University of Phoenix – Online
CMGT/440 Introduction to Information Systems Security
13 October 2008
Security Policy for McBride Financial Services
1.1 It is the responsibility of all McBride Financial Services employees to comply with all written policies and procedures as set forth by this policy. This document delineates the requirements for information security in regard to Application Service Providers (ASP’s) that directly participate and communicate via electronic means with McBride Financial Services.
2.1 The McBride Financial Services security policy applies to all employees that are directly involved with the usage of all company electronic assets and devices, which include all resources that interface with reference to any affiliated ASP’s.
3.1 The objective of the McBride Financial Services security policy is to meet all federal, state, and local regulations while maintaining a secure and private environment for customer information. Additionally, management personnel are responsible for establishing a climate that promotes good morale and fosters a cohesive and safe working environment.
4.1 Requirements of the Information Technology (IT) Department
4.1.1 The IT department shall be responsible for all McBride Financial Services electronic equipment, which includes but is not limited to the following items: computers and their associated equipment, computer software, local area networks (LAN’s), and wide area networks (WAN’s). The IT department will monitor all interfaces with any afilliated ASP’s to ensure the integrity of data transer. The IT department will monitor all electronic hardware/software for licensing requirements to ensure compliance with companies that are affiliated with McBride Financial Services.
4.1.2 The IT department, in conjunction with any affiliated ASP’s, will ensure all informational databases are backed up and...