Develop an Organizaion Wide Policy Framework Implementation Plan

In: Computers and Technology

Submitted By aimsy
Words 461
Pages 2
IS4550: Security Policies and Implementation Mr. Shane Stailey
Edy Ngou
Date: 09/20/2015

Lab week 1: Organization Wide Security management AUP worksheet
ABC Credit Union
Acceptable Use Policy
Policy Statement
The acceptable Use Policy is to ensure compliance with laws such as the Gramm-Leach-Bailey Act (GLBA) and the Federation trade commission (FTC). This policy is also to assist the Credit Union ensuring information technology (IT) security best practices with regard to it associates.
Purpose / Objective
The purpose of ABC Credit Union’s acceptable use policy is to define requirements for Credit Union acceptable use policies, and define the acceptable and unacceptable uses of computer equipment, internet / intranet / extranet related systems, and email by ABC Credit Union associates in the performance of their duties. This policy requires that all Credit Union electronic information systems be used for Credit Union business with minor exceptions. These rules are in place to protect the associates and ABC Credit Union. These objectives of this policy are: * To keep the business process in a high working order in order to achieve the maximum amount of profit gained. * To keep morale law, so that employees are constantly being replaced.

This policy applies to associates, contractors, consultants, and other workers at ABC Credit Union, including all personnel affiliated with third parties. Also this policy applies to all equipment that is owned or leased by ABC Credit Union, or to devices that connect to a Credit Union network or reside at an ABC Credit Union site.
All computers system will be imaged to the following standard: * No sound * No background pictures * 800X600 screen resolution
No employees will be gained administrator right on their computer system in order to…...

Similar Documents

Implementation Plan

...Implementing an Effective Risk Management Program The Guiding Principles of Risk Management (RM) A. Integrate RM into all phases of missions and operations. Effective RM requires that the process be integrated into all phases of mission or operational planning, preparation, execution, and recovery on a continuing basis. It is much more cost effective to plan up front during building construction and renovation to imbed safety, fire and environmental protection systems than to retro-fit after the fact. B. Make risk decisions at the appropriate level. As a decision-making tool, RM is only effective when the information is concentrated on the appropriate supervisory level for decision. The higher the risk, the higher the management level of who should make the decision to accept a risk or not. Often this will require the decision to apply resources, whether manpower, dollars or both, to mitigate risks to an acceptable level so the management decision-making level must be where the purse strings are controlled. C. Accept no unnecessary risk. Accept no level of risk unless the potential gain or benefit outweighs the potential loss. RM is a decision-making tool to assist the supervisor or individual in identifying, assessing, and controlling risks in order to make informed decisions that balance risk costs (potential losses) against mission benefits (potential gains). An unnecessary risk is one that if not taken, you can still accomplish the mission. For......

Words: 4698 - Pages: 19

Is535 Implementation Plan

...* Running Header: EAGLE MAIL IMPLEMENTATION PLAN IS 535 - Managerial Applications of Information Technology 4/10/2012 Contents Section I: Purpose of Plan Section II: Strategic Business Plan Rationale Disruptive Forces in USPS Market: Opportunity for Future Relevance: Raison d'être/ Justification for plan: Porter’s Model and EagleMail I. Rivalry among Competing Firms II. Potential Development of Substitutes III. Buyer Power IV. Bargaining Power of suppliers V. Threat Of New Entrants Rationale Summarized Section III: Current Systems Major Systems Supporting Business Functions and Processes List of Current USPS MIS Specific Examples of Innovation by Foreign Postal Services Section IV: New Developments System Projects Identity and access management Account Creation Figure 1: Overview of Account Creation Process Email infrastructure Figure 2: Illustration of Email Process in Company Environment Web portal Business Information Systems Business continuity and disaster recovery Section V: Management Strategy Senior Management: Middle Management: Security Validation: Sales and Marketing: Human Resources: Operational Management: Section VI: Budget Requirements Budgeting the New Implementations Table 1: Illustration of Costs for Implementation of Proof of Concept EagleMail Plan Cost benefits and models to evaluate the cost and assets. Is the project at risk? What are the......

Words: 16382 - Pages: 66

Implementation and Analysis of a Wide Area Network

...IMPLEMENTATION AND ANALYSIS OF A WIDE AREA NETWOK (A FEASIBILITY REPORT) BY ISAIAH ADEBAYO STUDENT’S NAME WITH 3121658 STUDENT’S NUMBER COMPUTER SYSTEMS AND NETWORKING ENGINEERING (CSN)-FULL TIME SUBMITTED TO: DR VINCENT SIYAU (SUPERVISOR) TABLE OF CONTENTS CHAPTER ONE 1.0 AIM.............................................................................................................................Page 3 1.1 OBJECTIVES.............................................................................................................Page 3 1.2 INTRODUCTION......................................................................................................Page 4 1.3 EQUIPMENTS USED............................................................................................... Page 4 CHAPTER TWO 2.0 METHODS AND PROCEDURES............................................................................Page 5 2.1 PRESENT NETWORK OVERVIEW........................................................................Page 5 2.2 MAIN OFFICE NETWORK......................................................................................Page 7 2.3 SUBNET OFFICE NETWORK.................................................................................Page 7 2.4 BUSY NETWORK SCENARIO...............................................................................Page 7 CHAPTHER THREE 3.0 PROPOSED NETWORK SCENARIO....................................................

