In this assignment, students will learn to integrate course topics into an actionable security plan. Use your organization’s current system security (if this is not available find one on the Internet)

We can write your essays! Let our essay writing experts help you get that A in your next essay. Place your order today, and you will enjoy it. No plagiarism.

Order a Similar Paper Order a Different Paper

In this assignment, students will learn to integrate course topics into an actionable security plan.

Use your organization’s current system security (if this is not available find one on the Internet), and create a system security plan that is appropriate for the environment under consideration.

Note: If you work in a large company, create the system security plan for a single division or department.

Use the “System Security Plan Template,” to complete this assignment. Make sure to include screenshots (as applicable).

Refer to the “System Security Plan,” located within the Topic Materials, when working on this assignment. This resource provides detailed explanations of each section that should be included within the plan.

APA style is not required, but solid technical writing is expected.

This assignment uses a rubric. Please review the rubric prior to beginning the assignment to become familiar with the expectations for successful completion.

In this assignment, students will learn to integrate course topics into an actionable security plan. Use your organization’s current system security (if this is not available find one on the Internet)
CYB-525 System Security Plan (SSP) Template System Security Plan For: {System Name} Version: Date: Prepared By: System Identification System Name/Title Responsible Organization Information Contact(S) Assignment of Security Responsibility System Operational Status General Description/Purpose System Environment System Interconnection/Information Sharing Laws, Regulations, and Policies Affecting the System Sensitivity of Information Handled General Description of Sensitivity Management Controls Risk Assessment and Management Review of Security Controls Rules of Behavior Planning for Security in the Life Cycle Initiation Phase Development/Acquisition Phase Implementation Phase Operation/Maintenance Phase Disposal Phase Authorized Processing Operational Controls Personnel Security Physical and Environmental Protection Production, Input/Output Controls Contingency Planning Maintenance Controls Data Integrity/Validation Controls Documentation Security Awareness and Training Incident Response Capability Technical Controls Identification and Authentication Authorization/Access Controls Public Access Controls Audit Trails © 2018. Grand Canyon University. All Rights Reserved.
In this assignment, students will learn to integrate course topics into an actionable security plan. Use your organization’s current system security (if this is not available find one on the Internet)
Security Plan for a Small Office or Home Network (P4/P5/P6/M3/D2) Ajay Jassi A security plan in IT is a document that is produced by management, to show how an organisations implement security measures. This is done to protect and secure systems in the industry . Purpose The purpose of a security plan is to show procedures the business are doing reflecting to security towards the systems and data. This contains vary of security measures, daily procedures and plans. This mostly relates to a business that uses mostly online communication via email, and video calls. However other methods are used as well via phone, and face -to -face. This can be an example of any organisations which require IT a lot. Security These are the following security procedures and devices that are cur rently in place:  Physical protection: Three working CCTV cameras are setup around the outside of the site, mainly focusing on the entrances/exits. However there is no security officer on -site, and the footage from the cameras are checked every week by the manager and when necessary.  Virus protection: All computer systems have got Norton’s free anti -virus software trail, which has a month left on it. After the trails are over, the manager is attending to install AVG’s free -antivirus software trail.  Spam -filter software: K9 spam -filter software is installed on the computer systems by one of our employees who is currently still training to become qualified. However the software crashes frequently and is becoming unreliable as it works sometimes.  Pas sword secur ity : All desktops computers have a strong password, which follows the password policy. The desktops have the same password, which is very complicating therefore is written on a piece of paper which is stored in the employee staff room. However none of the laptops have a password, as they a secured in a safe when not in use.  Updates: Most of our computer systems have a full version of Windows 7 Ultimate, and some have got Windows XP. The Window 7 systems are updated which has been scheduled automatically to install the important updates. The Windows XP systems don’t update automatically and cannot connect to Microsoft, the problem is still unsolved.  Wireless networking: We have a router which allows anybody to connect to the internet, there is no password security on this and is open to anyone in the business.  Backups: All our computer systems have a separate partition with only a backup image file on it. This contains all personal and private information to the business. We currently have no other backup t echniques for the business, but are thinking about storing it on portable hard -drives.  