NEEDED ASAP

Using the Template provided, create an Issue-Specific Security Policy for the case organization.

The ISSP should address the fair and responsible use of company computers & networks, including Internet access from the office, specifically:

1. Use of non-organizational computing equipment (smartphones, tablets and laptops) on organization's systems and networks.
2. Use oforganizational computer equipment for non-organizational purposes, duringand after office hours.

You will choose a reasonable position as to the level of restriction you decided to place on employee use of these technologies. Make sure your approach is consistent across the policy. In other words, don't be extremely permissive in one area of the policy, then extremely restrictive in another.

Do not quote or paraphrase from any outside reference (e.g. sample policy). If you wish to review other policies, ensure your policy is unique and does not require quotation marks or in-text citations, but include any policies reviewed in the references section.

ISSP on {Issue} for {Case Organization}

In this section the student should write a complete ISSP on the topic provided, using the outline below, as described in the text to serve as an example the organization can follow in writing the other ISSPs (typically 5-10 pages).. Be sure to format your final policy the same as the template (text .25 indented, 12 point Times New Roman, lines 1.5 spaced, paragraphs with 6 point space after). Everything in italics should be replaced or deleted before submitting your assignment

1. STATEMENT OF PURPOSE

The ISSP should begin with a clear statement of purpose that outlines the scope and applicability of the policy. It should address the following questions: What purpose does this policy serve? Who is responsible and accountable for policy implementation? What technologies and issues does the policy document address?

a. Scope and Applicability

b. Definition of Technology Addressed

c. Responsibilities

2. AUTHORIZED USES

This section of the policy statement explains who can use the technology governed by the policy and for what purposes. This section defines fair and responsible use of equipment and other organizational assets, and it addresses key legal issues, such as protection of personal information and privacy. The policy makes any use for any purpose not explicitly identified a misuse of equipment.

a. User Access

b. Fair and Responsible Use c. Protection of Privacy

3. PROHIBITED USES

While the previous section specifies what the issue or technology can be used for, this section outlines what it cannot be used for. Unless a particular use is clearly prohibited, the organization cannot penalize employees for it. In some organizations, that which is not permitted is prohibited; in others, that which is not prohibited is permitted. In either case, be sure to state clearly the assumptions and then spell out the exceptions.

a. Disruptive Use or Misuse

b. Criminal Use

c. Offensive or Harassing Materials

d. Copyrighted, Licensed, or Other Intellectual Property

e. Other Restrictions

4. SYSTEMS MANAGEMENT

This section focuses on the users responsibilities with regard systems and data management. A company may want to issue specific rules regarding the use of e-mail and electronic documents, and storage of those documents, as well as guidelines about authorized employer monitoring and the physical and electronic security of e-mail and other electronic documents. This should also address retention policies, and the minimum and maximum times certain files may be retained and how, in accordance with relevant laws, regulations and guidelines. The Systems Management section should specify users and systems administrators responsibilities, so that all parties know what they are accountable for.

a. Management of Stored Materials

b. Employer Monitoring

c. Virus Protection

d. Physical Security

e. Encryption

5. VIOLATIONS OF POLICY

This section specifies the penalties and repercussions of violating the usage and systems management policies. Penalties should be laid out for each violation. This section should also provide instructions on how to report observed or suspected violations, either openly or anonymously, because some employees may fear that powerful individuals in the organization could retaliate against someone who reports violations. Anonymous submissions are often the only way to convince individual users to report the unauthorized activities of other, more influential employees.

a. Procedures for Reporting Violations

b. Penalties for Violations

6. POLICY REVIEW AND MODIFICATION

Every policy should contain procedures and a timetable for periodic review. This section should outline a specific methodology for the review and modification of the ISSP, so as to ensure that users always have guidelines that reflect the organizations current technologies and needs.

a. Scheduled Review of Policy b. Procedures for Modification

7. LIMITATIONS OF LIABILITY

The final section offers a general statement of liability or a set of disclaimers. If an individual employee is caught conducting illegal activities with organizational equipment or assets, management does not want the organization to be held liable. In other words, if employees violate a company policy or any law using company technologies, the company will not protect them and the company is not liable for their actions, assuming that the violation is not known or sanctioned by management.

