Information Security Policy

Introduction

Mixers entertainment is an organization in the music and film industry. It incorporates a number of retail chains in six different locations. This paper seeks to draw up an information security plan which will be most cost effective as well as offering the best information security system available. The aim of Mixers entertainment is to ensure that information used by the organization is kept secure from any arising security threat in this age of technology.

Organization’s overview

Mixers entertainment is an organization in the music and film industry. It incorporates a number of retail chains in six different locations. This paper seeks to draw up an information security plan which will be most cost effective as well as offering the best information security system available. The aim of Mixers entertainment is to ensure that information used by the organization is kept secure from any arising security threat in this age of technology.

Proper organization and communication are important in the organization’s successful attainment of set objectives. Since all six retail chains are known to run independent operations from each other and as such are directly connected to the Mixers entertainment head office for communication and administrative purposes. It is therefore critical that communication channels existing between the retail stores and the head office are able to optimize on communication as well as administration channels available discretely and securely (Cole, 2011). It is perceived that any communication breakdowns may result in jumbled up inventories and accounting errors arising due to such an eventuality. At present there have been reports of losses in sales revenues as well as unnecessary expenditures being realized at the organizations head office due to the individual manner in which each retail store operates. This is mainly due to the lack of a reliable information systems policy and the lack of a traceability mechanism at the organization.

Security plan overview

A program level system is the best for Mixers entertainment as its processes allow all six retail outlets to operate in unison as opposed to the accepted systems which entail independent operations. This new system will allow for a defined purpose, scope responsibility defining how the organization can operate the six retail outlets in a secure manner that optimizes use of available communication channels and organizational protocols (Cole, 2011). Purpose will define how the program will be utilized within the organization, scope will highlight on the resources available while responsibility will qualify the responsibilities of administrators and officials in the entire organization.

Security plan objectives

Confidentiality

The new method will allow for access to the system to be secure and discrete such that only authorized personnel will be granted access to the information system resources. Depending on personnel rank and identified security protocols, access to certain information and editing of such will be granted selectively (Da Veiga & Eloff, 2010). This will also allow for a robust traceability mechanism establishing which organizational official accessed what information, at what type and at what security level. More so, it will allow for the system’s administrators to be able to know which organizational personnel change information contained in the system’s database and why.

Integrity

The new method will seek to allow authorized personnel to get access to the organization’s sensitive data and will therefore secure Mixers entertainments database from unwarranted users (Da Veiga & Eloff, 2010). This will serve to appraise the integrity of the data contained in the organization’s database as improper alterations to data contained therein will be prohibited as per the adopted security policy. Password protection as a formalized means of ensuring security as well as employee profiling will allow for users to get access to the system as defined by authorization levels such that employees will only use the system as is required ensuring the information system’s integrity.

Back-up system

An external system connected to the organization’s information system will be used to ensure that all data classified as sensitive is automatically saved in the external system at a well defined timeline on a daily basis. This is because there are always possibilities of an information system collapsing due to internal or external attacks (Da Veiga & Eloff, 2010). The external system will ensure that Mixers entertainment’s authorized personnel will be able to have all its important documentation available in case of such an eventuality. The external system will employ a highly classified security level access protocol defining user access and information availability allowed for each employee profile. It is recommended that IT security personnel be available on call 24/7 towards ensuring quality service and system support.

Internal and external risks

Internal risks arise from within the organization. Improper use of an organization’s information systems resources by employee is one of the major contributors to internal risks (Peltier, 2013). Internal risks also results from unintentional damage on the system compromising the security of resources, this is also commonly propagated by employees within an organization. External risks arise from a myriad of sources which could be due to criminal activity, natural hazards such as earthquakes or floods, or man made disasters such as terrorist attacks which can cause much damage to the organizations physical structures and it information systems (Peltier, 2013).

Disaster recovery plan

Employing a host site is the best option for this organization considering financial resource constraints. This can allow for the retail outlets to continue operations independently without the need to respond to challenges encountered when using share sites (Peltier, 2013). Cold sites on the other hand are too costly and translate to significant interruptions to the smooth operations of organizational processes.

