1.5 Pages are required
You have been hired as a security specialist by a company to provide methods and recommendations to create a more secure environment for company data.
Write a 1- to 2-page recommendation paper outlining methods the company should consider to protect access to data, including recommendations for policies to be enacted that will increase data security.
Submit your assignment using the Assignment Files tab.
Security Policies
Investing time and money needed to work on developing security policies to better protect information systems is a crucial aspect of business continuity, yet many companies attempt to cut corners and spend little time on this until a critical event occurs. In this scenario, data is compromised while key stakeholders begin to point fingers and blame others for lack of a solid security plan. Implementing security policies and procedures can increase data security thereby decreasing the threat of potential security breaches. This paper will highlight security policies that can help protect data and information systems.
Security Policy #1
The first recommended Security Policy to help protect access to data is to implement a requirements-based access control policy. Requirements-based access control helps specify the level of access a user has, and can control what he/she has access to. The easiest way of doing this for example, would be to create groups/group policies in Active Directory Domain Services that will specify the groups level of access. This way, when new employees are hired, once they are added in Active Directory, they can be assigned to the department or group they are in to have a basic level of access. Moving forward, a user can be modified to gain or have access removed on a user level, but will at least have a baseline of what they can access. This is a very important concept as this helps with keeping lower level users from accessing more confidential documents that they have no business accessing. The users will be able to login to the workstations by using a provided username and require that a complex passphrase be set up to gain access to the system.
Security Policy #2
To help better our data security, there will be limited access to the main server and equipment room. Access by key card will only be given to approved Network Engineers. This allows for better security rather than allowing all users with a card key the ability to access the room. Implementing a system that allows us to control user’s individual access to certain rooms from their card keys allows for better all-around security. This also helps prevent unauthorized users gaining access to rooms without a key card. Currently, the main server room remains unlocked during and after business hours. It is too accessible to unauthorized employees, visitors, vendors, and customers. While we do have video surveillance inside and outside of the building, the cameras currently do not record footage of any events. Additionally, if a person is able to gain access to the building, without controlling their access, they would be able to access the server room as easy as accessing a room without a door present.
Conclusion
In conclusion, these additions to the current Security Policy will improve our data security. Implementing group policy settings on a requirement based policy helps to control what each user has access to and prevents lower level users from accessing highly confidential data. Finally, implementing physical card keys that can be configured to provide access to certain rooms based on the user’s security level also improves our physical data security.