Presentation is loading. Please wait.

Presentation is loading. Please wait.

CONTENT Introduction Objective Scope and methodologies Proposal chapters Proposed policies and recommendations Conclusion.

Published bySybil Weaver Modified over 8 years ago

Similar presentations

Presentation on theme: "CONTENT Introduction Objective Scope and methodologies Proposal chapters Proposed policies and recommendations Conclusion."— Presentation transcript:

1

2 CONTENT Introduction Objective Scope and methodologies Proposal chapters Proposed policies and recommendations Conclusion

3 INTRODUCTION

4 OBJECTIVE To find awareness and appreciation of the organization employee to the current security and loss prevention policies. To evaluate the effectiveness of the existing securities policies and physical security countermeasures that has been imposed to the company. To propose the best of policies, plans and procedures for the organization within it security budget.

5 SCOPE & METHODOLOGY This plan should cover all of the following: R&D department asset including information and physical asset. R&d department employees. R&d department vendors and visitors. This plan is developed based on information gathered through below activities: The security survey for research & development department This survey was distributed to all employees of research & development department to get their opinion and view on the department security level. The survey also intends to have their understanding of the information security. Survey's data analysis Survey responses and results that have been conducted are collected and analyzed to understand the current state of the department's security. The results of the analysis are used for the security plan proposal to enhance the existing security practice and new propose of the practice that should be implemented and established in the department.

6 CHAPTERS IN THE PROPOSAL This proposal is divided into six (6) categories as the following: Basic personal information Access control (physical security & logical access) Computer operations control System development controls Database controls Company website control Backup and recovery controls

7 PROPOSED POLICY AND RECOMMENDATION

8 Using visitor management system for visitor / vendor It is used to tracking and limit the visitor / vendor of office premise. It can record every visits, visit period and movements by specific visitors and provide documentation of visitor's whereabouts. Using biometric system for employee Recommend to replace the current RFID card system into biometric system for employee entering and out of the premise, also used for employee attendance record. It is relies on specific data about unique Physical and behavioral Using visitor management system for visitor / vendor It is used to tracking and limit the visitor / vendor of office premise. It can record every visits, visit period and movements by specific visitors and provide documentation of visitor's whereabouts. Using biometric system for employee Recommend to replace the current RFID card system into biometric system for employee entering and out of the premise, also used for employee attendance record. It is relies on specific data about unique Physical and behavioral Office main entrance is ensured to be equipped with security measure to filter and keep track of person who enter an exit the office Visitors / vendors must get a pass card at receptionist counter upon arriving before allowed to enter the office and returns the pass card upon leaving the office premise. Pass card only being issued for visitors / vendors provided with the office employee name and department. Employee to ensure their devices and drawers or cabinets are locked when they leave or not at their desk. Employee is not allowed to bring their personal laptop to office. Employee to register their personal gadgets or any communication devices that able to use for an information sharing. Employee on leaving a premise, bonnet of their car is checked by security officer to make sure there is no company properties is carried out without permission. Office main entrance is ensured to be equipped with security measure to filter and keep track of person who enter an exit the office Visitors / vendors must get a pass card at receptionist counter upon arriving before allowed to enter the office and returns the pass card upon leaving the office premise. Pass card only being issued for visitors / vendors provided with the office employee name and department. Employee to ensure their devices and drawers or cabinets are locked when they leave or not at their desk. Employee is not allowed to bring their personal laptop to office. Employee to register their personal gadgets or any communication devices that able to use for an information sharing. Employee on leaving a premise, bonnet of their car is checked by security officer to make sure there is no company properties is carried out without permission. Proposed Policy Recommendation

