Appendix C
Introduction
Student Name: Jeremiah Binning
Axia College
IT/244 Intro to IT Security
Instructor’s Name: James W. Lemaster
Date: September 21, 2012
1. Introduction
1.1. Company overview
The Bloom Design Group sets itself apart from other interior design companies by having a comprehensive, interactive online virtual decorating tool, which allows clients the ability to design their own color and designs schemes. Not only does this save a great deal of time and effort, but it also saves money by allowing the client know exactly how everything is going to look before it is bought. Having this kind of system in place has proven to take the guessing out of interior design, giving the customer exactly what they want.
The web based interactive interior design system not only allows clients to interact with the system, but also allows interior decorators the ability to access to their client’s files. This allows them to work directly with their clients, allows them to recommend visual ideas in real-time, and even allows them to purchase materials and furniture. This one-stop kind of website can prove to be very beneficial in saving resources, time, and best of all, money.
1.2. Security policy overview
There are three types of Security policies: Program-level; Program-framework policy; Issue-specific policy; and System-specific.
A program-framework policy is put in place by a company or organization to provide a path to follow when it comes to upholding or implementing security. The policy defines the elements that form the basis of the security program (Merkow, 2006).
A system-specific policy is put in place to state the security goals for a specific system, and shows what a system needs to do in order to meet any goals. This policy is usually specific to a particular system, and put in place in order to maintain that system.
An issue-specific policy is a policy put in place to address a particular area that might be a concern in the future. These types of policies can need to adapt and change over time in order to maintain relevancy.
The Bloom Design Group could create a system-specific policy in order to maintain their design tool. This type of policy can help to maintain the protected areas of the site, protect client’s sensitive data, and serve to help the system fit in the overall structure.
1.3. Security policy goals
1.3.1. Confidentiality
Confidentiality of The Bloom Design Group web based designer system will be defined to protect not only the client’s data, but also protect the company’s data. One way of doing this could be to only give users enough privileges to perform their duties. Not too much, and not too little, privileges within a web-bases system can be crucial. To go even further, specific information on a client such as a social security number could require a