Law
Strayer University Bizyx Corporation Security Administrator Handbook

Strayer University

Question Description

I don’t understand this Law question and need help to study.

One of the responsibilities of a Security Administrator is to create and document policies that protect the organization and guide users to making smart decisions. In this assignment you will build a handbook that can be used for such a purpose. The NIST’s Special Publications Website, a government operated Website, provides several documents for you to review in order to see examples that may be helpful to start this assignment (http://csrc.nist.gov/publications/PubsSPs.html).

Other helpful Websites for this assignment include:

Additional resources should be used when necessary. Write a thirteen to twenty (13-20) page Security Administrator’s handbook including policies tailored to your work environment or for a business environment with which you are familiar. You may select a fictitious name for your organization for the purpose of this paper. Do not duplicate your company’s existing handbook. Create your own unique work based on what you have learned in this course. There will be two (2) major sections of the handbook: Main Body and Policies.

Section 1: Main Body

In five to seven (5-7) pages total, develop the basic procedures and

guidelines that the organization must address to properly secure its

corporate network and information assets in the followings seven (7)

items:

  1. Network Architecture and Security Considerations
  2. Wireless Security
  3. Remote Access Security
  4. Laptop and Removable Media Security
  5. Vulnerability and Penetration Testing
  6. Physical Security
  7. Guidelines for Reviewing and Changing Policies

Section 2: Policies
Develop the policies section of the handbook and include three to four (3-4) pages for each policy in which you define the policies used by the organization identifying the unique requirements of your industry. It must include, at a minimum, the following four (4) security policies:

  1. Acceptable Use Policy
  2. Password Policy
  3. Incident Response Policy
  4. User Awareness and Training Policy

To organize your policies and to give your policies structure, follow this sequential format:

  1. Policy Statement
  2. Purpose
  3. Objectives
  4. Standards
  5. Procedures and Guidelines
  6. Responsibilities
  7. Review and Change Management
  • Use at least five (5) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.

Student has agreed that all tutoring, explanations, and answers provided by the tutor will be used to help in the learning process and in accordance with Studypool's honor code & terms of service.

Final Answer

Attached.

Running head: SECURITY ADMINISTRATOR HANDBOOK FOR BIZYX CORPORATION1

Security Administrator Handbook for Bizyx Corporation
Student’s Name
Professor’s Name
Course
Date

SECURITY ADMINISTRATOR HANDBOOK FOR BIZYX CORPORATION

2

Security Administrator Handbook For Bizyx Corporation (Herein referred to as the company)
Network Architecture and Security Considerations Guidelines
Network architecture refers to how computers are arranged in a company and, based on
the organization, how the tasks are allocated to the computers. Therefore, policies that address
the architecture must tackle issues of network organization and communication protocols. To
secure its network, the company must first institute checks at various stages of the network.
Routine audits would be implemented in order to check the system for threats and security
vulnerabilities. These audits should be carried out frequently, that is quarterly, semiannually and
monthly, depending on the load on the network and how busy it is. In addition to the auditing,
antivirus programs should be installed so that they can run the automated scans that would help
identify threats in real-time on the network before such threats become realized and cause
damage. Another aspect procedure on the network is that of implanting a firewall on the
network. A firewall helps the business to limit exactly what can access the network and what
cannot. Therefore, legitimate traffic would be labeled and permitted to enter and leave the
company network, however, unidentified traffic would be blocked. This would protect the
network from random packets that can be sent by hackers to infect systems that allow every
traffic to get in.
Finally, for the network, the company must implement an intrusion detection system that
monitors threats on a network and suspicious activities. In case a threat is discovered, it is
identified and reported. Intrusion detection systems also scan the system for policy breaching and
can help the administrator on the network identify any application that attempts to hijack the
system through changing policies and overriding the set parameters. These basic procedures and

SECURITY ADMINISTRATOR HANDBOOK FOR BIZYX CORPORATION

3

policies are important in securing the company’s network from intrusion as well as other threats
that may be internal or external.
Wireless Security
This guideline is for advising the organization on how the internet, intranet, and extranet
shall be used in the organization to allow for increased production. The purpose of this is to
offset any challenges in relation to interference with access points, security problems( which
include risks, uncertainties, and threats) and the danger of diversity of devices in the network(
this highlights the permissions and device requirements for access to the wireless network)
(Heath, 2019).
The policy applies to all staff of the organization that is in range of the organization’s
LAN networks within the organization's premises and outside the premises. The development of
the organization’s wireless network is the sole responsibility of the organization’s network
infrastructure. The policy highlights the restrictions (this includes device permissions and user
restrictions), appropriate use of network (regarding sharing of passwords and accessing
inappropriate material rather than work material over the network), roles and responsibilities
(network administrators and managers), the regulatory framework around the use of the network
(including implementation strategy and enforcement) and the policy is distributed to all staff to
equip them with the knowledge. The guidelines are regularly updated and the update history
documented to ensure compliance with standards and regulations (Owens, 2019).
Remote Access Security
Remote access in today’s computing world refers to the process of connecting to an
organization’s internal resources from an external workspace –home, field, hotel and any other

