Security policies and Best Security Practices
JP Morgan

For this week’s contribution to the overall project, collaborate and discuss with the team’s Security Specialist about the security and privacy of the software and hardware solution for Verbania. Provide best security practices and guidelines to implement and follow, as well as the creation of formal security policies and a security plan. Include the following policies in your IT security policy:
• Disaster recovery
• Password creation and protection
• Remote access
• Routers and switches security
• Wireless communication
• Server security
• Acceptable encryption
• E-mail
Consider the overall project solution (hardware and software) relative to security. Create and submit a 3–4-page Word document defining your recommendations concerning security. Be sure to articulate reasons for specific choices. Include in your document an explanation about the relationship between the IT security policy and the chosen security mechanisms for your overall solution. Be prepared to discuss your thoughts with the team’s Security Specialist.
Security policies and Best Security Practices
Organization safety of hardware and software resources is a vital aspect that needs to be observed and maintained at all time. Insecurity in an organization leaves it vulnerable and poses a threat to prosperity and continuation of a business. A sensitive organization such as financial institution need to safeguard itself from security issues thus creating customer confidence. Equally important, the organization hires security specialists to enhance privacy and security solutions and strategies for the software and hardware resources. In this case, the security specialists use guidelines and best practices to advance their security goals and objectives. It is vital to note, that insecurity in the hardware and software infrastructure of an organization can lead to irredeemable loss thus calling for countermeasures to prevent insecurity incidences. Security specialist develops IT security policies incorporating formal security plans, security policies coupled with best security practices and guidelines to ensure the hardware and software infrastructure are safe and secure.
Disaster recovery
To start with, the issue of disaster discovery is covered in the security policies of organizations. Disaster recovery entails the security planning that aims to protect the company from the effects of significant events (Whitman and Mattord, 2011). In this case, disaster recovery enables an organization to resume its operations after a disaster or security issue strikes. The security entails the process as well as aspects to consider in restoring an organization former position before the strike. The idea behind disaster recovery is to enable the IT department to recover system functionality and enough data to operate the business. The disaster recovery plan becomes complete as per the security policy by considering the vital elements of recovery. The vital elements include making proper communication plan and adhering to role assignments, planning recovery tools and equipment, developing a data continuity system, ensuring the backup continues to run, having a detailed asset recovery and service restoration plan. Therefore, disaster recovery ensures that an organization is able to resume its activities.
Password creation and protection
Password creation and protection is a significant part of an IT security to ensure that access to the systems and use of hardware is regulated and only accessed by the authorized parties (Whitman and Mattord, 2011). Creation of strong passwords protects an organization from identity theft. The security policy, in this case, gives a guideline on the creation of effective and strong passwords as well as ways of safeguarding them. The password should be protected from landing on wrong hands. The security policy on the creation of password includes the creation of a strong and random password, avoiding using dictionary words, using memory techniques such as password manager to recall passwords, adhering to password security measures and enabling two-factor authentication. The password is created and safeguarded to ensure that the hardware and software infrastructure is only accessed to the authorized parties.
Remote Access
The remote access entails the capability to access a network or a computer remotely via a network connection (Whitman and Mattord, 2011). In this case, the users of an organization can access systems they need when they are not physically able to connect directly. The users use internet connection and telecommunication to access their systems. In this case, the security policy guards the remote accesses against being misused by unauthorized parties. The security policies and best practices to regulate the remote access include assuming that the system is prone to threats and being ready for them, creating remote access policy defining telework, configuring remote access servers to enforce policies, securing the telework client devices against common threats, and creating strong encryption for remote access. The best practices and security policies ensure that the users of remote access are authorized such that no third parties can access the system or the network.
Routers and switches security
Routers and switches are the primary targets for information leaking and hacking and thus they should be addressed under the security policy (Alberts and Dorofee, 2002). In this case, the switches and routers need to be protected from being tampered with. Therefore, the bests practices and security policies to protect the routers and switches include installing a user authentication, installing next Gen Firework to enhance greater network security, intrusion detection, intrusion prevention and installing port level filters and checks. The strategies and tactics to protect routers and switches ensure that they are not interfered with and they are safe and secure at all times.
Wireless communication
Wireless communication is the communication delivered and performed wirelessly thus subject to interruption and hacking (Alberts and Dorofee, 2002). In this case, communication between the two devices is connected using wireless communication. The wireless communication technologies Wireless Application Protocol (WAP) and Wireless Local Area Network (WLAN) are inherently insecure and thus specialist needs to adapt communication security best practices and security policies. In this case, the security policies and best practices entail maintaining secure web servers, maintaining digital certificates, and decreasing system complexity. Therefore, wireless communication is prone to security threats need to be protected through ensuring hackers do not interfere with the wireless network.

Server security
The server security is tasked with the protection and safeguarding of information and resources of an organization (Tipton and Nozaki, 2007). The security server is prone to threats that compromise the security of resources and data. In this case, the server security needs to be protected from hackers, intrusions and malicious actions. In regard, the security specialists need to adopt best practices and security policies such as good management practices, enhancing network firewall security, server hardening, adopting public key authentication, installing and configuring the CSF firewall, installing malware scanning software, installing mod security and monitoring logs. Therefore, servers need to be protected from intrusion or interference.
Acceptable encryption
Encryption entails encoding information or message such that only the authorized parties can access it (Tipton and Nozaki, 2007). The accepted encryption defines the standards and procedures that are vital in understanding encryption and appropriate information to abide by. Acceptable encryption gives guidance that limits the use of encryption and instead adopting algorithms that are very effective. The best practices under the acceptable encryption include using asymmetric cryptosystem, and proprietary encryption. The employees disregarding acceptable encryption are subject to termination and disciplinary action.
Emails are used to send written messages and documents from one point to another thus posing a threat exposing an organization (Tipton and Nozaki, 2007). Emails contain sensitive information and thus they should be protected against unauthorized access, compromise or loss. In this case, the best practices and security practices to protect email communication include removing executable contents from emails, implementing a secure email gateway and having an email encryption solution. The email should be protected to ensure that communications are secured and no interruptions experienced.
Protection of an organization software and hardware is critical to ensure that information is not lost, compromised or land on the wrong hands. Communication is an important aspect of an organization and thus information passed should be safe and secure. The protection of information, network and system are attained through adopting the best practices and security policy in the entire communication hardware and software. The security policies and best practices are developed by security specialists to ensure that information is only accessed by unauthorized parties.

Alberts, C. J., & Dorofee, A. (2002). Managing information security risks: the OCTAVE approach. Addison-Wesley Longman Publishing Co., Inc.
Al Mehairi, A., Zgheib, R., Abdellatif, T. M., & Conchon, E. (2023, January). Cyber Security Strategies While Safeguarding Information Systems in Public/Private Sectors. In Electronic Governance with Emerging Technologies: First International Conference, EGETC 2022, Tampico, Mexico, September 12–14, 2022, Revised Selected Papers (pp. 49-63). Cham: Springer Nature Switzerland.
Dash, B., & Ansari, M. F. (2022). An Effective Cybersecurity Awareness Training Model: First Defense of an Organizational Security Strategy. Int. Res. J. Eng. Technol.(IRJET), 9.
Tipton, H. F., & Nozaki, M. K. (2007). Information security management handbook. CRC press.
Whitman, M. E., & Mattord, H. J. (2011). Principles of information security. Cengage Learning.