STANDARD INSTALLATION DIVISION PERSONNEL SYSTEM (SIDPERS) SECURITY PLAN
Gladys Turnbull
Submitted to: Professor Kevin Reynolds
SEC 574 Database Security
Keller Graduate School of Management
Submitted: 22 August 2012
Abstract: SIDPERS Security Plan developed for the Virgin Islands National Guard is procedural protection of this highly sensitive database holding the personnel records of over 960 active service members and over 10,000 retirees’ skeleton military personnel records. It is with great err on caution that we recommend and enforce the highest level of tiered defense in depth security measure to maintain the confidentiality, integrity and accessibility of this data; because we know its’ compromise and/or loss will reap
…show more content…
Other security elements are in reference to data recovery, database administration, handling a breach in security and administrative security policies such as access procedure, employee transfer and excessive user access. As I assume the role of the chief security officer, database designer, database administrator, and chief applications designer this project is very important to the armed services and the Virgin Islands National Guard as we strive to provide global security. II. Architecture and Operating System Considerations
SIDPERS Architecture
The database runs on the Oracle 11g platform and the CIO has task me to prepare a responsive database security plan. If personnel data is compromise identity theft can ensue and millions of dollars will be lost in repairing the wronged individual and rebuilding soldiers’ confidence in Department of Defense commitment to protecting their private information. It is not just the soldier information stored here but every dependent information and legal responsibility of single soldiers. The Standard Installation Division Personnel System Version 3 (SIDPERS-3) is a Standard Army Management Information System developed in 1991 with more automated personnel actions than ever before. The system consists of a relational data base, application software written in Ada, and a hardware suite. The hardware architecture is a host-based design with a
There is a mess of servers, switches, switches, and inward equipment firewalls. Each of the association's areas is working with diverse data advances and foundation IT frameworks, provisions, and databases. Different levels of IT security and access administration have been actualized and inserted inside their individual areas. The data engineering framework is maturing and numerous areas are running on antiquated fittings and programming. Additionally, the framework is woefully out-of-dated regarding fixes and overhauls which significantly expand the danger to the arrange as far as classifiedness, trustworthiness, and accessibility.
The purpose of this paper is to review State of Maryland information security program documentation and to determine the security standards used to create the program in order to protect confidentiality, integrity and availability of agency operations, organizational assets or individuals which is the main agenda of State of Maryland Department of information technology. We will also discuss about other standards that can be useful for the State of Maryland Information technology and compare and contrast the standards.
Harris, S. (2006, November 5). Developing an information security program using SABSA, ISO 17799. Retrieved September 19th, 2015, from
Due to the lack in data security elements, the following recommendations are suggested: strategy and risk assessment. Overall data security begins with the identification of risks and the strategy on the solution to those risks. This can be accomplished through a Strength Opportunities, and Threats (SWOT) analysis. Strengths and weaknesses are derived from internal factors, such as employees, while opportunities and threats are derived from external factors, such as hackers (Value Based Management, 2011).
Miller Inc. which is in the business of providing data collection and analytics services relies majorly on network security to keep its competitive advantage. This is because the customers that rely on the company's system trust that since there are sufficient security measures that have been ensured, they can store their data securely. Each of the functional models of the system should have sufficient security measures to ensure that complete security of the whole system architecture is achieved. The three functional modules are the backend module, services or operation module and customer access module. The major relationship between infrastructure and security comes in the role they play to ensure that the end user gets the data that they need when they need it and in the best way possible. Therefore for the three modules, there is a need to balance security with the right infrastructure.
Managing data resources effectively and efficiently is the third major concept in this case. No information policy has been established to specify the rules for 1. sharing, 2. disseminating, 3. acquiring, 4. standardizing, 5. classifying, and 6. inventorying information. Data administration seems to be poor. Data governance that would help the organizations manage the availability, usability, integrity, and security of the data seems to be missing. It would help increase the privacy, security, data quality, and compliance with government regulations. Lastly, data quality audits and data cleansing are desperately needed to decrease the number of inconsistent record counts, duplicate records, and records that lacked data fields or had unclear sources for the data.
