Final for It242

Associate Level Material

Appendix B

Information Security Policy

Student Name: Jeff Pierce

University of Phoenix

IT/244 Intro to IT Security

Instructor’s Name: James Sershen

Date: July 14, 2013

Table of Contents

1. Executive Summary 1

2. Introduction 1

3. Disaster Recovery Plan 1

3.1. Key elements of the Disaster Recovery Plan 1

3.2. Disaster Recovery Test Plan 1

4. Physical Security Policy 1

4.1. Security of the facilities 1

4.1.1. Physical entry controls 1

4.1.2. Security offices, rooms and facilities 1

4.1.3. Isolated delivery and loading areas 2

4.2. Security of the information systems 2

4.2.1. Workplace protection 2

4.2.2. Unused ports and cabling 2

4.2.3. Network/server equipment 2

4.2.4. Equipment maintenance 2

4.2.5. Security of laptops/roaming equipment 2

5. Access Control Policy 2

6. Network Security Policy 3

7. References 3

Executive Summary

Companies that use computer networks such as Sunica Musica and Media pour millions of dollars into these systems and destructive acts such as hacking, Dos attacks and others cost these companies as much as they put in to these systems. These attacks threaten critical infrastructures and resources. These threats to networks and their infrastructures tend to be extensive and potentially in cost and resources. Infrastructures in cyberspace are increasingly vulnerable due to ever increasing failures such as complexity, accident, and hostile intent. As of right now we do not have the comprehensive understanding of the issues facing the networks and its vulnerabilities. This is due to the extraordinary complexity of many of the issues facing us with networks and their systems. This could come from little effort in acquiring this knowledge. The evidence that there are vulnerabilities in systems is not new and people if they look for these vulnerabilities they will find them...