You work for Security Consulting Associates (SCA).  Recently, one of your clients, ABC Software (ABC), located in Tampa

You work for Security Consulting Associates (SCA).  Recently, one of your clients, ABC Software (ABC), located in Tampa, FL, has called with a big problem.  Some of their network servers were compromised, resulting in the possible loss of personal information and credit card numbers of purchasers of the software products produced by the company.  It is not known at present whether this attack came from inside the company, or outside.  ABC is currently dealing with this problem as best they can, but they need your company to help them to prevent this from happening in the future.  Your manager has assigned this project to you, the new consultant.  In researching ABC, you find that the company has the following setup:

1. A wired network of 300 users segmented into the following departments
   1. Executive Management
   2. Research and Development
   3. Human Resources
   4. Sales and Marketing
   5. Purchasing and Billing
   6. Warehousing and Order Fulfillment
   7. Information Technology and Security
   8. Facilities Management
2. A wireless network available to all internal users, with a separate segment available for use by visitors and non-registered users
3. A Website used for Advertising, and Marketing with a secure section for ordering and payments
4. Remote Access capabilities for users working from home or on the road
5. A system of routers and switches and firewalls that protect the network from outside intrusions, and segment the network into subnets for each department
6. A demilitarized zone (DMZ) in the network which includes the Web Server and Email Server

Your research has also yielded the following information about ABC:

1. The key business processes include the following:
   1. The development of new programs including applications for business and gaming
      1. This process is core to the company’s success. It is extremely important that company secrets do not get out as the competition in the software and gaming industry is fierce.  A short outage in this area would not prove critical, but downtime of more than a couple of days could postpone the release of new or improved products
   2. The marketing of their products to business and personal users
      1. This process is crucial to the company’s success, but again, a short outage would not critically impact the company. But a lack of marketing lasting any more than a week could begin to adversely affect the bottom line.
   3. The online sales of their products to businesses and consumers
      1. It is of utmost importance that out online purchasing system is secure with a near 100% uptime rate. If there are security breaches, it will erode customer confidence in ordering online.  If there are web outages lasting any longer than a few minutes, customers may move on to another site to purchase competing products.
   4. The direct sales of their products to distributors and retail outlets
      1. Again, It is of utmost importance that the direct sales purchasing system is secure with a near 100% uptime rate. If there are security breaches in the customer database, it will erode customer confidence in ordering from ABC.  If there are database and/or ordering system outages lasting any longer than a few minutes, customers may lose confidence in the company in general, and salespeople in particular, when their orders cannot be placed
   5. The fulfillment of orders placed by businesses and consumers
      1. This system and database needs to be secure as well. Regarding uptime, the maximum tolerable outage is one day or less.  Customers can understand a slight delay due to technical issues, but any longer than that may result in them not ordering from ABC in the future.  Also, any downtime will result in fulfillment warehouse crews being paid for not working, which affects the bottom line.
   6. The billing of customers for purchase made via direct sales.
      1. Again, the maximum tolerable downtime for this system is one day or less. The longer it takes to bill customers, the longer it take to receive payment, and the less cash on hand for the business.
   7. The payment of salaries and commissions to employees and salespeople.

Employees and salespeople are paid twice each month – once on the 15^th, and once on the last day of the month. Missing a pay date can be disastrous for a company with regard to employee satisfaction and morale.  This system can never be down for more than one day, and never around the 15^th or last day of the month.  And since paystubs contain personal information such as social security numbers and year-to-date payroll information, data security is obviously a very high priority, as is data integrity.

1.   QUESTION
2.  Security policies
3. Using the templates and guidelines presented in the SANS Information Security Policy Templates General) at https://www.sans.org/security-resources/policies/ (Links to an external site.)create two sample security policies for ABC Software: One policy for Acceptable Use, and one for Email. Be sure to include sections for the following:
   • Overview
   • Purpose
   • Scope
   • Policy
   • Compliance/Enforcement