Network Security Policy

User Generated

Ubbg1991

Other

Description

I just need someone to write the Network security policy section of this paper. It only needs to be about 1.5 pages double spaced APA style. The company is Apple. I will attach the rest of the paper so you can get the idea of what it needs to look like.


Based on your team's Week Five Learning Team Collaborative discussion, write the Network Security Policy section of the Information Security Policy.

Include the following:

  • Network security control devices
  • Threat monitoring and protection
  • Threat identification and remediation

Compile all sections of Information Security Policy. This should include all parts of the policy from Weeks Two through Five.

Write the conclusion for your Security Policy.

Format according to APA guidelines.

Submit your assignment to the Assignment Files tab

Unformatted Attachment Preview

Running head: SECURITY POLICY 1 Security policy Student’s name Professor’s name University affiliation Date 2 SECURITY POLICY Introduction Apple is a technology giant based in California, United States of America. It is among the leading technology firms in the world, boasting of the top of the line communication products such as laptops, tablets, Smartphone products and music players. Apple has been growing over the past and so far has maintained a reputable lead among a unique Smartphone brands in the world. This success can be attributed to their iPhone Smartphones. A lot of people identify with the company because its products are classic and give a status quo to the benefit of anyone who flashes them in public (Linzmayer, 2004). Need for a security policy Apple being a big techno firm needs a lot of cyber security. This is because any leaking or corrupting of important company data could mean a disaster to its business (Bulgurcu, Cavusoglu & Benbasat, 2010). The policy should cover both physical and virtual security of both the infrastructure and the technology invested. This is because most of the company’s data is either stored at a central location or securely kept on the safer online platform called the cloud (Bulgurcu, Cavusoglu & Benbasat, 2010; Linxmayer, 2004). Apple Company has established its base in various international markets around the globe. This increased size can affect the security policy because; the management has to come up with effective security policies that can mitigate security issues in the global view. Apple has to develop security systems to protect the privacy of their customers. Apple can protect customers by establishing strict policies on handling data. Another security measure will be the use of strong encryption keys which will be difficult to penetrate especially by hackers. 3 SECURITY POLICY Unique elements that are associated with Apple Company include the usage of innovativeness in the production of the diverse range of products and dynamic business plan. The increased innovations might affect their security policy because there is the need of securing their products for them to remain innovative (Hinsley & Hughes, 2002). The fact that most other competing companies have been unable to understand how Apple Company manages to put up so much technology, class and elegance in a single functional phone without affecting its performance and at the same time remain effective is a marvel. The engineers dedicate a quality amount of time to try and come up with something new with every product that Apple Company releases into the market. Furthermore, whenever the brand is mentioned there are unique features that come to individual’s minds. So, it would be very devastating to lose the results of such hard work by the engineering and innovation teams through insecure storage of vital information. The security policy should therefore be prepared to address hacking threats, and to come up with the best ways to prevent such instances by having a strong system that would recognize and notify if anyone tried to hack in as well as a multi-level inscription to make it harder to penetrate the security protocols (Finedo, 2012). Apple Company Information Security Policy Strong encryption and strict policies will be used by Apple Company to ensure that information is not accessed by unauthorized parties. Information will be made available to parties with a legitimate need for access. Breach of any security policy formulated must be reported by any party as soon as they occur. Compliance and incident notification It is very crucial that all employees of Apple Company should comply with the stipulated policy. Any breach is a serious matter because it may lead to the loss of important confidential 4 SECURITY POLICY data. Such losses may result in civil action being taken against the Company. The aftermath will be the loss of some of its loyal customers. Security of the facilities: Security of the facilities includes any facility that can be directly accessed physically, leading to loss of information for the organization. The best practice that Apple should adopt is to understand each threat, related impacts, and their possible controls. To start with, employees as an indispensable unit in the company can risk the processes to attack due to deliberate or accidental errors with the probability of occurrence being high as well. Since it is highly possible, identifying ways such as getting Apple Company’s employees to proper familiarization with the systems can work well to control related dangers. Apple company need to adopt a frequent change of authentication and authorization procedures enhances security by the unwanted entry. Apple relies on facial recognition and fingerprint detectors to get access to the facilities to prevent any tampering of the company’s products. Some of the properties that are protected include highly sophisticated computers used to generate software. As a continuum to the physical security aspects, criminal related threats should be adequately assessed and gaps related to their occurrences established and fixed. Criminals are mostly driven by malicious forces purposely to scoop organizations data. The most practical mechanisms to control the related impacts at Apple Company include notifying law enforcement organs and avoiding dangerous situations such as using company’s files in public or exposed areas. Physical entry controls The main objective for this security control is to prevent physical access, damage and interference to the organizational information and information