A security plan provides details for the organization of the security activities that are within a given computing system describing the current situation as well as a plan for the future ( Nielsen, 2015) . As such, a security plan describes the approach and style that an organization intends to undertake to ensure security. As a software developing company, a security plan is essential in helping protect the company from cyber-attacks in addition to offering a guideline for access control and enhancing personal employee safety. The policy of the organization is to provide system protection for data from leakages and loss that may result from cyber attacks, thus ensuring data integrity. It is worth noting that the responsibility of data protection for the organization rests with all employees ( Nielsen, 2015) . In the current technological era, cyber-attacks can be initiated on the organization's infrastructure using leaks, viruses, and worms. Even though computer security technologies have matured substantially with the existence of expertise on the protection of networks, computers, and software, there is a need to develop and adhere to organizations’ security plans ( Nielsen, 2015). In efforts to keep cyber attackers at bay, all employees will have accounts which have secure passwords. Adopting secure passwords will enable the creation of passwords for every site visited. Emphasis is put on keeping passwords private to ensure that no employee accesses another employee’s account. Since the employees are rotating, unused accounts will be deleted to prevent attackers from accessing the company's network using old credentials, thus necessitating constant housekeeping in user accounts. In efforts to add an extra layer of security, a two-factor authentication will be adopted, thus making it harder for potential attackers to get into the employee accounts. The two-factor authentication procedure will involve the user-controlled password as well as a one-time password received by an authenticator to provide access to user accounts. Updating software used at the organization adds into the security plan noting that cyber attackers look for vulnerable systems using specific software. Further, it will be critical to create fire-walls that will make it harder for attackers to access the company’s systems and networks while incorporating intrusion detection systems to assist in determining when the networks and systems have been targeted. Creating a centralized threat management system would enable the functioning of intrusion detection. Creating access control within the organization is integral in ensuring physical and procedural security within the facility. Entry at the facility’s premises will be controlled using a card access control system. In addition, a biometric access control system will be employed at the server rooms and other restricted rooms where only a few employees have access. Biometric access control will be critical in providing data regarding the entry of employees into these high-security areas. Noting that the organization may suffer due to compromised insiders, it will be required that employees do not connect their electronic devices such as phones, tablets, and personal computers to the company’s network in efforts to protect the systems from infection with viruses or worms and other malicious files. Further, the facility will be fitted with closed-circuit television to monitor the conduct of employees during their time within the facility. Additionally, thermal imaging will be used at the gate in efforts to determine intoxicated employees gaining access to the company's facility, which may have a significant impact on personnel security.
References
Nielsen, R. S. (2015). CS651 Computer Systems Security Foundations 3d Imagination Cyber Security Management Plan. doi:10.2172/1171665
Delegate your assignment to our experts and they will do the rest.