Words: 1948 - Pages: 8

Develop a Markteing Communication Plan

...Assessments For Develop a marketing communication plan BSBMKG503A Due Date 12. November 2008 Teacher: Executive Summary Find include a Marketing Communication plan for Madam Tussaud’s! What is an Communication plan Why it is important to have an Communication plan. When should you write a communication plan. Which person should get involved? It will include the objectives of the communication plan, an assessment of the characteristics of the product or service and their suitability for each of the four promotions and types of media. At the end there are some recommendations of evaluate a Communication plan. Table of Contents Introduction 3 Methodology 3 Results & Findings 3 COMMUNICATIONS PLAN 3 Document History 4 Purpose 4 Project Description 5 Communication Objectives 5 Interested Party 5 Project Management and Admin 6 Advisory Board 6 Technical 6 Business 7 Information Required 7 Information Required Continued 8 Workflow process 8 Product 10 Target Market 12 Promotion 12 Objective of the Communication Plan 13 Assessment of the characteristics of the product or service and their suitability for each of the four types of media. 13 Advertising 14 Sales Promotion 14 Criteria by which the results of the Communication Plan can be measured 17 Limitations of the research 19 Conclusion 19 Recommendations 19 Appendices 20 Bibliography 21 Introduction Madam Tussauds is a Wax figure exhibition with very famous......

Words: 3477 - Pages: 14

Implementation Plan

...Implementation Plan CMGT/445 Implementation Plan Project Name: City of Tuscon Case Management Software (City of Tucson, 2013) Project Stakeholders City of Tucson Arizona Nathan Daou - – Contract Officer Project Description * The purpose of this project is to provide the City of Tucson Attorney with Case Management Software * The main challenge of this project will be to provide a proven, open system standards-based solution that requires little or no custom software development to meet the requirements stated in this solicitation * The desired outcome of this project is to improve productivity for the City of Tucson Attorney in this management of cases. Measurable Organizational Value (MOV) · The primary measure of value for this project will be to provide the City of Tucson, AZ with a case management software application to increase productivity of the City Attorney and staff as well as provide a new case management application to replace the old software being used. Employee satisfaction with the improvement can be surveyed and used to further measure the organizational success of this project. Project Scope · The City of Tucson Attorney’s office and the offices of his staff and secretaries will be fitted with new computer systems, upon approval, as well as a copy of the new case management software in a client/server configuration in order to allow all members of the City Attorney’s staff real......

Words: 858 - Pages: 4

Unit 4 Assignment 1 Implementation of an Organization-Wide Security Plan

...Unit 4 Assignment 1 Implementation of an Organization-Wide Security Plan In this security plan we will need to consider all 7 IT infrastructure domains when it comes to developing access controls for the network. Access controls for our facilities will have an appropriate entry system access control that will specify which area should be locked at all times. There will be secondary locks on equipment and storage cabinets within the facility to further secure specific pieces of equipment, such as a database server. Preventing social engineering policy will specify goals for stopping social engineering that will include employee training. Access controls for systems will limit access to those employees who have a legitimate need for that resource. Strong password policy will be in effect that will require you to change it often and you will need to have uppercase, lowercase, numeric and special characters. Application access controls will provide standard testing procedures for any third party application installed in the environment for security. Access controls for data will include data encryption on all sensitive data and enforcing the principle of lowest possible access. Access control for remote access will grant access to the VPN through a two stage authentication process that includes a strong password and a token device. All of these controls will be included in our organization-wide access control plan. Now that we know what are access controls are, we will need......

Words: 380 - Pages: 2

Security Policy Framework

...Security Policy Framework CIS 462 01 February 2014 As organizations grow, and rely more on information systems as the primary means of conducting operations, keeping those systems and its information secure has become one of the biggest priorities ever. In order to ensure information security, the organization must take appropriate security measures to make sure that no information is put in the hands of unauthorized personnel. Having a comprehensive information security framework in place along with sound standard operations procedure (SOP), and policies and regulations can help any organization keep its systems and information secure. When developing a framework for any organization you must choose what will be best for that organization, although the NIST (SP 800-53), ISO/IEC 27000, and COBIT all are frameworks that offer many different security programs, there is no wrong framework to choose, but choosing the one that works for your organization can be a tough decision for any manager to make. With the insurance organization I would choose to implement the ISO/IEC (27000) framework. That way we can concentrate on establishing and managing an IT security program. The ISO/IEC covers information security standards that are published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) that develop and publish international standards. By using this framework we can provide all necessary best......