a. Statements of Liability

b. Other Disclaimers

Jules Ostin Sustainable Packaging, Inc. (JOSP) Mission Statement Jules Ostin Sustainable Packaging, Inc strives to provide eco-friendly and sustainable packaging solutions to its business customers to help satisfy their need of marketing their products in environment friendly packaging without sacrificing cost effectiveness. Our Goal is to provide best quality products and customer service, while serving the environment with a focus on quality and minimizing cost. We aim to foster life-long partnerships with our customers and our employees, helping both of them feel proud about serving the environment without sacrificing market competitiveness. We aim to prove that dedication to a clean environment is not only good for mother nature but is also good for business. We want to help our customers provide best quality and unique ways to market and package their products without sacrificing their green goals. We value our employees that build pride and strive to creating a strong positive working environment and company spirit. History JOSP was established by its founder Jules Ostin to prove that good environment is good for business. She got her head start in the corporate world as a strategy consultant at one of the first electric vehicle companies and worked closely with its founder to build it into a multi-billiondollar firm with market capitalization dwarfing the other players in the car industry. It taught her an important lesson that what's good for environment can be good for business as well. From there she founded another company which provided electric car batteries as a service helping reduce car charging times by just switching car batteries and saving customers from spending hours at the charging stations. Her firm was acquired by a private equity firm, and she cashed out at the right time as industry saw several larger players enter in a small market. During her visit to a self-sustaining plastic collection center at an ocean in South-East Asia while on a holiday, she was aghast by plastics at the river mouths and at oceans and wondered if that plastic can be harnessed into sustainable packaging. Where other people saw unsolvable problems, she saw opportunities. She also saw first-hand a factory where clothes donated by people or collected from trash were turned into thread, albeit of cheaper quality for clothing purposes, but can be used for sustainable packaging. There was a clear need of design for modern packaging solutions. She put her team of designers to work and quickly came up with clothes and plastic based sustainable packaging solutions. But to have an industry impact her team needed scale. She worked with her friend at a major Private equity firm and her team went out and acquired a boutique recycled paper-based packaging solutions company which had 5 regional stores and a corporate head quarter serving as central design, shipping and receiving hub and a fleet of 20 delivery trucks and most importantly a strong relationship with its customers. Jules has an MBA and a BSBA in Entrepreneurship, with a minor in IT from the Atlantis University of Technology. Jules's first order of business was to update the almost obsolete IT infrastructure and telephony systems in all stores and the corporate headquarters of this company. Her next task is to improve the information security of the corporate headquarters. Executive Staff The current CEO, Jules Ostin, oversees all operations at corporate headquarters and all 5 regional stores. The managers of the regional stores actually report to the COO, who reports to the CEO. The current CFO, Juan Mata, oversees all financial operations at corporate headquarters and all 5 regional stores. The Senior Accountant reports directly to the CFO. The Current COO, David Silva, oversees all corporate and branch operations, including sales, procurements and distribution. The managers of all 5 stores report to the COO, as does the Managers of Design/ Purchasing, Sales, Distribution, HR and IT. Corporate Organization Chart Corporate Headquarters Physical Plant JOSP Corporate Headquarters Floor Plan JOSP Data Center/Server Room (Room 127) Two full-height (42U), floor-standing racks inside the center currently each hold a 3000VA UPS and 6-8 rackmount servers (described below), plus switches for the 1GbE Cat6-backbone network and several shelves of routers, wireless controllers, spare drives and so on. The room is independently climate controlled and on its own 9000VA UPS that also powers half a dozen office systems and switches around the floor in case of a power outage. Current server applications installed and running as infrastructure: Unless otherwise specified, all servers are Dell PowerEdge R6xx Rack-mounted servers. Rack 1: 1. Windows 2012 Server A - Active Directory Service and AD SQL DB 2. Windows 2012 Server B - Primary Domain Name Service and DNS SQL DB 3. Windows 2012 Server C - Exchange 2013 email server and Email DB 4. Windows 2012 Server D - Traverse Accounting Software and Accounting SQL DB 5. Windows 2012 Server E - Traverse Distribution Software and Distribution SQL DB 6. Windows 2012 Server F - Traverse ERP Software and ERP SQL DB 7. Dell Storage NX 3xxx 1 - Network Attached Storage (NAS) \#1 - Runs Windows 2012 R2 multi-terabyte data backup capability for Rack 1 servers' databases. In CC/IRM this is referred to as a "Disk Array". 