Firewalls : A built -in firewall is turned on which was pre -installed with the Windows 7 Ultimate’s. The ISP routers seem pretty secure, however it disconnects sometimes a t least once a week. A technician is sometimes required to be called in to fix it. Security Plan for a Small Office or Home Network (P4/P5/P6/M3/D2) Ajay Jassi Assets: The business has many assets which aren’t only IT systems and data, however these are one of the main one’s. The assets need to be secured, as they are private for the business and shouldn’t be known with other businesses and anyone outside of the business. This requires the employee to trust and employee reliable staff. These are the following assets:  Computer systems, servers, and data  Other electrical essential t hroughout daily business. (printers, telephone and broadband)  Business secrets and personal details/information  Customers  Databases (business documents) from suppliers and customers  Software used for business (security, office suites, advance software, et c.) Risks 1. Physical threats  Theft  Damage  Arson 2. Computer security threats  Malware  Hardware failure and system crashes  Spam  Viruses 3. Information threats  Private data  Secrets of the business  Fraud 4. Natural threats  Tsunami  Floods  Earthquake  Hurricane Security measures 1. Protection  Backups  Encryptions  Employees 2. Prevention  Firewall and Antivirus  Operating systems (up -to -date )  Removal of data Security Plan for a Small Office or Home Network (P4/P5/P6/M3/D2) Ajay Jassi 3. Administration controls  Access control  Permission control  Webpage restrictions 4. Storage on Cloud Protection Backups: Backups are used to ensure that data is secure, and can be recovered quite accessibly if damaged or lost . Backups can be stored on a cloud base server, a hard drive, and removable portable devices, such as portable hdd, memory sticks, discs (dvd/c d). For extra protection, the hard -drive and (or) the portable device can be taken to a storage warehouse, which is securely locked up with high end security such as 24/7 CCTV and extremely strong steel all around the safe and the site. It is ideal to have many backups in different forms, as this will ensure extra protection from losing data, as a backup device may also get damaged, lost or stolen physically. Backups should be scheduled either automatically or manually daily, so that the backups are updated , as data important data could be gone in seconds from the threats. Encryptions: Encryptions are used to secure phases and words that are used across the business to each other to keep thing private and personal, so it cannot be read by others outside busi ness. These encryptions can be very hard to crack and is time consuming, therefore isn’t really worth doing, as business may just use it to be secure all the time. However if the encryption is cracked this shouldn’t be much of a problem as continental info rmation shouldn’t be shared on there. Encryption are also used on portable devices and files, which only certain organisations can use. An encryption contains its original message and large amount of other characters consisting of numbers, letters and sym bols. Employees: Employees in business should have good training, from professional trainees who know what they are doing and are reliable. This ensures that the employee knows how to act, behave and work in the IT industry keeping safe, and making sure th at security is considered. Many employees in IT don’t know what they are doing from bad training, and poor behaviour towards the work. This is often in businesses which don’t have a strong IT team/crew. An example of this can be a business like Costa Coffe e, as their main priory is customer service and selling customer goods (beverages). A business like this doesn’t use much IT as they don’t sell products/services online and use simple computer systems in their shops and stalls. It’s important to ensure th at employees have correct policies, that maybe more fair or more strict depending on their work and (or) progress. These policies can be a case of firing an employee or rewarding the employee with bonuses. The purpose of these is to make sure progress in t he business is made and there to protect them and personal data such as names, addresses, contact numbers, etc. Security Plan for a Small Office or Home Network (P4/P5/P6/M3/D2) Ajay Jassi Limiting access for employees in a business is essential, so they don’t have full control over the systems and cannot change any setting that ma y possible affect the system for business or general usage. Limiting access could also mean limiting software and hardware. This is similar to permission control. Prevention Firewall: Firewalls are used to manage organisations internet and permission control whilst using web browser and surfing the internet. These are used to filter out what can be authorised or what cannot be. These can be done separately on each computer system, or can be done as a server in the network for all the computer systems in site and connected to the server. It is more ideally to use a server based filter as it more reliable and is easier to manage as a technician doesn’t have to go around sorting each syst em individually. Microsoft operating systems such as Windows 7 have a built -in firewall, which can be enabled as well as on severs and on hubs, to ensure extra protection. Antivirus : Antivirus software are used to prevent threats such as viruses and spyware. Behind a spyware is someone classified as a ‘hacker’. The hacker can have access into the computer systems, allowing them to view and read data. These affect a business as personal information and private data such as customer databases are known, which is against the data protection act. These hackers could be in the situation of being in a court sentence, if caught. Viruses could affect the computer system and business in many ways as there are many threats. An example maybe that the virus doesn ’t allow users to use the internet, which will affect the business as they relay of the internet for everyday activities such as emails. Having a reliable paid subscription