Executive Summary
The increase in demand for data driven service at GDI is the source of emerging security and system integrity risks. The firm needs to implement policies to address these issues to reduce the impact of the associated risks. The critical assets requiring policy protection include the 81 remote facilities, data encryption and transmission infrastructure, the data processing center, the network architecture, and the outsourced services. The security architecture required to implement these policies follows along the lines of the current network architecture. The levels required include security at remote locations, data transmission security, datacenter security, and security for the web and network servers.
The specific policies identified for the task are in six threat areas. Policies under the remote facilities are computer security policy and software security policy to address network access, and internal or external cyber attacks. Under data transmission, the policies identified include wireless security policy, storage devices security policy and email security policy. These policies address the data transfer risks associated with the network. The data processing center needs a hardware security policy and a network security policy to control physical access and network access on location, and from remote areas.
Policies related to the server room include the server-room security policy, web-server security policy, and the network-server security policy. These policies aim at ensuring the servers do not suffer physical damage or damage from cyber attacks. The system architecture will require a systems architecture security policy to provide a coordinating platform for the network policies. Finally, outsourcing risks require an IT services outsourcing security policy to ensure thorough vetting of vendors and identification of mitigation measures required to address risk exposure due to the vendors.
Introduction
GDI’s operations are growing more reliant on IT systems. This reliance is increasing data related risks for the company (Goedeking, 2010). Increasing traffic and demand for data services both internally and externally also means that there is need for policies to address the efficiency and maintenance of the IT infrastructure to ensure that all services proceed optimally (Jeffrey & Norton, 2006). This document presents twelve critical policies for GDI necessary for the creation of a secure IT Environment.
Summary of Critical Company Assets Requiring Protection
GDI has a number of assets that require protection. These systems require protection because of several reasons. Some of them could be sources of potential breach, while others carry sensitive information, which can harm the company if outsiders get access (Dube, Berner, & Roy, 2009). In addition, some are critical for the efficient operation of the company’s data systems. The list below shows the network architecture systems considered vulnerable to security and performance threats.
- The 81 remote facilities linked through the WAN are a potential sources of threats.
- Data encryption and transmission infrastructure are susceptible to interception (Goedeking, 2010).
- Data processing centre, with the twin IBM System/390 mainframes are critical to essential operations.
- The network architecture, with centralization as a policy for a large and growing organization is a risk (Goedeking, 2010).
- The outsourcing of services can expose the firm to the risks of the vendor (Dube, Berner, & Roy, 2009).
General Security Architecture of the Company
The proposed general security architecture has the following elements
- Remote sites security applications
- Data transmission security (encryption and transmission)
- Data center security (mainframe, microcomputer cluster)
- Web server and network server security
Specific Security Policies
The design of the security architecture relies on the current network architecture. The table below presents the policies that address each of the issues raised as part of the security architecture or as part of the method of reducing the vulnerabilities in the IT systems.
Table 1: Security Policies.
Conclusion
The Implementation of these policies will enhance the overall information security of GDI since they dress all the critical threat areas. They will give GDI more advantage in its operations by reducing risks and increasing recovery options in the event of a catastrophic failure in the systems.
References
Dube, L., Berner, C., & Roy, V. (2009). Taking on the Challenge of IT Management in a Global Business Context: The Alcan Case – Part A. International Journal of Case Studies in Management , 7 (2), 1-13.
Goedeking, P. (2010). Networks in Aviation: Strategies and Structures. Heidelberg: Springer.
Jeffrey, M., & Norton, J. F. (2006). MCDM, Inc. (A) IT Strategy Sychronization. Kellog School of Management , 1-9.