Cincom Systems is a global provider of enterprise software for many of the world's largest manufacturers and defense contractors. Their approach to defining an IT Security Plan is defined in this document as is the definition of their Disaster Recovery Plan (DRP). As Cincom is a global leader in the development and implementation of enterprise software, the focus of this IT Security Plan details how to best secure and protect not only their core intellectual property (IP) but that of their customers as well, many of which are government agencies headquartered both in the U.S. and throughout the world. The most effective IT Security Plans and Policies both support and streamline the attainment of corporate objectives over time (Johnson, 2011). Information security is crucial for the overall development of an effective strategic plan as well, concentrating on how enterprise systems can be extended, enhanced while also better aligned to the specific needs of global expansion in a business (Merkow, Breithaupt, 2006). As Cincom operates in 17 different nations and continually invests in new application development to support many foreign governments' information systems and defense-related needs, there is a corresponding increase in the level of security its systems must also deliver. The intent of this analysis is to define how Cincom can become more effective in managing potential threats, and also how it can use a
Creating and sustaining a competitive advantage in the enterprise software industry requires a myriad of processes, systems and people all orchestrated toward delivering a steady foundation of new technologies. Protecting the current and evolving future technologies, the core intellectual property of a software company, requires an enterprise-wide security strategy (Dutta, Roy, 2008). Cincom Systems, a leader in the development of enterprise software for the complex enterprise, has developed an enterprise-wide series of security strategies that encompass people, processes, hardware, software, hardware and databases. While Cincom has literally hundreds of information systems assets, the most critical to the function of the enterprise have been included in the Asset Inventory and Risk Assessment Table shown at the beginning of this analysis. The assets in the table have been divided into the categories of people, processes, software, hardware and databases. These five categories represent the most critically important areas of the company, in addition to defining the foundations of the enterprise security management strategy (Nnolim, 2007). Each of these five fundamental areas of the company's security strategy is defined in this analysis, including an assessment of how well the integration aspects of their systems are managed from a security standpoint.
Special Operations Security Solutions has developed a physical security plan at the request of a managing business partner. This Physical Security plan was developed for the safeguarding of information requiring protection in the interests of national security. It primarily pertains to classified national security information, now known as classified information, but also addresses controlled unclassified information, to include for official use only and sensitive but unclassified. The parameters provided are as follows.
This assessment checks for system vulnerabilities influencing, confidentiality, integrity, and the availability of the system. The methods used involved management, operational, and technical controls. The IT security system management team was heavily involved, as well as the operational team that implemented the security mechanisms that took place.
Every part of the given task will incorporate abridging every section of the book named Database Security, 1st Edition, Alfred Basta; Melissa Zgola,Copyright 2012, Cengage Technology on data security which will offer us some assistance with building a manual for arrangements and methodology for keeping the database secured. The center of this task will be on section one which worries about security of data frameworks. The target of this paper is to make report in view of the discoveries online and how it relates with the substance said in the book. Looking into how national trade data model aides in database security is something which will likewise be talked about in this paper. This task gives true experience of really building a manual which can be useful amid emergency, moreover it will likewise offer us some assistance with applying abilities and demonstrate ways how progression in innovation can have a colossal effect.
The purpose of this publication is to provide the federal government with recommendations and instructions for contingency planning of the information system. The target audience includes managers, Chief Information Officers (CIOs), Senior Agency Information Security Officers (SAISOs), Information System Security Officers/Managers (ISSOs/ISSMs), system engineers and architects, and system administrators. While the concepts are specific to government systems, it may also be used by private and commercial organizations. Special Publication 800-53 and requirements from FIPS 199 are integrated throughout the guideline. Special Publication 800-84 guidelines on designing, developing, conducting, and evaluating test, training, and exercise
Successful security plans include evaluation of data sensitivity, integrity, confidentiality, and date availability. System confidentiality assures that all data in the system is protected from disclosure to unauthorized processes, people, or devices. System integrity insures that company’s data is protected from unanticipated/unauthorized, or unintentional destruction (or modification). System availability provides assurance that data, services, and IT system resources are accessible to all system-related processes and authorized users on a reliable and timely basis, while protected from denial of service (Assessing the Security of Federal IT Systems, 2007).
A sophisticated information security plan defines the goals of the information system of a business and sketches a technique to attain these described goals. On the other hand, an information system without security plans may very well be a disjoint bunch of countermeasures that deal with a variety of threats. Data systems security policies, then, can sometimes be used to aid integrate the a variety of aspects of an organization to attain enterprise goals.
Building a solid foundation for good security requires an IT infrastructure and operating culture that not only safeguards data and minimizes risk, but helps make the business more agile, responsive and transparent. The challenge is striking the right balance between protection, cost and user flexibility. For security teams, a good starting point is to mitigate risk wherever possible. Following some best practice guidelines can help.