Communication Policy Procedure Guide
Learning Objectives and Outcomes
Develop a procedure guide that tests the effectiveness of current security controls and satisfies an organizaiton’s communications policy.
Carrying forward the scenario of Ken 7 Windows Limited, let’s assume that Ken 7 Windows Limited has completed the implementation of the new enterprise resource planning (ERP) software. The planning functions involve transmitting information that would be valuable to competitors, such as cost, pricing, and manufacturing information. Since planning functions involve sensitive information, Ken 7 Windows Limited created the following policy:
“To protect planning-related information from leaking outside Ken 7 Windows Limited domain, all ERP planning functions must require secure connections from the client’s Web browser to the Ken 7 internal Web server. No other connections, except from the internal Ken 7 Web server, will be allowed to the ERP application server for planning functions.”
Based on the above information, you need to develop a procedure guide that tests the effectiveness of the current security controls. The following tasks are to be completed to develop this guide:
- List the steps necessary to validate that the current controls for your Web server and application satisfy the stated policy. Each step should contain three parts:
- Action: the action to take
- Result: the observed result of the action
- Interpretation: what the result means
For this assignment, you can assume that the ERP software is located at the following fictitious URL:https://www.abcwindows.internal.com/erpplanning.aspx
Use the following table to list the steps. The first two actions and results are provided as examples for you. You may need more or fewer table entries than those shown below:
Make sure that the steps you list in the above table verify the following conditions:
- Does the Web server allow only secure connections? (hint: try using “http”)
- Do any other Web servers (not internal) allow you to run the ERP planning software? (hint: try another server, such as www.abcwindows.com)
- Describe the process for a new client computer to gain access to the ERP planning functions.
Compile the results from the above two tasks in a procedure guide that tests the effectiveness of the current security controls.
- Text Sheet: Case Scenario for Rationale: Importance of Windows Access Control and Authentication (ts_accesscontrol)
- Format: Microsoft Word
- Font: Arial, 12-Point, Double-Space
- Citation Style: Follow your school’s preferred style guide
- Length: 2–3 pages
- I have explained secure connection and its establishment requirements.
- I have provided a proper rationale while giving the sequence of steps that will verify whether or not the controls are working to require secure connections.