Requirements Case
Essay by frankieM • January 21, 2014 • Study Guide • 957 Words (4 Pages) • 1,396 Views
Assignment 1
IT 540 Assignment 1
Kaplan University
Table of Contents
Abstract 3
IT540 Assignment 1 Part I 4
Mini security policy 4
References 8
Abstract
This paper will look at ten important devices that a company uses and the potential risks associated with them. I will devise a potential security policy for these devices. Part two of this paper, I will look at the security policy of Acme and discuss four major problems that this security policy has.
IT540 Assignment 1 Part I
The ten items that I looked at are the following: Portable storage devices, scanners, e-mail, shared drives, printers, wireless devices, database access, backup devices, UPS (uninterruptible power supply), photocopy equipment.
The threats of each of these devices are different and several overlap. The intercept danger is present in all of the devices. A portable devices can be easily stolen or lost. Wireless devices can be intercepted in transmission. Data send to a wireless printer or received from wireless scanner can be intercepted. Shared drives, databases, backup devices may accessed by unauthorized users or may be alter by authorized users either maliciously or by use of social engineering. The UPS device only works as well as the maintenance of the devices. In other words, if the UPS box is not charged properly it will not function. Photocopy equipment present the danger of forgotten material. The possibility of retrieval of recently photo copied material from the scanning sensors.
Mini security policy
The use of portable storage devices such as USB, Firewire disk, flash disks and thumb drives are not authorized except with specific authorization from the security manager. They will not be allowed to leave the premise unless specifically authorized by the security manager and after s/he has determined that the data is secure via authorized methodology.
Scanners can only be used in secure mode. Data from portable scanners can only be download on company property using property interfaces. All scanners will be password protected and locked when not in use.
Company e-mail network will only be used for company business. The company e-mail will not be used for personal matters. All e-mails must use the approved company encryption method only.
Network drives will only be accessed via company authorized networks and by authorized users. Do not share your authorization with anyone!
Printers can only be connected to the network via hard wires. Company data will not be printed to a wireless printer.
Only company provided wireless devices (i.e. cellphones, tablets) will be sued to conduct company business.
...
...