Example of report on information security

Introduction

Management Controls
CEO of the company focuses directors to have best security policy so that their clients data should not go into wrong hands. As company deal with the development of banking software and takes financial data from banks so in case of unauthorized access company’s future is at stake. This means strong security is necessary for Company’s viability. So company has already updated network and its server by installing most advanced windows server 2008 and windows 7 is installed at all PCs in the head office. Securing Windows Server will be first priority of the company as it should be secure and protected from unauthorized access. Company has also hired professional IT network administrator to ensure check on data access
and data integrity. computer network WAN, LAN and Internet are been protected by server, Antivirus and firewall security.

Operational Control

Internet security policy is implemented to avoid access to any miscellaneous website. In this policy a proxy server is installed with limited access to internet but email is allowed as employees need to be communicated through email by the company. Proxy server is also used for VPN security as all links to internet pass through proxy server so that employees are able to access from remote access by a security check. Security of documents is implemented by the help of encryption software. Another data server is deployed at head office which is
separated from all servers and contains companies financial data this data server is not link to internet as company do not want to risk data in this server. Company have strict policy for software installation it allows only certain software installation on PCs and servers that are certified or recommended by Microsoft.

Technical Controls

In ABC company the remote-access type of VPNs offer employees to access their company’s intranet from home or while traveling as VPNs allow employees in offices distributed in various locations to share one consistent virtual network. Security of network can be at stake due to VPN so we also need to check how ABC company have control unauthorized access through VPN. Firewall rules are implemented according to security requirement. DNS and DHCP protocols are implemented by the company to have secure access to routers and IP security. DNS servers is used in the company to solve domain name for network containing resources. Whenever DHCP server go to registers or updates DNS address and a resource records is created on behalf of DHCP clients. This information contained an additional option for DHCP it permits client to interact through its FQDN by any instructions to DHCP server. Latest and most popular antivirus is installed on server and on all PCs and is updated on regular basis to avoid any system losses. Internet is a source of learning but it also effect companies operations, security and efficiency.
Data backup is automatically done on daily basis to avoid daily work loss so in case of any disaster this backup is stored and work is not lost for more than one day. Electricity backup is also provided by using UPS technology so that in case electricity breakdown occurs all systems will be working as normally and there will not be any type of data or information loss. Company have also internet connection from two internet providing companies one through land line and another through wireless system so in case any bad thing happens to land line wireless connection can be used. I case any hurricane stuck the city or office building destroy in case of fire or flood water enters in the city the data is updated on daily basis to another server at a data ware house and it can be used in such cases to recover data. The administration team consists of highly professional peoples that includes an computer Admin to lead network team, two CCNA certified network assistants to setup and run company network, a network security officer to ensure security and integrity of network and two more software installation experts for installation of secure are efficient software so that ram and other resources are efficiently used. In case of hardware failure of any system data could be copy from backup and restore for further use.

Concerns About security Policy

Conclusion

References

Ec-Council. (2010). Network Defense: Security Policy and Threats. Cengage Learning.
Huang, C. H. (2010). Network Security. Springer.
Wallace, M., Webber, L., & Webber, L. (2010). The Disaster Recovery Handbook:. AMACOM Div American Mgmt Assn.