antivirus is the best way to keep safe, as this includes features which free and tr ial products don’t include. These subscriptions can be brought in bulk for all the computer systems in the business, which will be cheaper than buying each one separate. It is also important to run the software everyday so if threats are found they can be removed easily. This would also keep the systems running smoothly and fast. Operating systems: Operating systems have security feature built -in which protects the computer systems. These include features such as firewall, patches and constant updates. It’s important to keep operating systems kept up -to -date, as new features are added which keeps security secure and running. Updates can be updated automatically which is recommended, however can be done manually or scheduled by choice. To change these setting s administration rights are required. Removal of data : When removing data, it is very important to ensure that the data is fully gone, and cannot be recoverable. Data can be wiped from a hard drive from deleting the data from wipe unities . Another method is by psychically destroying the hard drive, by doing this the hard drive will not be reusable. Security Plan for a Small Office or Home Network (P4/P5/P6/M3/D2) Ajay Jassi The best way to get rid of data on a hard drive, is by doing a full wipe, and then physically destroying it with a mallet/hammer. This is so the hard drives ar e not at risk of being reused, as data may not having been removed from different compatibilities and errors, and therefore at risk if sold to someone else or reused. Administration controls Access control: Access control allows the administrator to restri ct other user’s controls and usage over the computer systems. This can by not allowing users to go in the control panel, changing settings, personalising systems or any modifications that may possibly affect the computer system for daily business usage by employees. An example of this can be by changing the mouse setting, the keyboard setting and the font settings which isn’t normal and (or) ideal for employees to use. It is ideal for the employer to limit control over the systems to employees, to keep eve rything running smoothly and to ensure that they can’t change any settings that could affect the entire business, such as turning off the firewall. Permission control: Permission control is used for administrators to only allow users to use or access somet hing with permission only. The permission in computer system cases is an administrator password. The permission controls can be used for software, updates and for downloads. This is to prevent employees getting viruses and threats on the computer systems, as they may not concentrate or have the correct training to make them no aware of viruses they are downloading. Permission controls should be used, as this wouldn’t allow employees to do whatever they want on the computer systems. Webpage restrictions: In workplaces/schools networks are restricted on the internet, so employees/student cannot access whatever they want and do whatever they want, that isn’t related to work. An example can be a business blocks gaming websites, so that employees can’t play ga mes, and do the set work instead. However this shouldn’t have to be required in a business, as if an employee is caught playing games during working hours the employer could immediately fire them. Webpage restrictions such as social media should be blocke d as employees will often want to keep updated and will look on their mobile phones, which are connected to the organisations servers and network for communication such as emails and free calls and messaging. Example of these apps are Viber and WhatsApp. Cloud s torage Backup data online is very useful as the risks are low from the data being lost or stolen, as it is very hard to hack big organisation such as Dropbox, Google and Microsoft. The benefits from having backups online is that it will save the bus iness money, instead of having their own storage service which can be very highly expensive to maintain and repair. Also if data is lost or stolen the fault relies on the online organisation . However a major disadvantage is that an internet access is requi red at any time when files want to be read or copied. Security Plan for a Small Office or Home Network (P4/P5/P6/M3/D2) Ajay Jassi Accounts for the organisation should also have a strong password, which is unique to any other in the business following the password policy. A trustworthy organisation which offers the best services is Google, as they offer large amounts of storage for reasonable prices. However if the business is a Microsoft corporative, having backup storage with them will offer benefits such as reduced costs and extra services. Security improvements/Action list 1. Insta ll more CCTV cameras inside and outside the building site of the business. 2. Installing an alarm system for the business building site. 3. Lock down the systems to desks/ground, using security cables. 4. Purchase an updated antivirus subscription and configure it on all the computer systems. 5. Install a better and more reliable spam filter software, which Microsoft recommends. 6. Create separate user account for each employee and create different passwords for each using the password policy. 7. Purchase and configure the same version of Windows 7 onto the systems which don’t currently have it, or upgrade all the computer systems to Windows 8. 8. Schedule the system to automatically update patches and software. 9. Create a secure password for the wireless network using the password policy securing it with WPA2. 10. Setup an additional backup onto a portable hard drive, and secure it into a safe. 11. Protect data with a storage unit organisation, as this option is very secure as security is taken care with 24/7. 