3 page Information Security Paper
I need a 3 page no more than 4 (minimum of 800 words) written in APA format. Paper must be 100% original and will be checked in plagiarism checker for originality before final payment is made. The paper must have at least 3 references one of which must be the attached reference for McBride financial the virtual organization and the paper is to be based on their internet facing loan application. Attached is a word document containing all the fields the loan application.
This is the reference to loan application and McBride Financial that must be referenced in the paper:
Apollo Group, Inc. (2011). McBride Financial Services. https://ecampus.phoenix.edu/secure/aapd/cist/vop/Business/McBride/internet/application.html . Retrieved from CMGT/441 – Introduction to Information Systems Security Management.
The paper will be based on the security policy for McBride Financial Services (McBride is a virtual organization from UoP website.) Access to the website is not necessary.
Paper must take into address the concerns that come from the network security loopholes given the following information:
You must take into account the financial data an organization, like McBride Financial, will collect in order to process a loan application. **Please note that the application is on the Internet side, not the intranet side; however, with that said, the “loan processing” application(s) would be accessible on the intranet side. How should the data stream be protected? Where is the data stored? How is it protected? Will it survive a disaster scenario? Can just any Tom, Dick, and Mary Sue look at the data? Maybe the policy would dictate complex passwords, or use two-factor authentication? How is the data protected from casual viewers wandering through the building? Etc. etc. etc.
Just remember, the Security Policy is to be based on “perceived” (become aware of something; come to realize or understand) needs, like maybe there might be compliance issues (think Privacy Act) associated with the data? Additionally, remember this policy is written for the loan department, not the entire company. While portions of the loan department policy are directed from the company policy, for example, badging requirements, those requirements might have local (loan department) caveats. On the other hand, there are portions of the company policy that need not be addressed because they do not directly affect the loan department, for example, the corporate policy may dictate a physical barrier around the building with retractable bollards at the security gate. There is no need to re-address that in the departmental policy. Make sense?