Words: 1310 - Pages: 6

Implementation of an Organization-Wide Security Plan

...Implementation of an Organization-Wide Security Plan Implementation of an Organization-Wide Security Purpose The purpose of this security plan is to establish security requirements to have a controlled access to the information resources. Scope This plan applies to all users of information assets including employees, employees of temporary employment agencies, vendors, business partners, and contractor personnel. Definitions Definition of some of the common terms: Authentication: is the process of determining whether someone or something is, in fact, who or what it is declared to be Availability: Ensuring that authorized users have access to information and associated assets when required. Confidentiality: is a set of rules or a promise that limits access or places restrictions on certain types of information Critical: Degree to which an organization depends on the continued availability of the system or services to conduct its normal operations. Integrity: is the assurance that information can only be accessed and modified by those authorized to do so Sensitive: Concerned with highly classified information or involving discretionary authority over important official matters. Policy Statement Access controls are necessary for the organization systems that contain sensitive or limited access data. This plan describes the mechanisms used to implement access controls and responsibilities to ensure a high level of information security. Access control......

Words: 1112 - Pages: 5

Implementation Plan

...Implementation Plan Simply formulating a strategic plan is not enough for success. The plan must also be successfully implemented for it to be successful. Implementation includes developing short-term objectives, identifying functional tactics, and determining key success factors. These items are critical for the successful implementation of UPMC’s new strategic plan. Short-Term Objectives WebFinance Inc. (2014) defines a short-term objective as “a smaller, intermediate milestone to achieve when moving towards an important goal” (para. 1). Short-term objectives are often long-term goals broken down into smaller pieces. By completing the short-term objectives, we are also completing parts of a long-term objective. The first long-term objective is to come to an agreement and a new contract with Highmark. Let’s see how we can develop some short-term goals from the long-term objective. By March 31, 2015, UPMC needs to start opening the lines of communication with Highmark. This will be done by stopping all anti-Highmark advertisements and propaganda and working to get the company to be agreeable to a new contract. Being the first to declare a cease-fire with Highmark will also go a long way with the people of Pittsburgh to build goodwill and a better reputation for UPMC. The next long-term objective is to dedicate more time and assets into the research and development of better treatment for age-related diseases. The first short-term objective to be......

Words: 893 - Pages: 4

Infrastructure and Systems Implementation Plan

...Infrastructure and Systems Implementation Plan Sabrenna Anderson Kaplan University Primary Contact | Name | Rosanne Moran | | Phone | 732-930-3800 | | Email | | Backup Contact | Name | Sabrenna Anderson | | Phone | 732-656-3575 | | Email | | Proposal Type | Idea To Be Explored Potentially Identified Solution | Project Type | New Project Enhancement to Existing or Former Project | Working Title of Project | Infrastructure and Systems Implementation Plan | Project Sponsors | WInt IT department, Rosanne Moran, IT Director. | ------------------------------------------------- ------------------------------------------------- Introduction Widgets International, Inc. currently consists of Widgets USA, LLC and Widgets-R-Us, LTD. Combined Widgets International, Inc. has 50 years of experience in providing function critical assembly and machinery solutions. WUSA has cornered the Business to Business market while WRU has grown in leaps and bounds in the retail market. Together as Widgets International, Inc., they stand to increase their market share substantially by creating and offering innovative and cost effective assembly solutions globally. (Anderson, Unit1, 2014) ------------------------------------------------- ------------------------------------------------- Purpose and Justification This proposal will explore the requirements for the application and implementation of an easily manageable......

Words: 2927 - Pages: 12

Implementation Plan

...Implementation Plan In order to host seasonal cook-offs we formulated a suggested step-by-step executing plan. We assumed that the first seasonal cook-off will take place in the spring. • Organizer presents idea to XXXX (January 08) o The purpose will be to get the rest of the committee interested and excited about the idea. • Contact local Chefs (January 22) o Explain the benefits to the chefs themselves. Outlining the media exposure and positive PR they would receive o Show the benefits their presence will provide to the Fernwood neighborhood o Asses the best possible date for them to attend the event • Set the date (February 12) o Taking in to consideration when most chefs will be available and the best time for XXXX and its volunteers • Generate volunteers (February 19) o Gather the volunteers who are willing to participate in this event o Possibly hire security guards if necessary for the event • Advertise the event (February 22) o Advertise through the local newspapers and magazines o Use the local radio stations o Put up banners and signs throughout the whole neighborhood and maybe the surrounding neighborhoods if appropriate o Spread the word and generate hype locally through word of mouth • Organize the equipment (March 08) o Rent necessary equipment the community doesn’t already have access to; such as tables, disposable plates, napkins and others • Host the event (March 26) o Holding this amazing event and hoping it is a success that will......

