SECURITY POLICY

Executive Summary Minisoft Systems Security Policy



System Security Policy for Minisoft: Executive Summary

Objective or Abstract

In making a security policy for Minisoft, we aim to assure adequate measures against security breech. The policy also entails measures to prevent a disaster strikes and be back up's ran within a few hours, so adequate backup procedures will help to achieve this goal (Marcinko and Hope 2007). All users will be authenticated and adequate confidentiality will be maintained with respects to personal data.

Scope

The Security policy is intentional to maintain the safety, control and manage the assets of the organization's information. These policies are mandatory to cover all information within the organization which could include data and information that is: * Stored Data * Personal information of employees * Business record * Profit reports * Product ideas (Zanin 2004 136-145).

Responsibilities

Each employee will be given access to the network and issued a user name. Passwords will be given along with the user name; all passwords should be 8 or more characters long including numbers, letters, and two special characters. Passwords will have to change every 4 months. Customer information will not be saved to the lap tops; customer information will be copied into the main computer nightly (William 2001 34-68). All personnel will be reprimanded if they leave confidential information on desks after working hours. All users must log off when leaving their workstations at the end of the day or when on breaks.

Physical Security

Only management will have a key to the door keys, server room, or any locked file cabinets. A vendor's log will be filled in to reflect all pick-ups and deliveries. A store employee must sign the log to record the time of the pick-up, or delivery with the date and the name of the delivery company. The security room will have a log of all deliveries along with all the video surveillance equipment delivered to the store. The security room will stay locked at all times. A security guard will watch the surveillance of the store during store hours and will intercede when necessary to keep the store safe from vandalism or theft.

Network Security

For the first, network security is possible through establishment of firewalls. Firewalls protect the network from external threats, providing strong access control, secure user authentication and data encryption capabilities. Often, however, a serious threat to network security is due to internal users. Because the firewall capabilities to ensure network security are well known, providing the necessary internal security of the operating system with installed firewall on relatively little attention

In this regard, the abuse of the privileges of the operating system compromise network security. Users with access to the host operating system could endanger the availability and integrity of the firewall and open network resources for both internal and external attacks.

To ensure an appropriate degree of security for firewall-application and protection from threats from the users of the operating system requires the use of fortified operating systems. Fortified operating system can secure firewall, restricting access to ...