Computer IT Security Implementation Term Paper

Pages: 10 (3195 words)  ·  Style: APA  ·  Bibliography Sources: 0  ·  Level: College Senior  ·  Topic: Education - Computers

SAMPLE EXCERPT:

[. . .] The project entails relying on the Open Systems Interconnect (OSI) Model defined by the International Organization for Standardization (ISO). The goals and objectives are to first create a Baseline Security Level and also to manage to Real-Time Security Metrics. This goal entails the objectives of defining an executive and corporate wide audit of the existing data security process and evaluating organizational performance for all major components and key security metrics to verify that they do or will meet industry standards. Next come the objectives for systematically developing sourcing and supplier criteria for potential or future purchasing agreements of all new products and services.

The second priority goal would entail defining and executing assessments of application-based security systems and process on a periodic schedule. This is mission critical because of the implications for potential threats from viruses in either files or e-mails. These types of worm, trojan or other viral infection in servers has the potential bring the entire system down. E e-mail security will need consistent and affective scanning to eliminate or reduce the opportunity of unauthorized access to organizational systems that could damage company operations. The main objective would be to create viable e-mail monitoring policies consist with documentation for managing all internal and external e-mail traffic. The next objective for this goal would be to evaluate all hosted or Software-as-a-Service (SaaS) applications such as Google Apps, Google Documents, or any others process application based on cost and convenience and statuary licensing policies.

The third goal would be to create a scenario that is consistent and can maintain necessary security standard compliance needs. The initial objective of this goal is to clearly define the SSL as a company protocol for wireless and the well placed WiFi network transmitters and routers throughout the company to promote optimal communication capabilities with the safest number for security needs. The next goal objective is to take into consideration the potential for growth and defining security standards that will be able to evolve with and for application level and operating system upgrades.

Project Timeline: Explain why you did or did not meet the timeframes set for your project.

Completing the project on time and within budget is always a positive expectation. In this case, the expectation set forth by forecasting and anticipating some expectations and unforeseen delays is a timeline to completion of 90 days. This phase of the process allows for the documentation and testing of the mandatory benchmarking needs of the new IT Security Policy Plan. Documentation as a new system requirement is often overlooked as a necessity because it is time consuming, but the drafting of a verbal blueprint of the existing levels of security across applications, operating systems, servers, and network integration points is critical to the upkeep of the system. So all though the process adds man hours of time, the overall success of the system and the ability of the system to evolve requires the additional step. There will be some additional time in man-hours for internal resources such as cross-functional teams that have the responsibility to assist in measurement of key security metrics and real-time dashboards development.

An additional six months will be required to create and test the application security strategy which will evaluate applications, servers, and e-mail security and then offer viable security updates. Another 3 months will be needed for support for the IT staff and senior management. The finance and functional department leaders will also be updated to ensure that the applications are managed properly. Total time will be one year.

Project Development: Explain what your project actually accomplished. Explain each of the following:

Problems encountered and how they were solved

One of the most blatant problems encountered was that the staff of the company was not as well versed in network protocol as should be expected. Having a staff that is not well versed in the overall system could lead to many security breakdowns from accidentally giving up a password to downloading viruses through the email process. This system was discovered and solved by creating an additional step in the final implementation process. An all employee mandatory awareness training will be added. This process will address the many new and existing security awareness concerns of the organizational staff. The system security team and administrator will conduct this training and that pretty much will help ensure that the program will have a better chance at a successful outcome. This training will be provided at different levels so as not to overburden minor staff and not to underwhelm major staff. For example, executives, high level managers and system administrators, security officers and all of the individuals with access to organizational data of a secure nature will have a very different training than factory level employees. Additionally, staff training should be re-run on a periodic basis such as a bi-annual schedule and all new hires should be given the training. To ensure compliance, staff that has completed training will be required to sign a written certification statement which will help the security officer and team enforce with management the company security policies.

Reasons for changes made to your original plan

The first phase of the project was focused on enabling measurement of the level of security present. The audit specs needed to be altered to include cost factors for first security audit. One of the least considered concerns other than obvious infrastructure gaps is the affordability justification. Fundamental principle yield is different based on class of service and can be defined at the high-priority classes during peak periods of demand. But this audit did not take into consideration the low periods of demand when discount classes attract higher levels of demand. System capacity and cost have historically stopped certain testing obligations because of infrastructure investment. It is difficult to test for things that may or may not happen, but it is also difficult to justify stopping a company from expecting return on their investment. The IT Security Policy Plan will be reevaluated for this phase to gather associated costs of new software, server, workstation, and network hardware compared to utilizing existing hardware and infrastructure with only software migration as a second option as well as justifying keeping system administration in-house or outsourcing.