9 Use managed client/server anti-virus architecture A managed client communicates with a management server in the network. The administrator able to configure the protection and the default settings to all managed client that results to standardize of the setting. Annual password audit. Propose to conduct an annual audit of the of the computer system for verification of all passwords, access codes, or access violations to maintain the integrity of the system and security of records contained in the system Use managed client/server anti-virus architecture A managed client communicates with a management server in the network. The administrator able to configure the protection and the default settings to all managed client that results to standardize of the setting. Annual password audit. Propose to conduct an annual audit of the of the computer system for verification of all passwords, access codes, or access violations to maintain the integrity of the system and security of records contained in the system Use of the organization's computers is limited to purposes directly related to the mission or intent of the organization. Employees will not use organization's equipment for personal use unless authorized. Employees will not download or upload pirated or illegal software. Employees will not copy or transfer any organization programs for any unauthorized use. Any outside computer software and disks into office’s computers or workstations could result in virus infections of the host system. Employees should inspect all disks or software for virus infection prior to being used. Due to the various viruses that can be attached to e-mail messages, employees are cautioned about opening any unexpected or unknown mail. Use of the organization's computers is limited to purposes directly related to the mission or intent of the organization. Employees will not use organization's equipment for personal use unless authorized. Employees will not download or upload pirated or illegal software. Employees will not copy or transfer any organization programs for any unauthorized use. Any outside computer software and disks into office’s computers or workstations could result in virus infections of the host system. Employees should inspect all disks or software for virus infection prior to being used. Due to the various viruses that can be attached to e-mail messages, employees are cautioned about opening any unexpected or unknown mail. Proposed Policy Recommendation

10 To adopt scrum methodology It is trend for many of organization to adopt to this methodology for software development framework to managing product development. Re-estimate system size, staff effort, and schedules regularly. To insist on original estimates is not always good idea. As the project progresses, more information is learned about the size and complexity of the problem. To adopt scrum methodology It is trend for many of organization to adopt to this methodology for software development framework to managing product development. Re-estimate system size, staff effort, and schedules regularly. To insist on original estimates is not always good idea. As the project progresses, more information is learned about the size and complexity of the problem. All software developed by employees are the property of the organization. Employees shall not have any claims to the property of the software nor shall it be duplicated for personal use or for selling purposes. Copies of the developed software shall not leave the office premises unless authorized by the management. New software development shall follow and adhere a defined software development lifecycle including for small software application. System development, testing, and production should be performed in separate environments to make sure an integrity and confidentiality. Testing should not be done on live data due to the threat to its confidentiality and/or integrity. All software developed by employees are the property of the organization. Employees shall not have any claims to the property of the software nor shall it be duplicated for personal use or for selling purposes. Copies of the developed software shall not leave the office premises unless authorized by the management. New software development shall follow and adhere a defined software development lifecycle including for small software application. System development, testing, and production should be performed in separate environments to make sure an integrity and confidentiality. Testing should not be done on live data due to the threat to its confidentiality and/or integrity. Proposed Policy Recommendation

11 Encryption of database backup data Encrypt backup data using encryption functions or tools to make sure the file is secure even if it lost or have been stolen. Attend to database security training Due to technology is rapidly, there is the need for the database administrator is always updated to the latest technology and new available tools. The training such as database security guideline, database administrative advance. Encryption of database backup data Encrypt backup data using encryption functions or tools to make sure the file is secure even if it lost or have been stolen. Attend to database security training Due to technology is rapidly, there is the need for the database administrator is always updated to the latest technology and new available tools. The training such as database security guideline, database administrative advance. Database must be backup at least once a week and the location of backup database at the different place. Due to database passwords are always automatically and transparently encrypted during network connections. Database package is come with multiple product. Install additional products and options only as necessary. Use custom installation to avoid installing unnecessary products To make sure a database server is keep behind a firewall. Delete database accounts that are not in use such as employees who have been terminated or have been transferred To set the number of times a login failed attempt including the failed attempt that before successfully to login into the account. To ensure any update in database is must follow to update a database design document. Database must be backup at least once a week and the location of backup database at the different place. Due to database passwords are always automatically and transparently encrypted during network connections. Database package is come with multiple product. Install additional products and options only as necessary. Use custom installation to avoid installing unnecessary products To make sure a database server is keep behind a firewall. Delete database accounts that are not in use such as employees who have been terminated or have been transferred To set the number of times a login failed attempt including the failed attempt that before successfully to login into the account. To ensure any update in database is must follow to update a database design document. Proposed Policy Recommendation

