The Security Plan Assignment , Involves The Design Of A Security Plan

The Security Plan Assignment , Involves The Design Of A Security Plan The Security Plan Assignment , Involves The Design Of A Security Plan Based On A Given Case Study â€" Essay Example > Security PlanIntroductionInformation security refers to the assortment of technologies, policies, standards as well as management practices, which are used to keep information safe. In the current technology environment, firms are depending more on their information databases. Members of the public that are doing business with some organizations are more and more concerned regarding the correct use of their personal data. A wide range of threats to organizational information systems relating to terrorists and criminals are on the rise. Therefore, most organizations recognize information as a functional area that should be protected through the use of effective security plans and systems. Efficient and effective information security plans need commitment and direction from both senior management and subordinate staff (Khosrowpour, 2001, p. 141). A recent review of an organization’s information security control system established some deficiencies in certain key areas including, i ncident response, business continuity and disaster recovery, social engineering use of personnel, lack of employees’ awareness on the range of information threats, and defective password security. In this paper, a security plan will be designed based on this audit. ObjectivesThe general objective of this research is to develop a security plan to address the current and potential threats to the organization’s information. The specific objectives of the research include; To identify and elucidate the physical, human and electronic information holdings of the organization that may be at risk. To find out and describe the real and potential physical, human and electronic threats to the information holdings of the organization. To devise a security plan that expounds the physical, human and electronic measures to control the information holdings’ threats. To set up detailed information security awareness and education program including tested and innovative processes to enhance se curity and measures to assess the plan’s efficacy. To give recommendations on any necessary changes that may need to be done to the security plan to improve the organizational information security in the future. ScopeThis research will cover the information holdings of the organization that could be facing threats including physical, human and electronic holdings. It will also talk about the real threats that these holdings face. In addition, a security plan will be developed that will aim at countering the identified threats. The plan will also be based on the organization’s information security audit findings which comprise of incident response, social engineering use of personnel, business continuity and disaster recovery, lack of employees’ awareness on the range of information threats, and defective password security. Moreover, the research will cover an education and awareness program on information security for the organization which is to be used by the management, e mployees and contractors. Organizational information holdings at riskPhysical holdingsThere are several physical information holdings for the organization that are at risk. To start with, a big percentage of organizations use computers to record and analyze information. According to Quigley (2005, p. 35), such computers are at risk of being either stolen or people can access them without permission. In addition, servers are used in organizations to distribute information to the different functions within and outside the organization. The heads of the functions then distribute information to the personnel working under each function as well as to stakeholders that have business links with the organization. Servers are physical information holdings which are at risk of illegal access. Moreover, the organization use office telephones to communicate both within the organization and also to make external calls. Different employees are charged with receiving and making calls for differe nt purposes. However, there are cases where some employees may receive calls that are not meant for them and thus end up receiving information that they have no permission to. Another physical information holding is UPS which is used to avoid computer data loss from unexpected power failures and computer breakdowns. People with intentions to tamper with the information of the organization may interfere with the UPS to facilitate data loss. Furthermore, organizational information that is in hardcopy is at a very high risk since it can be stolen, read or amended. Besides, organizational information is stored in offices or rooms which can be broken into. Thus, such storage areas are at risk.