Total Pages: 6
Download this in Document form By Clicking Add To Cart.
Make a nInformation Assurance Plan for an organization.
Table of Contents
There is no denial of the importance of the security of the data that is owned by any organization. No organization wants its data related to its internal processes or its customers to end up in the hands of people who intend to use it for hurting the customers or the organization in any way. It has been observed that the computer that connect through internet or the local communication network are vulnerable to threats from hacker and other wrong doers. Firewalls have been suggested as one of the most effective security tools to prevent against such threats (Whitman & Michael, 2012).
The purpose of this document is to suggest an information security plan to any small to medium sized company so that its data can be kept secured against external and internal threats. Information security is a documented plan that enables an organization to incorporate information security early-on while the information system is designed (Kaczor, Thornley & Guynn, 2006). In the introductory part of this document I will focus on four main issues related to information assurance plan i.e. authority, purpose and scope, audience and document structure.
This information security plan has been prepared to be used by all the computer network administrators in the organization. All the information steps identified in this document are prepared in accordance with the Federal Information Security Management Act (FISMA) of 2002, Public Law 107-347. The author of the document has no intention of contradicting any law that has been made applicable by the concerned authorities.
The purpose of this document is to guide the organization to effectively use its firewall strategies in order to minimize data security risks. This document is an overview of the application of firewall with respect to its selection, configuration, testing, deploying and its management. There are recommendations made in this document so that measures can be made to select firewall policies which are best applicable in the organization’s working environment. This document aims to fulfil the purpose of information security plan where the readers will be provided an opportunity to get an understanding of the basic model of the information assurance system (Schou & Shoemaker, 2006).
The main audience of this document is the computer network administrators. All the personnel’s in the IT department so that an effective firewall and data security mechanism can be established. The document provides a basis to the information security plan. Especially, the staff members related to data security issues would find this document very useful.
The document is divided into four parts.
- The first part is an introductory part that end with this topic.
- The second part consist of the recommendations about the firewall technologies that would best suit the current organization.
- The third part consist of the recommendation about the overall architecture of the firewall and the network.
- The fourth and final part of this document consists of the recommendations about the firewall policy for the current organization.
Firewalls are used to control the flow of information between hosts or networks in order to protect the data from being accessed by undesired people or software processes (Wack, Cutler & Pole, 2002). There are many technologies available to provide a firewall depending on the specific needs of different organizations. Firewalls are the first layer of a network that monitors the flow of information to that network and different computers hosted on the network.
Firstly I would like to recommend the incorporation of an HTTPS server that will ensure the secure flow of information between the organizational network and the internet. The HTTPS will functions as a protection against the hackers who would exploit the connectivity sessions between the network hosts and the outside world.
My second recommendation is that personal firewalls should be incorporated so that the firewall policies are effectively enforced at the user end.
It is recommended that the organization has its own IP allocation to its computers and only these IPs should be allowed a communication with the outside world.
The firewall must be in accordance with the overall architecture of the recommended design of the network architecture. Following is a summary of the recommendations of the firewall and the network architecture.
Though it is recommended that the firewall should be in accordance to the overall network policy, it must be ensured that the current network layout is not vulnerable to external or internal threats. If the network architecture is vulnerable, then it is recommended that firstly the network architecture should be altered to make it safer. After that, the firewall policies can be altered to comply with the network architecture.
A clear distinction between NAT (Network Address Translation) and a firewall should be drawn. Both have their own security related benefits but one cannot replace the other.
It is recommended that only one layer of firewall is setup in order to avoid the issues associated with multiple firewalls on the same network.
The firewall policy governs the flow of data on the network by providing different provisions to different IP addresses on that network. It also applies the organizational information security policies to the different software applications, protocols and content on the organizational network. Following are the recommendations related to the firewall policy.
There must be a thorough analysis of the risks that the organization information flow will face. Only then can a firewall policy be made and applied.
The firewall policy must consider different variable like the content flowing on the network and its source and destination.
Traffic generated from private IP addresses should be blocked.
There are different software application requesting communication sessions with different hard and soft resources present at the organization. The firewall policy should be capable of making calculated decisions related to these provisions.
I would like to conclude this discussion by suggesting that the organization should look for the best possible technological solutions related the security of the information and the firewalls that would be adopted in soft or hard form. A thorough comparison of different technologies I vital in this regard. Network administrators present at the organization and other experts should be consulted in making these decisions.
Kaczor, W., Thornley, C., & Guynn, B. (2006). Taking the Mystery out of Information Assurance for the 21st Century Training Community. MTS TECHNOLOGIES ORLANDO FL.
Schou, C., & Shoemaker, D. P. (2006). Information assurance for the enterprise: A roadmap to information security. McGraw-Hill, Inc.
Wack, J., Cutler, K., & Pole, J. (2002). Guidelines on firewalls and firewall policy. BOOZ- ALLEN AND HAMILTON INC MCLEAN VA.
Whitman, Michael. (2012) Guide to Firewalls and Network Security. 3rd edition, Course Technology, Cengage Learning. ISBN: 9781111135393.
Download this in Document form By Clicking Add To Cart.