12 Involvement of top management especially business manager Business manager is recommended to be involved in the design of website content to make sure the content is parallel to the company business strategy or focusing to the right content such as to promote a running promotion, feature product and etc. Involvement of top management especially business manager Business manager is recommended to be involved in the design of website content to make sure the content is parallel to the company business strategy or focusing to the right content such as to promote a running promotion, feature product and etc. To ensure that the company website reflects a consistent corporate image that preserves and builds the value of the corporate brand. To ensure the company website files is backup before uploaded and the location of backup database at the different place. To ensure the company website has a privacy policy in place to make sure is free about any potential lawsuits. To ensure any changes to the website must be versioning and its version logs must be kept for audit purposes. To ensure that the company website reflects a consistent corporate image that preserves and builds the value of the corporate brand. To ensure the company website files is backup before uploaded and the location of backup database at the different place. To ensure the company website has a privacy policy in place to make sure is free about any potential lawsuits. To ensure any changes to the website must be versioning and its version logs must be kept for audit purposes. Proposed Policy Recommendation

13 Data restores is tested monthly Regardless of how large or small your business may be, data is an essential aspect of running it. The loss of business data can end up costing you a lot of money. Thus is the need for files backup that has been properly stored and to be restore again. Working files sync to cloud There are multiple of benefit to employees such as auto backup feature and increased productivity while on-the-go. Cloud file syncing is an application that keeps files in different locations up to date through the cloud. Data restores is tested monthly Regardless of how large or small your business may be, data is an essential aspect of running it. The loss of business data can end up costing you a lot of money. Thus is the need for files backup that has been properly stored and to be restore again. Working files sync to cloud There are multiple of benefit to employees such as auto backup feature and increased productivity while on-the-go. Cloud file syncing is an application that keeps files in different locations up to date through the cloud. Critical data, which is critical to the organization, must be defined and backed up. Backup copies must be stored in an environmentally protected and access secure controlled location. Backup media must be clearly labelled. Employees that maintain their own backup procedure are required to perform to backup all their important files as a minimum is weekly backups. Stored copies must be made available upon authorised request. Prior of that, an approved by an authorised person nominated by department management is required. Business department units are responsible for creating and planning for business continuiTy plans (bc). Records of all backup and recovery process must be kept for audit purposes. Critical data, which is critical to the organization, must be defined and backed up. Backup copies must be stored in an environmentally protected and access secure controlled location. Backup media must be clearly labelled. Employees that maintain their own backup procedure are required to perform to backup all their important files as a minimum is weekly backups. Stored copies must be made available upon authorised request. Prior of that, an approved by an authorised person nominated by department management is required. Business department units are responsible for creating and planning for business continuiTy plans (bc). Records of all backup and recovery process must be kept for audit purposes. Proposed Policy Recommendation

14 CONCLUSION ABC Sdn Bhd management and staffs should know and understand about the company security policy and obey the rules appropriately. They should aware what they should do in case of emergency or when facing a security threat. Security practice should be practiced regularly and adapt it as a monthly / yearly routine to ensure the safety of employees and organization assets, and the most important is as an awareness among the employees. Management also should ensure all parties involves in organization businesses including all employees, vendors and contractors aware about the security policy and ensure they abide with the rules and regulations imposes in order to avoid unexpected risks that may cause a lost and impact to the organization image.

15 THE END

Download ppt "CONTENT Introduction Objective Scope and methodologies Proposal chapters Proposed policies and recommendations Conclusion."

Similar presentations

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
INTERNET and CODE OF CONDUCT

INTERNET and CODE OF CONDUCT
By Mrs. Smith DATA INTEGRITY AND SECURITY. Accurate Complete Valid Data Integrity.

By Mrs. Smith DATA INTEGRITY AND SECURITY. Accurate Complete Valid Data Integrity.
Network security policy: best practices

Network security policy: best practices
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Computerised Maintenance Management Systems

Computerised Maintenance Management Systems
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?
Incident Response Updated 03/20/2015

Incident Response Updated 03/20/2015
Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.

Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.
Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 2 This material was developed by Oregon Health & Science University,

Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 2 This material was developed by Oregon Health & Science University,
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
1.1 System Performance Security Module 1 Version 5.

1.1 System Performance Security Module 1 Version 5.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.

Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.
Extending Forefront beyond the limit TMG UAG ISA IAG Security Suite www.SecureMobileEmail.com www.AGATSolutions.com.

Extending Forefront beyond the limit TMG UAG ISA IAG Security Suite

Similar presentations

Ads by Google