SECURITY ADMINISTRATOR HANDBOOK FOR BIZYX CORPORATION

4

place rather than the office. This access should be done in a secure way to increase productivity.
The purpose of this policy guideline is to define the standards for staff when connecting to the
network remotely. The essence is to reduce the chances of any exposure such as loss of data or
information and lower security concerns by ensuring access methods that are consistent and
standard (Sans, 2019).
This policy applies to all organization staff that access, configure, manage and support
remote connectivity to the network. Users must contact the helpdesk for approved methods and
software used for remote access. The users are responsible to ensure that the devices they are
using are compliant with the applicable policy. All devices to be used for remote access shall be
inspected prior to use to ensure they are up to date with requisite application security patches and
virus or malware protection software. The privileged users of remote access shall ensure that the
connection is strictly for work. Remote access shall be controlled and secure. Information
security shall ensure strict access methodology and hardening technologies not limited to
password authentication and smartcards. All passwords shall be strong and follow guidelines and
procedures in the access control and password policy. Staff shall ensure that devices used for
work purposes are not shared in a multi-user capacity in any inappropriate activity. Users shall
be fully liable for any access misuse. Staff with remote access privilege shall ensure that their
remotely connected workstations are not open to connection by other networks whether private
or public. Finally, personal equipment shall not be used to connect to the network using remote
access software and any exceptions require written approval by the appropriate manager (Sans,
2019).
A regular audit of controls and management shall be part of the process for enforcement.
A historical timeline of evidence supporting implementation shall be kept and updated on a daily

SECURITY ADMINISTRATOR HANDBOOK FOR BIZYX CORPORATION

5

basis. Remote access logs showing users and remote access to the network must be kept.
Members who violate the policy will be punished. The policy document will be supplied to all
staff. Documentation of the policy version shall be kept highlighting version, date of update,
description and approval date and signature.
Physical Security
In the company, physical security is of the utmost importance. To secure machines and
items physically, the company observes simple but effective procedures and policies. The first
policy and guideline is that assets are categorized depending on their value and the sensitivity of
the data contained therein. For example, some computers are categorized as general-purpose
computers and others are categorized as servers. The next guideline is using the categories as a
guide to determine the security levels assigned to each computer and computer room (Australian
Cyber Security Centre, 2019).
General-purpose computers are locked behind a door and the key is handed over to the
network administrator or lab technicians. Access to these computers and the rooms that they are
stored in is regulated by the administrator and the lab technicians. On the other hand, the server
room is kept under lock and key, with only the network administrator in charge of handing over
the key. There is also a keypad lock that has to be unlocked in addition to the regular locking
mechanism of the door. The computers are stored in cages and each cage also has a padlock and
the keys are under the custody of the network administrator.
Finally, to physically secure the facilities, security cameras are installed throughout the
facility. They help monitor entry and exit in the relevant rooms. They would be installed in every
room at all entrances and at multiple angles in the server room. Access to the room with the

SECURITY ADMINISTRATOR HANDBOOK FOR BIZYX CORPORATION

6

digital video recorder for the cameras would be limited to the chief security officer and a log
would be kept of any other personnel that may be allowed into the facility. Logs would be kept
for each server room and employees would also be screened at the entrance to ensure that they
do not carry contraband into the room such as pen drives.

Laptop and Removable Media Security

Laptops and removable storage devices are in general terms known as PSDs (Personal
Storage Devices). Because they are widely used as portable storage of organization information
they are subject to organizational security policy. The policies revolve around the main areas
named in the text that follow (Heath, 2019).

Security Procedures for staff Using Laptops and Removable Storage Devices

Upon receiving the laptop and storage device the staff should sign with the IT office
acknowledging that they will be fully responsible for the physical security of both the laptop and
removable storage device and the information stored therein. They should also accept to comply
with procedures of handling both devices as set by organization policy. The removable storage
device should only be used together with the laptop when accessing or storing information. After
use the removable storage should be ejected and held safely at all times. The removable storage
device must not be stored together with the laptop at all times. Similarly, the removable storage
device should be stored separately from the access password (CVS, 2013).

Users requiring replacing their desktop computers with laptops must book requests with
organization administration. Laptops must never be left unattended in a car or unsecured places.
The laptop and storage device must be well secured in locks whether at home or in hotels. Both

SECURITY ADMINISTRATOR HANDBOOK FOR BIZYX CORPORATION

7

laptops and removable storage devices are organization property and must only be used for
official purposes. The storage devices are set for use with specific users’ laptops and sharing
removable devices is not allowed. Access to information on a laptop or removable storage device
by anyone else is prohibited (CVS, 2013).

Vulnerability and Penetration Testing
Vulnerability testing is done to find out as much vulnerability as possible in an
environment. Penetration testing on the hand is meant to find out the extent of damage
unauthorized access might cause to an organization. The policy is designed based on the
following areas.
Vulnerability scanning should be done by authorized personnel in the organization. The
intervals of the vulnerability scan should be quarterly. The scope of the scan should be the whole
network. The more delicate parts of the network such as the firewalls, perimeter points of entry
and public web-servers should be scanned more regularly. To ensure a good test, a mix of both
proprietary and freeware software should be used for the test (Donald L.Evans, 2003).
Vulnerability testing provides the following information. It helps identify active hosts on
the network, active and vulnerable ports on host, operation systems and applications on the
network, vulnerabilities related to the associated operation systems and applications is. The test
also exposes poorly configured settings on the network. Finally, it provides foundation for
penetration testing.
Penetration testing should be done by authorized personnel. The level of authorization
depends on the type of penetration testing. For internal tests (blue teaming), IT officers can
authorize. For external penetration test (red teaming) authorization is given by top organization

SECURITY ADMINISTRATOR HANDBOOK FOR BIZYX CORPORATION

8

management. Only a trusted external party is allowed to carry out external penetration testing.
The tests must be carried out during business hours. All the rules for the testing methodology
must be provided to ensure the test is comprehensive and exhaustive. A detailed report of the
penetration test should be submitted both to the top management and I...

Klosevin (10004)
University of Virginia

Anonymous
I was on a very tight deadline but thanks to Studypool I was able to deliver my assignment on time.

Anonymous
The tutor was pretty knowledgeable, efficient and polite. Great service!

Anonymous
I did not know how to approach this question, Studypool helped me a lot.

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4
Similar Questions
Related Tags