My notes on this paper: Our group was assigned with developing a security plan for a fictitious company. We were not to worry about budget, but were asked to be as comprehensive as possible in the given maximum paper length. This is not a research paper so there are no citations/references except a few exceptions where we quotes ideas from our professor for this project. I'd love to hear feedback from you so please post a comment, email or tweet me. --Glenn Ford
AMG Enterprise Security Plan
Glenn M. Ford, Aaron S. Cameron, Michael J. Park
UMBC at Shady Grove
AMG Enterprises is an American owned e-commerce company headquartered in Rockville, Maryland. As a company with sales in 22 countries, annual revenue of $61 million (U.S.) in 2012, 97 employees and patents and other intellectual property, AMG is under constant attack by criminals and other hackers. Protecting employees, facilities, equipment and data offers a myriad of challenges. The Confidentiality, Integrity and Availability (CIA) of AMG information is critical to the continuity of operations and to the trust placed in AMG by their customers and vendors. AMG has a comprehensive security plan and has implemented policies, procedures, countermeasures and the operational model of security to ensure the protection of all company assets, as it pertains to physical, network, operational, personal and wireless security. AMG’s headquarters was custom built with security as a top priority. AMG’s policies were drafted to ensure security throughout all aspects of operations. No expense has been spared in deploying countermeasures to meet all threats both now and in the foreseeable future.
As an ecommerce online business, AMG has an online reputation and brand recognition to maintain. If this reputation is tarnished company growth can be severely degraded. Our customers have complete confidence and assurance that AMG is providing quality products, customer service, and security of all client information.
At the center of this problem is protecting the CIA of AMG Enterprises assets. These assets include: online reputation; brand recognition, client and company information, buildings, inventory, hardware, proprietary software, personnel and overall organizations information technology (see Information Technology Organizational Chart, Appendix G, Figure 1). The cybersecurity threats of data breach and/or threats, denial-of-service (DOS) attacks, insider theft of intellectual property, deliberate corruption of electronic files from hacker attack or malicious attacks including worms and other means are all security problems this document hopes to solve with security policies, procedures and standards and the Countermeasure Triangle (The People, Policy, Technology Triangle; see Appendix H, Figure 2).