Network Security Plan
The Network Security Plan is designed to protect information and critical resources from a wide range of threats in order to ensure business continuity, minimize business risk, and maximize return on investments and business opportunities. Information Technology security is achieved by implementing a suitable set of controls, including policies, processes, procedures, organizational structures, and software and hardware functions. These controls need to be established, implemented, monitored, reviewed and improved, where necessary, to ensure that the specific security and business objectives of organization are met.
The purpose of this plan is to ensure the confidentiality, integrity, and availability of data, define, develop, and document the information policies and procedures that support organization goals and objectives, and to allow the organization to satisfy its legal and ethical responsibilities with regard to its IT resources.
A loss of confidentiality is the unauthorized disclosure of information. - “Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information…”
A loss of integrity is the unauthorized modification or destruction of information. -“Guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity…”
A loss of availability is the disruption of access to or use of information or an information system.
The following information provides some of the best practices for securing server operating systems Server operating system security.
• Password protection
• Strong passwords
• Defining the password policy
• Defining an account lockout policy
• Access control
• Single sign-on
• External security firewall