8. Dell Switch A 9. APC UPS A Rack 2: 1. Windows 2012 Server G - Office 365 Server and Office DB (contains Office 365 files and images) - web-based office productivity software used on employee systems. 2. Windows 2012 Server H - Internet Information Server \#1 for Intranet support - stores own web and document data. Used for internal forums, wiki's and policy document management. 3. Windows 2012 Server I - Optimum HRIS and HRIS DB 4. Windows 2012 Server K - Internet Information Server \#2 used with Forefront TMG and IIS-FTMGDB - used to provide web filtering and proxy services - has own Intranet DB. 5. Windows 2012 Server K - SupportIT and SIT DB - used by IT department to manage systems configuration, updates, and helpdesk tickets. 6. Dell Storage NX 3xxx 2 - Network Attached Storage (NAS) \#2 - Runs Windows 2012 R2 multi-terabyte data backup capability used as an onsite daily backup for all Rack 2 servers' databases. In CC/IRM this is referred to as a "Disk Array". 7. Dell Switch B 8. APC UPS B All Servers (including both NAS) are backed up weekly to a Cloud-based backup service (iDrive.com which provides a deep educational discount). In CC/IRM this is referred to as "Software-as-a-Service". All data and databases in Rack 2 backed up daily to NAS\#2. All systems backed up weekly to online backup service (SaaS). Traverse Accounting Software provides the following applications: - General Ledger - Accounts Payable - Accounts Receivable - Payroll (Employee Distributions) - Banking - Bank Reconciliation - Fixed Assets Traverse Distribution Software provides the following applications: - Inventory - Bill of Materials/Kitting - Purchase Order - Sales Order - Warehouse Management - Requirements Planning Traverse ERP Software provides the following applications: - Web Portals (Ecommerce site) - Customer Relationship Management Optimum HRIS provides the following applications - Payroll Management (exports to Traverse for Payroll processing) - Human Resources - Time \& Attendance (exports to Traverse for Payroll processing) Current JOSP does not have any formal information security policies, plans or staff. All data and databases in Rack 1 backed up daily to NAS\#1. Jules Ostin Sustainable Packaging, Inc. (JOSP) Mission Statement Jules Ostin Sustainable Packaging, Inc strives to provide eco-friendly and sustainable packaging solutions to its business customers to help satisfy their need of marketing their products in environment friendly packaging without sacrificing cost effectiveness. Our Goal is to provide best quality products and customer service, while serving the environment with a focus on quality and minimizing cost. We aim to foster life-long partnerships with our customers and our employees, helping both of them feel proud about serving the environment without sacrificing market competitiveness. We aim to prove that dedication to a clean environment is not only good for mother nature but is also good for business. We want to help our customers provide best quality and unique ways to market and package their products without sacrificing their green goals. We value our employees that build pride and strive to creating a strong positive working environment and company spirit. History JOSP was established by its founder Jules Ostin to prove that good environment is good for business. She got her head start in the corporate world as a strategy consultant at one of the first electric vehicle companies and worked closely with its founder to build it into a multi-billiondollar firm with market capitalization dwarfing the other players in the car industry. It taught her an important lesson that what's good for environment can be good for business as well. From there she founded another company which provided electric car batteries as a service helping reduce car charging times by just switching car batteries and saving customers from spending hours at the charging stations. Her firm was acquired by a private equity firm, and she cashed out at the right time as industry saw several larger players enter in a small market. During her visit to a self-sustaining plastic collection center at an ocean in South-East Asia while on a holiday, she was aghast by plastics at the river mouths and at oceans and wondered if that plastic can be harnessed into sustainable packaging. Where other people saw unsolvable problems, she saw opportunities. She also saw first-hand a factory where clothes donated by people or collected from trash were turned into thread, albeit of cheaper quality for clothing purposes, but can be used for sustainable packaging. There was a clear need of design for modern packaging solutions. She put her team of designers