Organizational security strategies must be designed for agility and speed through the use of state-of-the-art systems that can quickly be reconfigured to match changing roles in an organization. Organizational security will be defined through role-based access, configurable through authenticated, clearly delineated processes that can be administered at the administrator level (Hone, Eloff, 2002).
The organizational security strategy will also be designed on the empirically validated Confidential, Integrity and Availability (CIA) triad model that successfully balances the need for data accuracy, security and access. Metrics and analytics will also be used for tracking the effectiveness of this strategy, as CIA-based implementations can be quantified from a reconciliation network performance standpoint (Gymnopoulos, Tsoumas, Soupionis, et. al., 2005).
Access Control and Cryptography Security
The it security policy will require the use of a proxy server-based approach to defining access control, authentication and cryptography. As there are a myriad of new technologies being released in this area, it is imperative that a Certificate Server-based authentication workflow be designed to ensure the goals of the organization can be achieved while information assets and systems are protected (Cisco Tutorial, 2013). Figure 2 illustrates the recommended configuration for the authentication and cryptography server (Hegyi, Maliosz, Ladanyi, Cinkler, 2005).
Figure 2: Using a Certificate Server for a Secured Network
Sources: (Cisco Tutorial, 2013) (Hegyi, Maliosz, Ladanyi, Cinkler, 2005) (Opus One, 2013)
Laws and Regulatory Compliance
As the organization is a publically-traded entity with operations globally, reporting requirements include compliance to the Sarbanes-Oxley (SOX), which has specific data access, retrieval and reporting requirements including the reporting of material events electronically. Reporting material events, creating and keeping audit logs up-to-date, and also ensuring continually created and reported financial data is secured to SOX levels of compliance (Lee, Wong, Kim, 2012) is a core requirement of this it security plan. In addition it is a requirement of this plan that all security system logs and activity be stored in 256-bit encrypted files and system that are consistent with certification server requirements. Laws and regulatory compliance standards will be defined by the CIO and it security operating committee, with dashboards and periodic reporting requirements also completed to ensure the organization meets and exceeds federal, state and local reporting requirements. The use of dashboards and advanced reporting systems is a critical success factor in the managing of it security polices to strategically-driven goals and objectives (Lee, Wong, Kim, 2012).
References
Amsel, E. (1988). Network security and access controls. Computers & Security, 7(1), 53.
Banks, S. (1990). Security policy. Computers & Security, 9(7), 605.
Burgess, M., Canright, G., & Kenth Engo-Monsen. (2004). A graph-theoretical model of computer security. International Journal of Information Security, 3(2), 70-85.
Eloff, J.H.P. (1988). Computer security policy: Important issues. Computers & Security, 7(6), 559.
Gymnopoulos, L., Tsoumas, V., Soupionis, I., & Gritzalis, S. (2005). A generic grid security policy reconciliation framework. Internet Research, 15(5), 508-517.
Peter Hegyi, Maliosz, M., Akos Ladanyi, & Cinkler, T. (2005). Virtual Private/Overlay network design with traffic concentration and shared protection. Journal of Network and Systems Management, 13(1), 119-138.
Hone, K., & Eloff, J.H.P. (2002).…
Sample Source(s) Used
References
Amsel, E. (1988). Network security and access controls. Computers & Security, 7(1), 53.
Banks, S. (1990). Security policy. Computers & Security, 9(7), 605.
Burgess, M., Canright, G., & Kenth Engo-Monsen. (2004). A graph-theoretical model of computer security. International Journal of Information Security, 3(2), 70-85.
Eloff, J.H.P. (1988). Computer security policy: Important issues. Computers & Security, 7(6), 559.
Related Documents
Study Document
Securities Regulation of Nonprofit Organizations
Securities Regulation SECURITIES REGULARIZATIONS IN NON-PROFIT ORGANIZATIONS The ensuring of the fact that an organization is working as per regulations and is following the code of conduct, while keeping the interest of the public first, are matters which are becoming more and more complicated with the passage of time. Therefore, it can be said with some emphasis, that today one of the most basic issues of many organizations is the issue of
Study Document
Security Policy Document: Global Distributions, Inc. The
Security Policy Document: Global Distributions, Inc. The purpose of this document is to establish key security parameters and guidelines for Global Distributions, Inc. (GDI) in order to protect the interests of the company and its clients. Scope These policies apply to all operations managed by GDI, including interactions and interfaces with client companies that are managed by GDI. All communication networks, database systems, and servers full under the purview of this policy. Policies Definition of
Study Document
Security in Cloud Computing
Security in Cloud Computing Security issues associated with the cloud Cloud Security Controls Deterrent Controls Preventative Controls Corrective Controls Detective Controls Dimensions of cloud security Security and privacy Compliance Business continuity and data recovery Logs and audit trails Legal and contractual issues Public records The identified shortcomings in the cloud computing services and established opportunities for growth regarding security aspects are discussed in the current research. The security of services is regarded as the first obstacle. The opportunity for growth is provided as combination
Study Document
Security Overview Businesses Today Are
(Gartenberg, 2005) Like all other aspects of business today, security systems often prove to be highly complex and hard (even for the participants) to identify. The culture of an organization is like the culture of a family, a community, or a nation: Because it surrounds the people in it they often have a great deal of difficulty in recognizing to what extent policies and procedures arise from the constraints of culture
Study Document
Security for Networks With Internet Access
Security for Networks With Internet Access The continual process of enterprise risk management (ERM) has become an integral component of successful organizational assessment, because the process of accurately identifying various risk factors, and interpreting their potential advantages and disadvantages, ensures that a business remains capable of anticipating and addressing internal and external contingencies. The following ERM implementation plan for the security of internet-accessible networks is intended to provide a navigable framework
Study Document
Security Breach Case Scenario 1: Security Breach
Security Breach Case Scenario 1: Security Breach Hospitals have the opportunity and responsibility to integrate sound policies and procedures in relation to the protection of the confidential client information (Rodwin, 2010). St. John's Hospital in no different to this notion has the organization seeks to enhance the security and confidentiality of the information of its clients. The organization is a role model to other institutions within the geographical area on the essential