Running head: COMPANY SECURITY CULTURE 1

Creating a Company Culture for Security Design Documentation

Name

Institution

Date
COMPANY SECURITY CULTURE 2

Culture of Security Design

Authentication: can be achieved by incorporating special biometrics, user-ids and

passwords, using social signs and others. Authentication helps verify system users and grant

them permission. Authentication process using this technique works by prompting user to enter

their credentials, which is then sent to the server for matching to grant access to a user. Since

password cracking is common a one-time password can always be used with added network

administrator on the system (Cranor & Garfinkel, 2015).

External Website Security: is critical in protecting website/ network from hackers and

for any security breach. Use of firewall, achieving access controls, as well as using Model View

Control (MVC) to achieve varying views for various system users is recommendable. Relatively,

encryption, using SSL certificates, having on standby network monitoring teams, as well as

security plugins, and backup tools and techniques is critical for disaster recovery (Koh et al.,

2015).

The Internal Website Security: helps detect IP address for users in a system and ensure

that users are provided with login ids and passwords for authentication. Such use of authorization

will only privilege authentic users’ access and use in the website. Enhancing internal website

security also helps encrypt/ hide sensitive web pages, and achieve important IT policies to

protect the website and educate users on the site (Cranor & Garfinkel, 2015).

Remote Access Solution: provides a cost efficient and better security in conveniently

gaining access to remote machines located all over the world. Remote access enhances the

availability and portrays ease of management and can be deployed using RAS gateways, e.g.,

single and multi-tenant. The BGP, the Hyper-V network, and VPN can be deployed in providing
COMPANY SECURITY CULTURE 3

the remote access. Remote access is possible through simple configurations enabling users

manage access, and protect their assets, as well as to use remote desktop protocols and managing

of server sessions via remoteApp and use of both pooled and personal desktops (Koh et al.,

2015).

Firewall and Basic rules Recommendations: firewall is critical for traffic management

and in assuring website security. The rules are aimed to prevent SQL injections and XSS to

allow only specific kind of traffic. Therefore, the organization can develop access rules for IP

security, achieve certain IT policies, and implement internal use policies for firewall (Koh et al.,

2015).

The Wireless Security: WPA and even Wi-Fi is common among many organizations to

protect networks from malicious access. They enhance security using encryption technique and

only allow devices with password to connect (Cranor & Garfinkel, 2015).

VLAN Configurations Recomendations: is used in traffic filtering and for logical

division of a network. The VLAN can be configured for a web interface to secure network traffic

using the following two criteria, i.e., Switching => VLAN => Advanced => VLAN Membership

or even Switching => VLAN > Advanced => Port PVID Configuration (Koh et al., 2015).

Laptop Security Configuration: using VPN, laptop registration with MAC or vendor,

and using password are good options, as well as device level authentication, e.g., user name and

password (Cranor & Garfinkel, 2015).

Application Policy Recommendations: using cookies, access control, IT rules, social

media integrations, and generating of notifications are recommendable (Koh et al., 2015).
COMPANY SECURITY CULTURE 4

Security and Privacy Policy Recommendations: are policy criteria to execute in traffic

filtering and include IP spoofing user authentication, and other website-specific policies (Koh et

al., 2015).

Intrusion detection/ prevention on system containing customers’ data: IPS is

executed behind a firewall matching the incoming traffic against security policies. IDS goal is to

identify malicious traffic before it can proceed further into the network. It generates alerts and

notification so that the network monitoring team can look after the intrusion. In these cases use

of anomaly based detection is ideal for a system (Cranor & Garfinkel, 2015).
COMPANY SECURITY CULTURE 5

References

Cranor, L. F., & Garfinkel, S. (2015). Security and usability: designing secure systems that

people can use. " O'Reilly Media, Inc.".

Koh, K., Ruighaver, A. B., Maynard, S. B., & Ahmad, A. (2015, September). Security

Governance: Its Impact on Security Culture. In AISM (pp. 47-58).