Research Paper On Security Policy

Submitted By SriHarsha-Poosa
Words: 2117
Pages: 9

Policy paper

Table of contents
Abstract……………………………………………………………………………………….. (3)
Introduction…………………………………………………………………………………... (4)
Conclusion……………………………………………………………………………………. (10)
References……………………………………………………………………………………. (11)

Abstract
Policies are a set of requirements or rules which are required to set a path to a specific objective. Security policies should balance access and security. Security policies should minimize risk while not imposing undue access restrictions on those who need access to resources. This paper includes the password policy, wireless use policy, information logging standard, user privilege policy, database credentials policy and acceptance encryption policy. This paper briefly explains about the scope and procedures of each and every policy.

Introduction
When defining policies and when living with them from day to day, the reasons for the policy should be kept in mind. A policy should never replace thinking. The reasons for the policy and the potential threats of every action should always be considered regardless of policy. Then when the actual threat possibility and potential damage is considered, it may be determined that policy should be changed.
Every policy should define
i) Policy statement ii) Purpose iii) Scope iv) Enforcement
v) Guidelines/Procedures.
From given policy paper, XYZ Health Care is a provider of health services to senior citizens follows HIPAA privacy rules. As everyone in an organization is connected to a network, by the end of the day while updating data, there is a possibility to loose information in different ways. There is chance of threats or attacks as the information is shared in a network. These attacks may be of internal or external. (Jonathan Gana KOLO, 2008)When there is a distributed concept we got to think of the security and issues related to. Some of the risks mentioned are
1) Brute force user ID and password attacks:
Policy statement:
To mitigate this type of Brute force user ID and password attacks risk we need Password Policy.(Password Protection Policy, 2014)
Password Policy is created to overcome the risks of brute force user ID and password attacks.
Passwords are an important aspect of computer security. Users or employees who have access to administrative systems must obey the password policies in order to protect data integrity, and protect the security of the network and are responsible for taking the appropriate steps to select and secure their passwords. Choosing a weak password results in an unauthorized access that leading to data integrity. (Password Protection Policy, 2014)
Purpose: The main purpose of this policy is to create standards in generating passwords, protecting the generated passwords. (Jonathan Gana KOLO, 2008)
Scope: This policy applies to all personnel in an organizational network, who have any form of account that require a password to access. These accounts are not limited to an e-mail account and domain account. (information technology standard, 2013)
Policy Procedures:
a) Password Creation: User account and Administrative account passwords must conform to the Password Construction Guidelines. Users must not use the same password for various access needs. (Password Protection Policy, 2014)
b) Password Change: All passwords of administrative account must be changed at least once in a quarter and the User account passwords must be changed for every six months at least. The recommended change interval is every four months. (Password Protection Policy, 2014)
c) Password Protection: Passwords must not be shared as it may contain confidential information. All passwords are to be treated sensitive; Passwords must not be inserted into email messages, Alliance cases or other forms of electronic communication. Passwords must not be revealed over the phone or it must not be included in a non-encrypted stored document. (Password Protection Policy, 2014)
Enforcement: Since