Security Policy GDI Company Case Study Example | Topics and Well Written Essays - 3000 words

Security Policy GDI Company - Case Study Example Given that GDI has made significant gains in its business, there is need to preserve the capability the firm receive from its information technology assets. This security policy understands that protecting the physical and operation security of GDI is the main challenge underlying its writing. Therefore, the report presents several policies that seek to protect named assets of GDI with a goal of preserving the security and operation of the firm. Vacca (2010) argues that information technology polices form the first line of defence against threats. There are several policies this security policy document outlines, which are a result of careful analysis of the firms existing network topology. Because information technology forms a critical backbone to the operations of GDI, a careful analysis characterized the writing of this document. Among the essential goals of the security, policies were the establishment of confidentiality, integrity, and availability of the firm’s informat ion technology asset. Policy 1: Email Security Policy Email remains a preferred medium of communication for the GDI Corporation. Because of the widespread use of email in the firm, there is need for GDI to implement policies that will limit the loss of essential loss through email exchange within or outside the firm. While email is one of the most effective techniques for communication, firms like GDI stand a risk of exposing their data and information technology infrastructure to threats that can emerge from lack of email security policy. Bayuk, Healey and Rohmeyer (2012) contend that email remains vulnerable to a wide variety of threats such as worms. These threats can interfere with the operations of the organization, as well as lead to the loss of data. Given the danger that could emanate from email use, this report understand the need of an appropriate email security policy, which will ensure that email exchange do not result to the loss of data, introduction of threats and breach of confidentiality. First, GDI should implement a policy that restricts its employees from sharing any fi.es that belong to the organization. This clause could limit the loss of information that GDI’s employees have the privilege to view as compared to other people. This policy should be printed and given to all employees using the firms email. In addition, GDI should also produce a policy that would restrict all the employees from using the firms email for their own private use. The use of emails for any other purpose could introduce threats such as worms. To add on this, the firms should stipulate that all employees scan their emails to ensure that they have no threats such as worms or Trojan horse that could spy on the company’s data. Policy 2: Server Security Policy GDI servers are essential assets that must be protected from physical and operations risks that may have profound effect on the operations of the firm. To ensure that GDI’s servers are secure, there has to be an elaborate policy in place. The se rver security policy calls for the hardening of GDI’s server to ensure that all vulnerable areas are addressed to limit the impact of threats. This policy ensures that GDI’s administrators carry out periodic maintenance of the system by applying patches and other software updates. Servers that lack essential patches are vulnerable to attacks (TechRepublic, 2004). Updating the servers by installing patches would ensure that the server is secure and up to date. Being that updates are critical to the operation of