Unanticipated requirements or components that needed to be resolved

One of the most important but unanticipated requirements of a new system is the simple process of auditing all existing security programs. These programs should be audited regularly and randomly in order to maintain their new effectiveness. The new security officer or system administrator will be given the authority, in writing, by the head of the company in order to conduct these audits of the programs based on the IT Security Policy Plan. This is a critical need because of the inherent legal ramifications. If this authorization is not granted in writing, he or she could literally be held accountable and subject to legal action for malicious conduct. To minimize unanticipated requirements, random and scheduled audits should be conducted and may include:

• Password auditing using password cracking utilities such as LC3 (Windows) and PWDump (Unix and Windows)

• Auditing user accounts database for active old accounts (people no longer employed)

• Penetration testing for vulnerabilities using technical assessment tools such as ISS

• Social Engineering to determine if username or password offered by staff

• Simulate (off hours) network failure with response team's performance

• Test back-up recovery procedures

• Monitor critical binary files

• Configure Server audit of all events and monitor several times

• Use a port scanner within network to catch traffic action

Actual and potential effects of your project

Meeting the organizational need for higher levels of security across the entire network system will be the biggest benefit of implementing the IT Security Policy Plan and process. No longer will the network administrator have to fret over the majority of PC's and laptops communicating via WiFi throughout the company. In addition, the three servers that maintain the organizational website, e-mail systems and database application servers will also be more secure and easier for the network administrator to maintain. One hidden benefit is the overall process of IT Security Policy Plan documentation. The entire new IT Security Policy Plan system will be fully documented and a complete network blue print will always be available for existing administrators as well as future technicians working on the future evolutions of the system. This benefit is over looked but indispensible in times of networking issues that may arise at some future time. Operating systems will also have new levels of security to help create an atmosphere of renewed system confidence in all aspects of packet communication.

Your conclusions about the success and effectiveness of your project

In conclusion, all small corporations are forced to toil in conditions of conflicting information technology. In this case, the proposed IT Security Policy Plan will eliminate most instances of… [END OF PREVIEW]

Four Different Ordering Options:

?

Compare the Four Ordering Options

  1. 1.Buy this paper with your credit card or cash balance at PayPal.  Within 10 hours, we'll send the Microsoft Word file to the email address on your PayPal account.
  2. 2.Same as #1, but we will also remove the paper from our site for 30 days!
  3. 3.Need this paper immediately?  Want to individually download any of our 175,000+ exclusive, private, non-plagiarized papers for 30 days?  It takes only 2 minutes to subscribe and get instant access!
  4. 4.One of our highly experienced experts will write a brand new, 100% unique paper matching the exact specifications and topic that you provide!  You'll be the only person on the planet to receive the one-of-a-kind paper that we write for you!  Use code "Save10" to save 10% on your 1st order!

1.  Buy the full, 10-page paper:  $24.68

or

2.  Buy & remove for 30 days:  $38.47

or

3.  Monthly access to 175,000 papers

After paying, this link will download any paper(s).

or

4.  Let us write a NEW paper for you!

Ask Us to Write a New Paper
Most popular!

Security Awareness the Weakest Link Case Study


Security Policy Term Paper


Security Policy Dr. Fossett's Dental Office Term Paper


Information Technology (IT) Security Implementation Research Proposal


Security Issues of Online Communities Term Paper


View 798 other related papers  >>

Cite This Term Paper:

APA Format

Computer IT Security Implementation.  (2009, November 24).  Retrieved December 9, 2018, from https://www.essaytown.com/subjects/paper/computer-security-implementation-provide/344279

MLA Format

"Computer IT Security Implementation."  24 November 2009.  Web.  9 December 2018. <https://www.essaytown.com/subjects/paper/computer-security-implementation-provide/344279>.

Chicago Format

"Computer IT Security Implementation."  Essaytown.com.  November 24, 2009.  Accessed December 9, 2018.
https://www.essaytown.com/subjects/paper/computer-security-implementation-provide/344279.