430 W4 JM Enterprise Security Program

The Information Security Policy (ISP) is a statement or integrated set of guidances regarding the protection measures applied throughout the across the state bank (ASB) to ensure a secured business operating environment. The information security policy of ASB can define the desired behaviour of the organisation and plays an important role in the protection of their assets, information and interests (Paananen et al., 2020). The proposed policy can address the following requirements of information security such as; data confidentiality, data integrity and data availability.

The aim and objectives of the ISP are to ensure the implementation and maintenance of the high level of information security in the ASB. Also, define the requirements and principles of information security management required to ensure the security level in ASB.

The proposed information security policies are:

The establishment of this policy describes the acceptable selection and maintenance of the password requirement. This policy describes the guidance about the usage and creation of the passwords in a way that reduces the theft of misuse and maximizes the security of the password. The policy will apply to everyone who accesses the ASB system including the computers, laptops, computer devices, servers and other electronic services. The password management policy is to that create strong passwords as per the guidance of the ASB (Anand, Balakrishnan & Susila, 2018). The strength of the password will enhance by increasing the complexity, length and frequency of changes. The guidance of password includes:

1) Use at least one upper- and lower-case letter.

2) Must contain at least 2 numeric and one special letter (i.e. @, _, $, *)

3) The length of the password should be greater than 8 alpha-numeric characters.

4) Password can’t consist of a single word or consecutive numbers that are easy to guess.

The establishment of this policy provides the protocol that highlights the guidance to protect the databases and E-mails. Emails are one of the main causes of spam and virus distributors which needs a proper protocol to protect the data to be corrupted or stolen. This policy’s purpose is to guide the ASB regarding the usage of the email system. This policy helps the ASB to reduce email-related security risks. The policy is implemented for all the employees, managers, owner who uses the ASB systems, assets and information (MM, 2022). The policy is containing the protocol for email opening, sending, sharing large data files, mass email, sharing sensitive information outside the ASB every step will be monitored carefully so that chance of containing any viruses or spam is reduced.

The establishment of this policy is aiming to develop mechanisms and precautions that protect the internal network of the ASB using remote access. As the technology gets advanced the usage of remote technology gets increased. That will bring out the security challenges as well such as network security and potential computer risk. A remote access policy guides the remote user that will remotely connect to the network. The policy covers the types of users who remotely access the network to the types of devices that can be used for network connection (Ndichu, 2020). The policies can be enforced by implementing manual and automated techniques that ensure that each user should strictly follow the policy that would reduce the risk of data hacking and corruption.

The purpose of the establishment of this policy is to analyze the software and procedures for ant-spam and ant-virus software installations. The objective of this policy is to determine the regulation and structure to initiate the means of ant-virus diagnosis and the regulation of their update and audit. To consistently ensure the information security from the malicious applications actions at all operational phases of the automated ASB system (Airehrour, 2018). The anti-virus standards include in the policy are;

· In every network machine, anti-virus protection should be installed.

· All the anti-virus servers, gateways and clients’ products should keep running continuously and timely generate audit logs.

· The update of the end-user system, server system and e-mail gateway should be done within the initial hours of software updates.

Assess the state bank is charged with protecting the bank’s electronic information systems and assets by using the routine and ongoing network security monitoring system and using the security monitoring technologies to identify and protect the network intrusion. The network security policy describes the principles for privacy protection, technologies to monitor the access of network and to monitor the change management procedures. The policy also defines the principle for reporting and auditing requirements for the technologies of network monitoring (Sun & Wang, 2019). The information security policy is authorized to operate and deploy the monitoring technologies on daily bases, the proposed monitoring technologies for ASB are intrusion prevention, intrusion detection, firewalls, network layer anti-virus and advanced threat protection, and NetFlow traffic monitoring.

This policy establishment aims to prohibit the access of any person who wanted to gain access to a computer system, software, network, data, application or another resource of the ASB without authentic permission. The three main objectives of this policy are; 1) confidentiality: the prevention of the data from any kind of unauthorized access, 2) Availability: the protection of the information systems or networks of ASB from any unauthorized disruptions and 3) Integrity: the prevention of sensitive information of ASB from unauthorized distribution and modification. (Wang et al., 2019) The policy stated that any user who finds any authorized security alert must report to ASB administration and don’t attempt to use the system until the administration investigated the issue. If using the centralized system of ASB must follow all the privacy guidelines to protect the sensitive information of ASB.

The incident response policy defines the protocol for security breakdowns and breaches in the ASB system. The policy describes the procedure how to monitor and reduce the security breakdowns in ASB and reducing the damages associated with the system breakdown. The policy objective is to ensure an effective and consistent security incident management approach, including the communication and identification of security weaknesses and events (Sabillon, 2020). The incident response policy of ASB is as follow:

· The establishment and management of the security breakdown system should be efficient and effective that ensure a quick, and orderly response to any privacy and security incident.

· The privacy and security events should be reported on urgent bases through proper management channels.

· The monitoring and assessment of the privacy and security incident should be done effectively.

· The response against the privacy and security incident should be in accordance with the documented incident response procedure.

The physical access control policy is for the security and system administration, technical support staff and other staff who have information resource access of physical facilities as part of their function. The monitoring and controlling of the physical access of information technology and resources are important for an overall information security system. The objective of this policy is to determine the rules and regulations for monitoring and controlling the physical access of information technologies and resources (Greaves, 2018). The physical access policy of ASB has applied to all the individuals the access to the state bank organisation who is responsible for the support and installation of information technology and resources. The policy includes the following terms:

· The policy related to physical access of technologies and information must be managed and documented.

· All physical security systems must be regulated with defined rules and prevention codes.

· All physical technologies and resources must be physically protected and access granted to contractors and personnel whose job responsibilities require facility access.

Anand, S., Susila, N., & Balakrishnan, S. (2018). Challenges and Issues in Ensuring Safe Cloud Based Password Management to Enhance Security”. International Journal of Pure and Applied Mathematics, 119(12), 1207-1215.

MM, N. (2022). REMOTE ATTESTATION TO ENHANCE EMAIL SECURITY.

Paananen, H., Lapke, M., & Siponen, M. (2020). State of the art in information security policy development. Computers & Security, 88, 101608.

Sun, Y., & Wang, H. (2019, October). Intelligent Computer Security Monitoring Information Network Analysis. In IOP Conference Series: Materials Science and Engineering (Vol. 612, No. 4, p. 042042). IOP Publishing.

Wang, J., Shan, Z., Gupta, M., & Rao, H. R. (2019). A longitudinal study of unauthorized access attempts on information systems: The role of opportunity contexts. MIS Quarterly, 43(2), 601-622.