Words: 255 - Pages: 2

Develop and Implement Diversity Policy

...Develop and Implement Diversity Policy BSBDIV601A Q-1 List a number of benefit that diversity policy can bring to an organisation. How do these relate specifically to business objectives? A - A more diverse workforce... will increase organisational effectiveness. It will lift morale, bring greater access to new segments of the marketplace and enhance productivity. In short... diversity will be good for business. Diverse workplaces make good business sense for an organisation. A diverse workforce increases the opportunity to bring various perspectives to identifying and solving problems—a set of perspectives that more likely represent broader community views. Some of the benefits of diversity in business objective: - Increased innovation A diverse workforce means a broad range of perspectives, ideas and insights, not only in policy development and implementation, but in defining the policy challenge at the outset. - Improved service to our clients A workforce that reflects the diversity of the community it serves understands the needs of its clients better, enabling more efficient and responsive policy and service delivery outcomes. - Modelling what we promote The organisation has a role in promoting principles of equity and diversity in the Australian economy and community. Q-2 In your research you have accessed diversity policies from a number of other organisations. What did you learn from this and how relevant was the information gathered? A – 2 Adopting...

Words: 1267 - Pages: 6

Implementation Plan

...Distance Education Implementation Plan Ed5804-Uo2a1 Pamela A. Scallan Capella University Dr. Ann Armstrong Topic: My topic is the Implementation of a Distance Educational Plan using technology to enhance the existing distance education curriculum, Pre-K-Grade 3, using Audio/Video Media Technology to enhance the reading skills to globally diverse learners, using the Content Management System in a single-site environment. Overview: I am going to attempt to provide a brief overview of the Technologies and Media addressing the interactive/recorded audio and video along with the use of the Internet for transmission of the audio/video material. Print media is used extensively in Distance Education thru the use of study guides, textbooks, reproducible materials such as articles from journals or excerpts of chapters or perhaps entire chapters, course notes created by the instructor for students or pertinent student information related to the course via instructor or institution under which the program is delivered. I choose the various forms of Audio and Video Media by which I will implement my plan as a topic (one lesson), globally from a single-site. When thinking about media and technology (Moore, 2007) suggests answers to the following questions: 1. What are the characteristics of different communication technologies and media, and how can they be used in distance education? 2. Which communications’ media and technologies are the best for......

Words: 659 - Pages: 3

It Security Policy Framework

...Introduction When implementing a security policy many elements should be considered. For example, the size of the organization, the industry, classification of the data processed, and even the organization’s work load must be taken into account. As with any industry, selecting the proper security framework for an insurance organization should be done cautiously. This is because having too strict of a policy may inconvenience the employees or even their customers. Because of this, consultants must bear in mind that the information handled by insurance organizations is not as sensitive as a healthcare organization, for example. Nonetheless, establishing compliance is important to protect customer information and abide by U.S laws and regulations. Organizations must also identify and address some of the framework implementation challenges that may arise. These challenges are not exclusive to one organization, but all who develop a security policy framework. It is up to the organization to be able to overcome these issues with the proper strategies. IT Security Framework for the Insurance Company An ideal security framework the insurance company should abide by is the International Organization for Standardization (ISO) 27001. This standard explains the requirements for companies to meet their Information Security Management System (ISMS) needs. It provides companies with guidance to establish, implement, maintain, and improve their information security (“An...

Words: 1329 - Pages: 6

Climate Policy Framework of Tanzania

...Essay on the role of greenhouse gas emissions trading in the climate policy framework of Tanzania At the 13th conference of parties of the United Nations Framework Convention on Climate Change (UNFCC), held in Bali 2007, the agreement was to implement a REDD 1 policy in developing countries, to replace the first commitment period of Kyoto Protocol (2008-12). The REDD policy is designed to encourage developing countries with tropical forests to undertake measures that will minimize the rate of deforestation and forest degradation in exchange for receiving tradable carbon abatement credits financed by developed countries. It is in this regard, the greenhouse gas emission trading in Tanzania is conducted under the framework the UN-REDD policy framework. The framework emphasises the involvement of the local community in the design and implementation of the REDD strategy. It also recommends that the REDD strategy needs to be pro-poor. Greenhouse emissions trading can play a major role in a cost-effective climate policy framework. In Tanzania, there are various REDD related innovations and technologies already in the country that I foresee to help increase carbon sinks, avoid reducing carbon sinks, and reduce emissions from productive activities. Some of the REDD related innovations and technologies that Tanzania can offer in the international REDD architecture are:  Afforestation and reforestation activities - this is likely to be successful as a pro-poor REDD activity, due to...

Words: 510 - Pages: 3