Page # 1 of 11
C. Competitors could be launching an invisible, but effective attack which could be difficult to prove. If such an attack
disrupted customer service, destroyed some accounting data, it could be reduce customer confidence and help competitors increase their market share. D. It system have been under attack for decades now, but never before were so many computers net worked, never before have so many cheap automated information attack weapons been available to would be enemies. It is often impossible or very difficult to know if we are under attack and from whom. Recently many automated attack tools have appeared on the Internet, making it much easier for ignorant attackers to cause considerable damage. E. Virus development has continued at an alarming rate in the last few years, leaving few companies untouched. F. System interconnection increases security risks significantly.
Updated: Nov08
Page # 2 of 11
6. FOLLOWING TO BE FOLLOWED TO ENSURE SECURITY : Employees working with computer and in the network should be reliable and their proper verification should
be done before they made permanent as employee. No unauthorized person should be allowed to sit in computer. C-TPAT should be followed in the company. Terminated/resigned employees should not be allowed to sit in computer. Password should be changed monthly or as a when required. Password should be made mandatory for all users. Reliable operating system should be used such. Virus protection should be used. File /folder guard software should be used. Sharing of file / folder should be closed after completion of work Important file should be kept hidden Maintenance of the hardware should be done at regular interval.
Updated: Nov08
Page # 3 of 11
PREVENTIVE PHYSICAL CONTROLS Preventive physical controls are employed to prevent unauthorized personnel from entering computing facilities (i.e., locations housing computing resources, supporting utilities, computer hard copy, and input data media) and to help protect against natural disasters. Examples of these controls include:
Backup files and documentation. Fences. Security guards. Badge systems. Double door systems. Locks and keys. Backup power. Biometric access controls. Site selection. Fire extinguishers.
FENCES
Although fences around the perimeter of the building do not provide much protection against a determined intruder, they do establish a formal no trespassing line and can dissuade the simply curious person. Fences should have alarms or should be under continuous surveillance by guards, dogs, or TV monitors.
ANTIVIRUS SOFTWARE
Viruses have reached epidemic proportions throughout the micro computing world and can cause processing disruptions and loss of data as well as significant loss of productivity while cleanup is conducted. In addition, new viruses are emerging at an ever-increasing rate currently about one every 48 hours. It is recommended that antivirus software be installed on all microcomputers to detect, identify, isolate, and eradicate viruses. This software must be updated frequently to help fight new viruses. In addition, to help ensure that viruses are intercepted as early as possible, antivirus software should be kept active on a system, not used intermittently at the discretion of users.
Updated: Nov08
Page # 4 of 11
Updated: Nov08
Page # 5 of 11
Updated: Nov08
Page # 6 of 11
USER LIST
Updated: Nov08
Page # 7 of 11
USER POLICY
Updated: Nov08
Page # 8 of 11
CRISTAL REPORT
Updated: Nov08
Page # 9 of 11
Updated: Nov08
Page # 10 of 11
DESCRIPTION: 1. 2. 3. 4. 5. 6.
01 Server Computer. 05 Networks Personal Computers. 01 Pcs. Switch. 02 PC. For Closed Circuit Camera (With fourteen cameras). 04 Pcs. Printers. 02 Pcs. Scanners
OUR IT FACILITIES:
Our server operating system is using Windows Server 2003. 05 computers with network connectivity (LAN & Switch). 24hours online. Every individual machine is using XP (Windows Operating System). Every user has an individual Email Address. Our web server is maintains by IT. One Photocopier Machine. Every computer has UPS. Scanner Digital Camera Broadband LAN connectivity to all computers. This software also tells the system information & users details that the users do in office. Our IP are permanently blocked from other Network. So, nobody can access our network. Everyday check our system by IT. There are two backups in our System. Everyday Check the MRTG Graph by IT. Everyday Check the web services Log, Mail Log, Queue Log for security purpose. There are 14(Fourteen) Cameras now running in different places. They are: Camera 1 (Finishing-A Gate-1) Camera 2 (Sewing-A Gate-1) Camera 3 (Sewing-B Gate-2) Camera 4 (Sewing-A Gate-1) Camera 5 (Finished Goods Area) Camera 6 (Packing Area) Camera 7 (Finishing-A Gate-2) Camera 8 (Sewing-B Gate-1) Camera 9 (Loading Gate) Camera 10 (Finishing-B Gate-2) Camera 11 (Bonded warehouse) Camera 12 (Finishing-B Gate-1) Camera 13 (Inside Road) Camera 14 (Loading / Unloading)
Updated: Nov08
Page # 11 of 11
PROTECTION NEEDED
The type and relative importance of protection needed for the LAN/WAN must be considered when assessing risk. LAN and WAN systems and their applications need protection in the form of administrative, physical, and technical safeguards for reasons of confidentiality, integrity, and availability.
CONFIDENTIALITY
The system contains information that requires protection from unauthorized disclosure. Examples of confidentiality include the need for timed dissemination (e.g. the annual budget process), personal data covered by privacy laws, and proprietary business information.
08. CONCLUSION :
IT security cannot be overlooked in any way. To safeguard the important documents of our company we all are to follow our security policy. All the users and management of the company should understand the requirement of the policy and should be committed to follow for the greater interest of the company.
Prepared By
....................................
......................................
Abdul Mottaleb
Compliance Manager Sonia & Sweaters Ltd.
Mahamud Hasan
MIS & HR Executive
Updated: Nov08
Page # 12 of 11