processing facilities. The company will set up surveillance by employing the use of authentication systems such as a biometric scan 5 SECURITY POLICY or a smart card to unlock the doors. Alarms systems will also be put in place to notify responsible parties in case of any breach (Denis, 2003). Security offices, rooms, and facilities The main objective of this security control is to prevent unauthorized access to the physical facilities and damage for the organizational information. Basically, it is usually expected that only the authorized personalities should enter in the offices. Mainly, the offices, rooms, and facilities have been designed and applied to physical security. An advantage for this security control is to ensure that no interference with the information of the organization as it might be stolen. Most organizations, not only Apple Company, have been designed in such a way that only individuals who have to enter the offices have permission to do so (Farrugia et al., 2016). Isolated delivery and loading areas The main objective for this security control is to ensure that the organizational information has not been directly accessed by the stakeholders. The delivery and loading areas have been constructed in such a way that where unauthorized persons enter the premises are controlled. Security of information systems Workplace protection The organizational workplace is an important factor because the valuable private information is located here. Examples such as client’s information, sales documents are located in the workplace. The workplace has been secured with physical and logical security of every kind (Denis, 2003). Network/server equipment The network and server equipment are secured with locks. This is usually meant for ensuring the physical security of equipment from theft. Network equipment’s such as hubs and 6 SECURITY POLICY routers are secured to prevent tampering and access from unauthorized individuals. In this case, only authorized persons are allowed to interfere with them. For instance, authorized employees can access them (Medicine, 2017) Equipment maintenance Computers need maximum protection as they are very sensitive. The personalities responsible for these systems should have knowledge of the equipment they are maintaining. In the case of failure, they should have a second option of whom to contact. Routine management of the systems is very critical for the performance of the equipment. Pear requires that the equipment is checked for their performance capabilities and for the quality deliverance of services to the customers (Subotić, 2016). Security of laptops/roaming equipment The security of laptops and roaming equipment should be kept high in the company. The employees that have been given the access to the equipment should understand the importance of the equipment of the company. It is mandatory for the employees to take care of the laptops and roaming equipment. Apple makes use of username and password to protect the equipment such as laptops. This is an important control since nobody can access information contained in the laptop unless they know the password or username (Dubin, 2017). Apple Company Access Control Policy Access control policy at Apple Company comprises security techniques that are used to regulate the entities that are allowed access to use its resources in the computing environment. The 7 SECURITY POLICY access control policy allows authorized individuals to utilize and operate resources within the network structure. All employees have no direct access to functional information regarding the system unless authorized by an access control policy. In order to understand Apple Company access control policy, there is a need to understand the main concepts involved including entity, actions, relationships, and resources. The two main methods of access control commonly used are physical and logical controls. Physical control is used in the management of access to the company's premises, hardware resources, and IT assets. On the other hand, logical control manages the interactions with its computer systems, files, and data. According to Margaret Rose (2016), access control has the following main functions: authorization, authentication, identification, access approval and accountability verification. The access approval and accountability verification function involve access through login credentials such as personal identification numbers, passwords, physical and electronic keys or biometric identity. Authentication The authentication requires employees to validate their true identity. In process Pear, the PIN number function is used to authenticate every employee as they are required to input their PINs to gain access into computers, enter through doors, and get into other local areas. Accessibility is further enhanced by the use of photo IDs and signature cards. This is in addition to the use of a three-factor authentication process in gaining access to certain resources. Discretionary access control 8 SECURITY POLICY A discretionary access control principle outlines how accessibility to information and control access systems can only be accessed and controlled by the owner of the particular information. As a result of its secure features, many systems are based on the discretionary access control principle (Benantar, 2006). At Apple Company, only the employees who are authorized can carry out system changes through the discretionary access control system. To further ensure total confidentiality, only the least privilege principle can grant accessibility into a system and therefore any transactions that involve access to the company's resources are done on a need to know basis only. Mandatory access control However, the strictest control level is the Mandatory Access Control. This is primarily used by government institutions though it is also being adopted by other private organizations in controlling access to their systems. The control system uses a hierarchical approach to controlling access to an enforced environment for all resources and its control is based on the settings put in place by a system administrator (Ballad et al., 2011). In using this control system, access to any resource is however strictly monitored by an operating system administrator configured settings and therefore making it impossible to initiate any changes on the users' credentials and access to resources. User Enrollment User enrollment refers to the process where a user's control device is interconnected with a Hosted Mobile Security. In using this feature, an employee must be enrolled as a user before gaining access to the company’s systems. The user enrollment process of involves the system administrator making an invitation to the user to enroll his/her device before getting an invitation link through which to open and complete enrolling the mobile device. 