Risk assessments are vital towards appraising an organization’s information security system. Checklists and walk-throughs allow for the organization’s senior administrators to access retail store at different locations towards ascertaining if some security protocols have been bypassed, omitted or in some instances erroneously included (Peltier, 2013). Simulations allow for administrators to prepare organizational personnel for emergency situations so as to ensure against organizational losses. Conducting full interruptions is also a very important way to assess risks prevalent in an information system. These should be conducted at least once annually.

Physical security plan

To ensure against criminal activity, it is important to have a physical security plan for the head offices as well as retail stores. The application of physical controls such as magnetic locks, security cameras as well as security personnel can provide effective barriers acting as deterrents to criminal activity (Peltier, 2013). Security cards for personnel can also ensure against unauthorized entry and access to the organization’s databases.

Security plan for the organization’s information systems and resources

Workplace protection will protect against loss of human life as personnel as vital components in an organization’s information system. This can be realized through having health and safety protocols protecting against fire as well as ensuring for proper ventilation (Whitman & Mattord, 2011).

Information system resources have to be regularly taken through maintenance procedure to ensure optimum usability. In this instances, only authorized and qualified personnel should be granted access to such resources during phases of scheduled maintenance (Whitman & Mattord, 2011).

Roaming equipment which includes laptops and tablets also have to be accorded optimized security standards (Whitman & Mattord, 2011). Combining technical and physical security measures can ensure such equipment is kept secure in an effort to protect the organization’s secure data. For instance, security cameras combined with audit logs and secure software applications can allow for the administrators to trace the use of such devices as well as track them incase of theft.

Access control plan

Through secure authentication protocols, information systems administrators can control access of who views screens, files and systems based on personnel profile. Multifactor authentication protocols which appraise the security of the system should be applied. This can apply passwords as well as biometric scans on employees prior to granting access to information systems resources.

Discretionary access control only allows defined users to access the organization’s resources based on their job’s descriptions allowance to using such features (Whitman & Mattord, 2013). MAC protocols also referred to as mandatory access protocols only allow very sensitive information to be accessed by a limited number of personnel such as system administrators.

Role based access control (RBAC) guarantees that access will only be granted with respect to personnel functions within the organization (Whitman & Mattord, 2013). This allows for different departments to have access to a single system at the same time though at differently defined access levels.

Network security plan

Access control, authentication, data integrity, data confidentiality, non-repudiation ensure that the information systems configuration with respect to the Internet, intranet, LAN and WLAN are not compromised (Li, Xiong, Ma & Wang, 2012).

Information systems monitoring

Monitoring is a means with which to ensure that the information system is in compliance to the adopted security plan. This allows for administrators to audit historical as well as real time access to the system resources and performance (Li, Xiong, Ma & Wang, 2012). Through the application of firewall systems such as packet filtering router firewall systems, screened host firewall systems and screened subnet firewall systems the organization can ensure its information system is secure for unauthorized access.

Conclusion

The initiative proposed in this information system security plan provide for a comprehensive and significant increase with regard to Mixers entertainment’s entire information system and resources. Investments in organization’s information systems infrastructure are important towards mitigating against potential risks prevalent in the IT industry today. Discretely planned and appropriately maintained systems can ensure that costs used translate to the organizations realization of both short term and long-term development goals.

 

 

References

Cole, E. (2011). Network security bible (Vol. 768). John Wiley & Sons

Da Veiga, A., & Eloff, J. H. (2010). A framework and assessment instrument for information security culture. Computers & Security, 29(2), 196-207.

Li, X., Xiong, Y., Ma, J., & Wang, W. (2012). An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. Journal of Network and Computer Applications, 35(2), 763-769.

Peltier, T. R. (2013). Information Security Policies, Procedures, and Standards: guidelines for effective information security management. CRC Press.

Whitman, M., & Mattord, H. (2011). Principles of information security. Cengage Learning.

Whitman, M., & Mattord, H. (2013). Management of information security. Cengage Learning.

  Do you need high quality Custom Essay Writing Services?