Security Policy Document Project

Security Policy Document Project

Project Deliverable #1: Security policy Outline

This Security policy document aims to discuss the Network Security Policy for the company GDI. The network Security policy is able to discuss different policies related to network such as; password, sever security, audit, wireless communication policy, information sensitive, risk assessment, EMS network and computer acceptable, anti-virus guidelines, automatically forwarded email policy, analog line, and VPN policy. This security policy document will cover several aspects of the network policy. It is essential to develop the security policy as company is running through the dangerous phase. This document will set out the organization's policy for the protection and confidentiality of the network (Wood & Lineman, 2009).

This document will provide the security responsibilities for network security and document is discussing about the documentation that is relevant to the policy.

Aim

The aim of the policy is to provide the security of the GDI's network and in order to this trust will ensure availability, ensure that the network is for users, and defend confidentiality.

The aim of the policy is to protect the network from unauthorized access and brings accuracy and completeness of the assets of organization.

The aim of the policy is to preserve the assets of the organization against unauthorized disclosure.

Scope of the Policy

This security policy is applying to all networks of GDI used for:

The storage, sharing and transmission of the important data through FTP bridgehead server which is situated in the DMZ of the organization

The storage, sharing and transmission of the encrypted and copied o the FTP server through automated replication

The storage, sharing and transmission of the data processing by twin IBM system/ 390 mainframes

Policy

The entire Network Security Policy for GDI is featured below:

GDI have the information network which is available when required and access by the legitimate users and also have the complete and accurate information (Singh, 2012). The network of GDI is able to recover and withstand against the threats to confidentiality and availability. In order to meet the targets, GDI will take the following. GDI will:

Safeguard all the hardware, software and assets of information under its control. This is done by implantation of the well-balanced technical and non technical concerns.

The policy will provide the cost effective protection because costs measures should also be taken in to consideration as company do not want to spend more than the budget.

The policy should be implemented in a cost effective and timely manner.

Where relevant, GDI will comply with:

Copyright, Designs and Patents Act 1988

Computer Misuse Act 1990

The Data Protection Act 1998

The Electronic Commutation Act

Freedom of Information Act 2000

GDI will also comply with all other rules and regulations of the country.The policy is approved by the Computer Security Program Manager (CSPM)

Risk Assessment

GDI will cover the security risk assessments in respect to all the business process covered by this policy. These assessments of risk will undertake the aspects of network that may support the business process (Singh, 2012). The risk assessment is able to investigate the appropriate security countermeasures ...