to work and quickly came up with clothes and plastic based sustainable packaging solutions. But to have an industry impact her team needed scale. She worked with her friend at a major Private equity firm and her team went out and acquired a boutique recycled paper-based packaging solutions company which had 5 regional stores and a corporate head quarter serving as central design, shipping and receiving hub and a fleet of 20 delivery trucks and most importantly a strong relationship with its customers. Jules has an MBA and a BSBA in Entrepreneurship, with a minor in IT from the Atlantis University of Technology. Jules's first order of business was to update the almost obsolete IT infrastructure and telephony systems in all stores and the corporate headquarters of this company. Her next task is to improve the information security of the corporate headquarters. Executive Staff The current CEO, Jules Ostin, oversees all operations at corporate headquarters and all 5 regional stores. The managers of the regional stores actually report to the COO, who reports to the CEO. The current CFO, Juan Mata, oversees all financial operations at corporate headquarters and all 5 regional stores. The Senior Accountant reports directly to the CFO. The Current COO, David Silva, oversees all corporate and branch operations, including sales, procurements and distribution. The managers of all 5 stores report to the COO, as does the Managers of Design/ Purchasing, Sales, Distribution, HR and IT. Corporate Organization Chart Corporate Headquarters Physical Plant JOSP Corporate Headquarters Floor Plan JOSP Data Center/Server Room (Room 127) Two full-height (42U), floor-standing racks inside the center currently each hold a 3000VA UPS and 6-8 rackmount servers (described below), plus switches for the 1GbE Cat6-backbone network and several shelves of routers, wireless controllers, spare drives and so on. The room is independently climate controlled and on its own 9000VA UPS that also powers half a dozen office systems and switches around the floor in case of a power outage. Current server applications installed and running as infrastructure: Unless otherwise specified, all servers are Dell PowerEdge R6xx Rack-mounted servers. Rack 1: 1. Windows 2012 Server A - Active Directory Service and AD SQL DB 2. Windows 2012 Server B - Primary Domain Name Service and DNS SQL DB 3. Windows 2012 Server C - Exchange 2013 email server and Email DB 4. Windows 2012 Server D - Traverse Accounting Software and Accounting SQL DB 5. Windows 2012 Server E - Traverse Distribution Software and Distribution SQL DB 6. Windows 2012 Server F - Traverse ERP Software and ERP SQL DB 7. Dell Storage NX 3xxx 1 - Network Attached Storage (NAS) \#1 - Runs Windows 2012 R2 multi-terabyte data backup capability for Rack 1 servers' databases. In CC/IRM this is referred to as a "Disk Array". 8. Dell Switch A 9. APC UPS A Rack 2: 1. Windows 2012 Server G - Office 365 Server and Office DB (contains Office 365 files and images) - web-based office productivity software used on employee systems. 2. Windows 2012 Server H - Internet Information Server \#1 for Intranet support - stores own web and document data. Used for internal forums, wiki's and policy document management. 3. Windows 2012 Server I - Optimum HRIS and HRIS DB 4. Windows 2012 Server K - Internet Information Server \#2 used with Forefront TMG and IIS-FTMGDB - used to provide web filtering and proxy services - has own Intranet DB. 5. Windows 2012 Server K - SupportIT and SIT DB - used by IT department to manage systems configuration, updates, and helpdesk tickets. 6. Dell Storage NX 3xxx 2 - Network Attached Storage (NAS) \#2 - Runs Windows 2012 R2 multi-terabyte data backup capability used as an onsite daily backup for all Rack 2 servers' databases. In CC/IRM this is referred to as a "Disk Array". 7. Dell Switch B 8. APC UPS B All Servers (including both NAS) are backed up weekly to a Cloud-based backup service (iDrive.com which provides a deep educational discount). In CC/IRM this is referred to as "Software-as-a-Service". All data and databases in Rack 2 backed up daily to NAS\#2. All systems backed up weekly to online backup service (SaaS). Traverse Accounting Software provides the following applications: - General Ledger - Accounts Payable - Accounts Receivable - Payroll (Employee Distributions) - Banking - Bank Reconciliation - Fixed Assets Traverse Distribution Software provides the following applications: - Inventory - Bill of Materials/Kitting - Purchase Order - Sales Order - Warehouse Management - Requirements Planning Traverse ERP Software provides the following applications: - Web Portals (Ecommerce site) - Customer Relationship Management Optimum HRIS provides the following applications - Payroll Management (exports to Traverse for Payroll processing) - Human Resources - Time \& Attendance (exports to Traverse for Payroll processing) Current JOSP does not have any formal information security policies, plans or staff. All data and databases in Rack 1 backed up daily to NAS\#1