12. Backup data online us ing a reliable organisation, such as Google and (or) Microsoft. 13. Update the ISP router to the latest version which is compatible with the networks, servers and computer systems. Implementing and testing Firewall As seen in the screenshot, the firewall is activated to the network ‘JASSI’, this means that no viruses or threats have affected the computer system over a time period. The firewall therefore runs smoothly and is protecting the system from any upcoming thr eats. Security Plan for a Small Office or Home Network (P4/P5/P6/M3/D2) Ajay Jassi Antivirus software Security Plan for a Small Office or Home Network (P4/P5/P6/M3/D2) Ajay Jassi As seen in this screenshot s the computer system is secured with a paid subscription McAfee Total Protection. The antivirus software also has extra features as seen, such as a built -in firewall, parental controls and backup pr otection. The screenshot was taken after an updated scan, which shows the computer is clean and secure. Backups As seen from the screenshots the system is scheduled to backup selected data every week at a certain time, and day of choice. This can be chan ged to ever hour or day or month if wanted. Personally I think once a week is ideal, as this shouldn’t be the only method of backup. This screenshot was taken before the backup was performed. Backups can also be restored using the recovery utility undernea th. Cloud Backup Security Plan for a Small Office or Home Network (P4/P5/P6/M3/D2) Ajay Jassi As seen from the screenshot Dropbox is being used to store data on the cloud. A desktop version has been downloaded from the organisation’s official website, which makes it easier to view, copy and store data. This is done by a simple drag and drop structu re, which is very fast and user friendly. An account for this is required and an annually payment of how much storage is needed which varies in price. As shown the files upload to the server very quick, as the green tick’s means the files are up to date. T his is also shown on top of the recently changed tab. Operating systems Firstly Windows searched for updates automatically. This was changed in the settings to make important updates install automatically as users may forget to manually check for updates . Two important updates were found and automatically started to install in the background with awareness from the user. After the updates were installed, a notification came up after telling the user that the updates were successfully installed without any errors. This shows that the Microsoft servers are working , which shows it is reliable therefore would want users to use their other services such as their storage cloud, and office suite which helps business. To ensure that the automa tic and scheduled updates worked, after updates were checked manually and as seen there is no important updates that are available. Security Plan for a Small Office or Home Network (P4/P5/P6/M3/D2) Ajay Jassi Permission access Permission access for limiting times, software and games can be changed in the family safety s ettings in the user accounts control panel. This is a simple way to manage what a user can do and what they cannot do. As seen in the screenshot the program limits are on and the games rating is at no games. This means that the user would only be able to u se certain software and application without permission of an administrator. Security Plan for a Small Office or Home Network (P4/P5/P6/M3/D2) Ajay Jassi Webpage restrictions Webpage restriction can be done by using Windows Live Family Safety which is built -in Windows 7. This feature can be enabled underneath the parental control settings. This requires an administrator logging into a Windows email account to manage the user on the computer system. Once the account is logged on, the administrator may manage other features as well, which is already in the parental control that doesn’t require logging into an email account. These settings can be personalised by aspirations, but the best method would be by having an allow list only, as users will still have some sort of freedom on the internet if on any given option. It is also recommend to block the user downloading anything, as it may be a threat to the computer system. Security Plan for a Small Office or Home Network (P4/P5/P6/M3/D2) Ajay Jassi Evaluation The firewall and anti -virus software worked brilliantly compared to before where there was only simple feature s in a free trial. This will ensure th at threats are removed if any quickly. These extra features will benefit users as it will give them less hassle finding out a method to be secure. An example of this is the built -in webpage safety feature. Cloud storage is one of the best method of backu p, as the data is safe from being physically damaged, as they are saved on many servers internationally, therefore if UK’s servers for the organisation gets corrupt/ruined there’s many backups to be recovered from. Permission and restriction controls for t he organisation worked well, as employees got on with the work progressing for the business and all the computer systems are still running smoothly without them being able to do much. Overall the security plan, was a huge improvement towards the organisati on as they didn’t start off with much security that was very effective. Now that these security measures are taken, the business will have a lower chance of threats. However the plan isn’t perfect and there could have been some improvements on the way it h as been approached. An example of this could have been doing the security features in a network /server form, instead of doing it individually on each computer system.

Everyone needs a little help with academic work from time to time. Hire the best essay writing professionals working for us today!

Get a 15% discount for your first order

Order a Similar Paper Order a Different Paper