Collaborate and discuss with the team’s Security Specialist about the security and privacy of the software and hardware solution for Verbania. Provide best security practices and guidelines to implement and follow, as well as the creation of formal security policies and a security plan. Include the following policies in your IT security policy:
- Disaster recovery
- Password creation and protection
- Remote access
- Routers and switches security
- Wireless communication
- Server security
- Acceptable encryption
Document the team’s security plan, security policy and security solution.
Within the template, prepare 5-7 pages of content addressing the team’s System Design. Insert content into the template document under Section Three.
Read also CMGT 400 Intro To Information Assurance and Security – Individual Assignment Help
Sample Security and Privacy of the Software and Hardware Solution for Verbania
Software and hardware security of the computer system has presented a bigger challenge on the current pattern of technology. The software and hardware used in the present computer systems have been designed to handle important information from clients with complete transparency to the user. Normally, the storage, transmission and the recipient or who access the data is beyond the control of the user (Chess, & Arkin, 2011). Typically, hardware security is perceived as most basic feature since it is a physical device that host and secure networking system. While seeking for solutions to the security and privacy issues affecting hardware, the engineers and designer need to ask themselves how the social networking should be structured in order to provide secure services. The major security concerns associated with hardware are location of the servers and handling of data. These challenges are addressed using security policies which were designed to bring uniformity and standard throughout the world.
Read also Cybercrimes Development Chronology – Hacking, Email Wiretapping, Phishing And Vishing
Software security solution focus on design and development of software to function properly and correctly even under attack (Dent, et al., 2015). Some of the security and privacy of the software solutions that are handled using security policies include access control, confidentiality, authentication, integrity and non-repudiation. In order to address the challenges of hardware and software security issues, Verbania should adopt IT security governance from ISO 38500.
The designers of the social networking should ensure that backup and database recovery process meets the security requirements. Disaster recovery is necessitated by a phenomenon that leads to destruction of networking components. Natural disasters that can destroy networking components include storms, earthquakes, floods and landslide. The backup and recovery processes must comply with legal, regulatory, legislative and policy obligations (OCIO, 2016). The security policies that must be considered in disaster recovery include access controls, environmental and physical security, use of digital signature and encryptions. The disaster recovery plan ensures that network continues to function properly even in the event of interruption or IT emergency. This allows for the restoration of the vital services and resource in a reasonable time.
Read also Backup Strategies and Use of Cloud Backup Strategies
The backups and recovery of the users as well as essential data system must be identified and protected in offsite location. The technical and physical measures must be considered in order to enhance recovery after the failure, compromised or disruption of networking components. The security measures include configurations, firmware installation, software and operating systems.
Read also CIS 523 – Disaster Recovery Plan And Critical Success Factors
Password security policy
The main objectives of password policy is to establish a standardize methods of setting up and managing strong passwords by network administrators and network users. Passwords are important aspects of information security especially in the social networking. This is the first line of protection for the user accounts (Chess, & Arkin, 2011). The social networking system should be designed and developed to encourage the users to set up a strong password that composed of alphabets, numerical and symbols in order to ensure that social networking applications are not compromised. It is the responsibility of the social networking users to create strong passwords while opening their accounts.
Read also CIS 523 – Password Management Tips
The password security policy applies to all Verbania employees which include the end users and system administrators. Also, agents, vendors and business partners are required to create their own personalized passwords. Some of the baseline password policy include requiring all the users to have authentication and identification such as one-time passwords or pass-phrase to permit access to the services (OCIO, 2016). The passwords must be confidential and the users cannot reveal to anyone except under specific circumstance outline in social networking IT security policy. It is the responsibility of the account holders and social networking user to be liable to all the actions such as use of their password to communicate and carry out transaction. The critical system password must be changed immediately whenever the network administrator leaves Verbania.
Email security policy
The objectives of email security policy is to define an acceptable use of email infrastructure and protect the security of information exchange over the email. The email security policy will be applied in two aspects: the employees of Verbania and those having social media accounts with Verbania. The policy should specifically accept the email usage on specific conditions (Chess, & Arkin, 2011). These include access to the email service only based on business requirements. Also, network administrators who are responsible for managing email servers must adhere to password policy. User receiving spam emails via the Verbania social networking should be encouraged to report or forward such emails to the Information Security department through help desk. The creation of user account must follow a formal approval process. Lastly, anonymous and spoofing should be strictly forbidden.
The security controls put in place to ensure protection of the information and data transmitted via the email include blocking of any suspicious emails, all email servers must have security appliance installed such as AV Scanners and spam filters, private and public key infrastructure must use encrypting emails, only approved mail infrastructure shall be permitted to transit through the network by using unauthorized mail relays for explicit protection.
Access control policy
The main objectives of access control policy is to implement control measures that ensures only authorized persons access the information. The access control policy ensures that the network operates under acceptable level of protection and meet the security requirements. The access control policy restrict the individual accessing hardware, software and infrastructure (Dent, et al., 2015). These include making sure that all systems have a user access lifecycle, the access of information by the user be restricted to base on security requirements and business requirements. Also, all the operating systems and application within the network are access only through login with user ID and password. In addition, all the devices and equipment used in the network must be authorized, registered and identified.
Read also Confidentiality, Access Control and Data Integrity – Network Security Policy
In the case of end-user, access control policy requires the end users to have unique ID that identifies them. The network system must be configured to disable or remove all user accounts after a specified period of inactivity. The network system must be designed to approve end-user account before created and enabled.
Cryptographic usage policy
The main objectives of cryptographic usage policy is to protect integrity, authenticity and confidentiality of the information transmitted and stored. Normally, cryptographic policy is used when protecting information considered as sensitive. The security measures of encryption control include ensuring that data transferred via WAN between stakeholder and Verbania through the internet must be protected using appropriate encryption (Chess, & Arkin, 2011). All the emails that contain sensitive and confidential information must be encrypted. All the business data that contain vital information about the business operations must be stored encrypted. Lastly, the network administrators must determine a standardize encryption methodology that works well with all the users.
Order Unique Answer Now