9 SECURITY POLICY Role-based controlled access Employees who perform common roles or work in the same department may require similar access to the system and therefore the role-based controlled access authentication can be used for this task. Therefore, where a group or team of employees is assigned a specific task, they can be assigned the same role-based access control. When all the roles are populated in the system's database, the role-based rules are implemented by giving role-based privileges to each employee scheduled to access the particular function (Benantar, 2006). Thereafter, an employee’s details are fed into the database and updated in all the computer application systems from the Human Resource desktop. In using this system, Apple has been able to get a companywide control process and managed both its hardware and software IT assets effectively while still maintaining a high level of security (Gollmann 2011). Identification The identification process involves verification of the identity of an entity. The process may require the use of an identification number or document as proof of an employee’s identity. As a result, all Apple Company employees have a small standard card that is usually used in identifying its employees. Accessibility into its computer systems is restricted to only the authorized personnel who have a unique identity that they use in logging into the systems for enhanced security without compromising their systems. Remote access There is a risk of breaching a system's security when accessibility from remote locations is possible due to the use of insecure networks and therefore the need for additional security features. As a result, extra access control techniques are used to ensure maximum security by protecting the company's LAN and users. The most common network used at Apple Company to access the 10 SECURITY POLICY corporate networks is Virtual Private Network (VPN). The network helps by creating a safe private channel between the end user’s network and the protected corporate network thus preventing illegal access or modification of data. The employees use their ISP in connecting to the Internet through the VPN as it is safer since it is hard and almost impossible to breach by intercepting message transfers as it uses very powerful cryptography from both the senders’ and receivers’ end (Ballad et al., 2011). Therefore, access control policies are an integral part of organizations keen on protecting their systems from unauthorized access in terms of security breaches. Apple Company, as a global leader in the electronics technology, has been in the forefront in this end as a result of the growing threats cyber security. It is for this reason therefore that a company of its size and complexity must go for systems that are safe and secure in carrying out its business. Conclusion Finally, I believe this policy will work well for Apple company in curbing security threats. It is important to understand every company’s main security goal is to keep its vital data as tightly guarded as possible from competitors. It is also good for the physical security to be heightened because employees may sneak out important data. This could be achieved ensuring that a loyalty culture is encouraged whereby all employees are made to feel valued and this promotes a responsible attitude towards company property. The issue of authorization at Apple Company needs to be looked at too. Among the possible external attacks, there is none more damaging than situations when the systems have loops that can make unauthorized data access possible. Such instances include inadequate access control policies and the effects of such an absence are suicidal to the business setup. As a safety measure, establishing a control policy is essential and related procedures include high-tech encryption SECURITY POLICY 11 systems among other authentication processes. Establishing a working security is also recommended to mitigate threats related to inadequacy in employees' capacity such as entry, human and other cataloging errors. Therefore, proper structures should be put in place at Apple Company to ensure that such information is always safe and a rescue plan made available in case of any data leakage (Bulgurcu, Cavusoglu & Benbasat, 2010; Linxmayer, 2004). 12 SECURITY POLICY References Bulgurcu, B., Cavusoglu, H., & Benbasat, I. (2010). Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. MIS quarterly, 34(3), 523-548. Hinsley, S. R., & Hughes, C. D. (2002). U.S. Patent No. 5,283,830. Washington, DC: U.S. Patent and Trademark Office. Ifinedo, P. (2012). Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theory. Computers & Security, 31(1), 83-95. Beachem, B., Boucher, P., Nault, G., Rollins, R., Wood, J. B., & Wright, M. (2016). U.S. Patent Application No. 14/991,848. Denis, T. (2003). An Integral Framework for Information Systems Security Management. Computers and Security, 337-360. Dubin, J. (2017). Laptop Security Best Practices. Retrieved from Techtarget: http://searchcio.techtarget.com/tip/Laptop-security-best-practices Farrugia, A. J., Robbin, J., Mitsuji, H., Despotovic, M., & Meldrum, C. (2016). U.S. Patent Application No. 15/159,772. Medicine, S. (2017). Information Resources and Technology. Retrieved from Stanford Medicine: https://med.stanford.edu/irt/security/servers.html SECURITY POLICY 13 Subotić, J. (2016). Narrative, ontological security, and foreign policy change. Foreign Policy Analysis, 12(4), 610-627. Ballad, B., Ballad, T., & Banks, E. K. (2011). Access control, authentication, and public key infrastructure. Sudbury, MA: Jones & Bartlett Learning. Benantar, M. (2006). Access control systems: Security, identity management, and trust models. New York: Springer Science+Business Media. Gollmann D. (2011). Computer Security. Wiley Publishing, p. 387 Margaret R. (2016). Access control. http://searchsecurity.techtarget.com/definition/accesscontrol Petritsch, H. (2009). " Access Control Models.". ACM Press. pp. 197–206.
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Here's the answer. Please let me know if there edits required.

