Submitted by: Submitted by insanep
Views: 472
Words: 15636
Pages: 63
Category: Business and Industry
Date Submitted: 05/13/2012 08:56 PM
Company Name : A I.T. Systems Security Plan
Written by ....
For ACC00222 – Assignment 2
Executive Summary
The aim of this Security Plan is to provide guidelines and control mechanisms to ensure the integrity, availability and confidentiality of A’s information technology (I.T.) systems. The security plan analyses the threats, vulnerabilities and current controls of the I.T. systems and recommends new controls in areas where risk levels are considered unacceptable. The security plan also allocates responsibilities to implement and maintain these controls. A is a web‐based software development company formed in 2010 when an Australian company B Solutions Pty Ltd became a fully owned subsidiary of Spiritage Technologies Inc. based in South Africa. Employees of A work either remotely from their homes in Australia or from Spiritage offices in Zimbabwe. The scope of this security plan looks at the I.T systems i.e. hardware, software, data, network, configurations and procedures that are under the control of At. Although elements of A’s I.T. systems utilise the Spiritage network, the Spiritage network does not fall under the scope of this plan. The physical aspect of A’s information systems can be easily divided into four areas. 1. 2. 3. 4. The staff and hardware located at home addresses and personal offices in Australia. The staff and hardware located in Zimbabwe. The email server located in South Africa. Dedicated servers leased by 3rd party hosting providers (located in the United States).
Currently A does not have a security policy. This is because for several years the development team consisted of two people working closely with each other and all security measures developed during that period were undocumented. Since then the development team has grown resulting in the need for clear security guidelines and procedures, a formal data backup regime, thorough documentation ...