Computer Security Plan
The thrust of the Computer Security Plan part of the Business Plan is to ensure that the information systems to be deployed by the company will be in line with of the strategic mission and vision of the company. In order to insure that the information technology infrastructure and resources will meet the requisite requirements of every strategic, tactical and operational plan, the company decided to start on the right footing by adapting the standards contained in the ISO/IEC 17799:2005 or specifically known as the Information Technology - Security Techniques - Code of Practice for Information Security Management. By purchasing the ISO 17799 Toolkit, the company can follow the roadmap for a more secure information systems environment, implement the policies contained in the toolkit, and eventually obtain ISO 17799 certification to add more value to the consulting business.Specifically, the company will initially address the following areas that require immediate attention: 1.User authentication methods and policies - This will be based on Section 11.1.1 of ISO 17799 wherein, "An access control policy should be established, documented, and reviewed based on business and security requirements for access. Access control rules and
4.Password policy - This will be based on Section 11.3.1 Password use of ISO 17799 wherein, "Users should be required to follow good security practices in the selection and use of passwords. All users should be advised to keep passwords confidential; avoid keeping a paper or software record of passwords, unless this can be stored securely and the method of storing has been approved; change passwords whenever there is any indication of possible system or password compromise; select quality passwords with sufficient minimum length which are easy to remember; not based on anything somebody else could easily guess or obtain using person related information; not vulnerable to dictionary attacks; free of consecutive identical, all-numeric or all-alphabetic characters; change passwords at regular intervals or based on the number of accesses, and avoid re-using or cycling old passwords; change temporary passwords at the first log-on; not include passwords in any automated log-on process, not use the same password for business and non-business purposes." To further manage the information technology infrastructure and resources, the plan calls for the adoption of the "best-of-breed" approach by way of making certain that the building blocks of information security (Shaurette 2002) are fully exploited. These building blocks include the optimum use of security policies, authentication, access control, anti-virus/content filtering sys
Some common words found in the essay are:
Security Management, Password ISO, Business Plan, iso 17799, iso 17799 wherein, access control, based section, 17799 wherein, information systems, information technology, policies based, information processing, operating procedures, authentication methods, , information processing facilities, policies based section, technology infrastructure resources, operating procedures documented,
Approximate Word count = 965
Approximate Pages = 4 (250 words per page double spaced)
|