Apple Network Security Policy
Name
Institutional Affiliation
Apple deploys numerous network security measures in ensuring that their users’ information is
kept secure as it is conveyed to and from an iOS device. Additionally, given that Apple shares a
global technology market, it is crucial that their customers are able to access their local and
international corporate mobile communication networks from anyplace within the globe.
Therefore, it is crucial for Apple to guarantee data transmission authorization through
embracement of fundamental network protection approaches. For instance, apple deploys various
standardized network protocols in ensuring authentication, authorization, and encryption of data
communicated through their devices. Some of these standard network protocols implemented by
Apple are highlighted as follows.
Firstly, Apple devices uses an operating systems versions (iOS), which supports the Transport
Layer Security (TLS) and DTSL. All versions of iOS support various versions of TSL such as
TLS v1.0, TSL v1.1, and TLS v1.2. The TSL protocol is an automatic mechanism that ensures
that iOS internet applications such as Safari, Mail, among others, use an automatically encrypted
communication network. Developers such as Apple use the High-level APIs like the CFNetwork
for easy adoption of the TLS into their applications and the low-level APIs for fine-grain
regulations. Additionally, they deploy the RC4 symmetric cipher set specifically for the iOS v10
and the macOS Sierra enhance security of their communication network channels involving their
devices.
Secondly, Apple employs an App Tra...


Anonymous
Great study resource, helped me a lot.

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Similar Content

Related Tags