Business continuity plan
Classic Catalogue Company should have steps to ensure that there is enough security to the computer networks and systems. A business continuity plan should be put in place to ensure continuous business processes. One plan that can be undertaken to ensure this is in place is to have disaster recovery plan and also have parallel operations. This will need the installation of a reserve system that will be engaged if there is disruption of business. Classic Catalogue Company can purchase a server and install the necessary information systems. In case there is disruption of services, the business processes will go on as planned. This is one aspect that should be considered.
Security control and policy
Another crucial factor is the user account management and group privileges. Some employees attempt to carry out actions that are not within their system privilege right. There should be a monitoring system that tracks and report such actions. For example, an employee who does not have the right to delete data, try to delete or alter some information in the system. The monitoring system should stop the action and notify the security officer. The security policy document should recommend severe punishment for an employee who engages in such a heinous act.
The security controls that should be put in place include installing network detection techniques. There are ways of building a secure network using the advanced technologies line Network Intrusion Detection Systems (NDIS) and how they are used to detect activities are not desirable in the network. This technology can give alerts to system administrators every time there is a suspected activity which is happening on the network. These alerts are made possible by the IDS which are placed strategically on the network. NDIS make use of the sensors within the network that are used to make the necessary alerts. Because our infrastructure is a switched one, we will then require that the NIDS sensors are configured in a special way so that they act as the monitoring port where all the traffic from the NIDS sensors is mirrored.
One example of a patching policy is that of vulnerability and threat assessment patching. With this patching policy, the security personnel will assess the system looking for security issues and holes after a given period of time.