Question

IT Security.

(Typing Answer Please.)

question 1:

Bay Pointe Security Consulting (BPSC) provides security consulting services to a wide range of businesses, individuals, schools and organizations. BPSC has hired you as a technology student to help them with a new project and provide real-world experience to students who are interested in the security field.

Juliet's Desserts is a regional retailer that was recently purchased by new owners, who want to create security policies. Because they have no experiences in this area, they have hired BPSC to help them.

1. Make a memo that explains what security policy is, the security policy cycle, and the steps in developing security policy. Please address each point on this task.

2. Juliet's Desserts is ready to start developing security policies and wants to make the security-related human resources policy first. Create one-page draft of a policy for them.

3. In your words, what is information systems security? How does network security fit into this puzzle of security?

Answer 1

Security Policy: Rules and Procedures for all individuals in an IT organization that allows or prohibits accessing and using an organization's IT assets and resources. Effective IT Security Policy is a model of the organization’s culture, in which rules and procedures are driven from its employees' approach to their information and work. Thus, an effective IT security policy is a unique document for each organization, cultivated from its people’s perspectives on risk tolerance, how they see and value their information and the resulting availability that they maintain of that information. Aim of an IT security policy is

Confidentiality

Integrity

Availability of resources

Few steps to develop a security policy are:

1: Identify all the assets that we are trying to protect.

2: Identify all the vulnerabilities and threats and the likeliness of the threats happening.

3: Decide which measures which will protect the assets in a cost-effective manner.

4: Communicate findings and results to the appropriate parties.

5: Monitoring and review the process continuously for improvement.

Information systems security, more commonly called as INFOSEC, it is the methods and ideas (methodologies) involved with keeping the information confidential, available, and assuring its integrity. It is also responsible for granting access to personals thus avoiding any unauthorized access. It protects the assets and detects the security breaches, as well as documents those events.

We can get protect data easily while it is stored at a place. Data security issue is prominent when data is exchanged or transmitted and received. Hence our computer network must be protected of any promising vulnerabilities. Therefore network security is important part of security in any IT organisation