ISOL631 Operations Security

Overview

The purpose of this policy is to establish procedural requirements, administrative direction and technical guidance for ensuring protection in MobileIron Company, USA related to computer networks (MobileIron – The Leader in Enterprise Mobility Management | MobileIron, 2017).

Scope

This policy is applicable to all employees and staff members who have access to MobileIron Company computer networks (Stallings and Tahiliani, 2014). This policy is also applicable for all computer data and communication systems of high management level people of the company. The scope of this policy is to provide security to all departments of the company. The policy is associated with Information Security Standards and Guidelines. The policy have been approved by Government Chief Information officer that ensures its eligibility to be implemented in this company.

Policy

The security measures involved in an organization refers to granting secure access to others in the network. This policy has helped MobileIron Company to restrict authorized access of third party to computer networks of the company, avoiding duplication, diversion, disclosure, loss and misuse of data and information of the company (Ashley, Lee & Williams, 2017). In this context, the company have a sensible implementation strategy of this policy in environment of the company.

This policy contains guidelines for implementing this policy in various operations of the company. Various security protocols are provided in a policy that refers to change protocols within every 30 days. Therefore, all security protocols of the company will be refreshed and changed after every 30 days. Therefore, security of data and information of employees and other staffs are secured within this security policy. This policy has des with various operations of the company including administration and recruitment. The data and information of new candidates are safely stored within this policy (Valenza et al., 2017). Guidelines regarding help desk procedure for helping other task and technical controls of the system has been provided in the policy. The information security framework provide proper guidelines to fulfill goals and objectives of the company in the market. This policy provide confidentiality, integrity and availability of data and information in the company.

Compliance Measurement

The Chief Information Officer (CIO) is responsible for implementing, maintaining, administrating and monitoring security policies, guidelines and standards of the company. The responsibilities and duties of CIO is to maintain employee’s duty, provide specific guidance and authority to the security policy of MobileIron Company. The department have to perform risk assessment, preparing plans and strategies for providing security to data and information (Singhal & Ou, 2017). Risk assessment helps in identifying an analyzing those risks involved in the company. The Security Manager is responsible for investigating different network security components and compromises or problems.

Users are responsible for maintaining this policy in the company. Employees and other staffs of the MobileIron Company have to properly define network security policy to members in the team and properly implement this policy in their work. In case of any security vulnerabilities and violations of policy, they are responsible to report to the Chief Information officer of company (Gelpi, 2017).

Definitions, Related Standards, and Policies

MobileIron Company have been obliged to protect intellectual property and personal information of various employees and staffs. Passwords are provided to every access in the network that helps in providing security to data and information. The policy describes about guidelines for choosing passwords for users. Password must be at least 8 characters long and containing complex combination of alphabets, characters and symbols. The password will be changed ad refreshed after every 30 days that help in providing a strong security measures for securing data and information (Czyz et al., 2016). Passwords are stored digitally and not readable by any unauthorized person. The logon process for connecting in network of MobileIron computer systems have to register in the portal user to log on, providing prompts as needed. Private information related to the organization including managing computer, computer operating system, network configuration and other internal matters might not be provided until a user has successfully acomolished both a valid user ID and a valid password.

Exception

Exceptions are made in the policy for taking immediate actions in emergency cases occurred due to both external and internal factors. The exception in the use of illegal activities in the network of the company causes violation of policies (Valenza et al., 2017). Any type of unauthorized use of the systems and networks of the MobileIron Company creates exception in policy.

References

Ashley, P. A., Lee, C. T., & Williams, R. B. (2017). U.S. Patent No. 9,654,513. Washington, DC: U.S. Patent and Trademark Office.

Gelpi, C. (2017). Democracies in Conflict: The Role of Public Opinion, Political Parties, and the Press in Shaping Security Policy. Journal of Conflict Resolution, 61(9), 1925-1949.

Singhal, A., & Ou, X. (2017). Security risk analysis of enterprise networks using probabilistic attack graphs. In Network Security Metrics (pp. 53-73). Springer, Cham.

Stallings, W. and Tahiliani, M.P., 2014. Cryptography and network security: principles and practice (Vol. 6). London: Pearso

Valenza, F., Su, T., Spinoso, S., Lioy, A., Sisto, R., & Vallini, M. (2017). A formal approach for network security policy validation. Journal of wireless mobile networks, ubiquitous computing and dependable applications.

MobileIron – The Leader in Enterprise Mobility Management | MobileIron. (2017). Mobileiron.com. Retrieved 7 December 2017, from https://www.mobileiron.com/en/company/company-overview

Czyz, J., Luckie, M. J., Allman, M., & Bailey, M. (2016, February). Don't Forget to Lock the Back Door! A Characterization of IPv6 Network Security Policy. In NDSS.