

Due in Week One: Give an overview of the company and the security goals to be achieved.

1.1. Company overview

As relates to your selected scenario, give a brief 100- to 200-word overview of the company.

Sunica Music and Movies is a local chain that offers multimedia options to its customers. There are four separate stores that work independently from each other, and are constantly running into problems because of that. The company has very poor communication between its stores, and no way of tracking accounting information or the available inventory. Because of all these issues with information sharing, the company would greatly benefit from some sort of network solution, particularly a Wide Area Network solution. A WAN would help alleviate much of the communication problems that trouble the company currently. With a WAN, the company would be more efficient and profitable.

1.2. Security policy overview

Of the different types of security policies—program-level, program-framework, Issue-specific, and system-specific—briefly cover which type is appropriate to your selected business scenario and why.

Of the different types of security policies, I feel that program-framework policy will work best for the company because it covers a broad area of program security.

1.3. Security policy goals

As applies to your selected scenario, explain how the confidentiality, integrity, and availability principles of information security will be addressed by the information security policy.

1.3.1. Confidentiality

Briefly explain how the policy will protect information.

The security policy will protect confidentiality by protecting customer information, business information, and allowing only authorized access to the network.

1.3.2. Integrity

Give a brief overview of how the policy will provide rules for authentication and verification. Include a description of formal methods and system transactions.

The security policy will protect data integrity by...