Assignment version number: Version 0.1

Author: Ping Chen

Level of Difficulty: Moderate

Completion Time: 1 week

Progaramming involved: No

Objectives

In this project, students will study security policy.

1. Essential terms

Explain shortly following essential terms of computer security:

a.       availability

b.      autheticity

c.       integrity

d.      confidentiality (some might say privacy or security)

2. Company's security policy

You are the R&D Manager of the company. The company is medium-sized and operates on technical field. You may determine the company's exact line of business, the location of the office and other details yourself.

Develop the base of the security policy for the R&D unit. Answer shortly by the following guidelines. Stay at a general level in every section , don't give technical details.

1. Inventory of information: What kind of information we have? What is it worth of? Where does it come from, how is it stored, where it goes? Describe 3-4 different types of information.
2. Risk analysis: What kind of risks and threats are directed to our information and from whom they come? Describe 3-4 different types of risk, threat or party.
3. Basic principles: What kind of things have to be taken into consideration when designing the security of the whole unit? List the five most important things, in your opinion, and justify, why they in particular are the most important ones.
4. Theme: Making a new employee acquainted with the job: What kind of things about the security should be taught to a new employee? In what stage of the employment? Make a list of at least six points.
5. System: mail server Mail server of your unit takes care of all incoming and outgoing e-mails and stores users' e-mails. What kind of matters have to be taken into consideration for the security of this server?

Resources