Question

A small research company in Sydney is working to develop a new method of mass storage to replace current storage technology. Four engineers and an office manager working there. The engineers are highly skilled professionals, and the office manager is a capable computer user. The company has a high-bandwidth internet connection because employees must conduct research frequently. The employees have hopes of making a breakthrough and bringing the company public within the next two years. You have been hired as a security consultant to assess the company’s needs. Write a paper recommending what type of security policy should be used (open, moderately restrictive, or highly restrictive) and what security technologies should be used. On what areas should the security policy focus (Physical security, data security, auditing, passwords, and so forth), and what technologies should be used to secure these areas?

Please its very urgent i need it in few minutes

Answer 1

First of all let us understand that why do we need a security policy and what is it?

It is basically a protocol which is set by the organization in order to maintain the security of data in the organization. All the users within this organization need to follow these guidlines.

We need a security policy inside an organization because we have to prevent the misuse of data, applications and networks within an organization.

What type of security policy should be used?

1. Firewall Policy: Since there is high bandwidth internet connection, we definitely need a firewall policy so as to block unauthorized access to the network devices within the organization. If there is any cyber attack then that will also be detected using this.

2. Virus Protection Policy: Due to high internet usage, virus may attack. It will help in detecting any threats to the data files and some of them will also be removed. So, we need a virus protection policy.

3. Intrusion Prevention Policy: Attacks like browser attacks and network attacks will be detected by this and this will help in getting rid of them.

4. Application and Device Control: Since there are numerous users involved in an organization, we do need a policy which will help in managing the installation of various applications and devices connected to a particular system.

We need these policies in order to maintain integrity, availability and accessibility.

There are different policies like open, moderate, ristricted and highly ristricted. We need highly ristricted when the data we are using is highly confidential and moderate security policies are used when the data is more available for the users and it is not highly confidential, So it all depends upon the data and information that our organization has.

Types of Security Technologies:

There are a number of security technologies which can be used to in order to maintain the security of data in our organization.

1. Intrusion Detection System: This system is used to detect any malicious traffic that is trying to enter into the website. It will take necessary action by raising alert. As the entry of any malicious traffic is restricted into the network of organiztaion, no harm will be caused.

Like this we have intrusion prevention system, which will prevent any malicious attack from happening by taking necessary action against it.

2. Firewall: Whenever there is involvement of internet, we need network firewalls in order to protect the internet and our website from any unsual traffic. We cannot allow any untrusted data on our sytem. There are different types of firewalls and its implementation will depend upon our usage.

3. Antivirus: It is the most common technology that is used in cybersecurity. In order to protect our systems from the virus, we need an antivirus software installed on our systems.

A security policy should focus on the following areas:

1. Physical Security: It is needed so as to the protect our hardware devices as well as the softwares. Physical security is basically related to preventing our resources from any physical damage.

2. Data Security: Since we have a research organization, the sole focus should be on the data security as the data is highly confidential. We need to prevent our data and information from any malicious usage.

3. Password: Password protection should always be there so that no other unauthorised user can assess our information easily. We need to protect all this.