Security policy

Security policy Develop and submit before the deadline, a basic written security policy documenting a business’ end user requirements for network security as it applies to inbound/outbound network communications at the firewall. This document is not to be a list of ACLs. Your policy should include a short introduction of the business, at least 7 individual policy statements that can be implemented at the firewall, and 3 policy statements where you feel the risk is acceptable and will not be implemented, make sure to include a description of what can happen by not implementing the rule along with your estimate of Annualized Loss Expectancy (ALE) for accepting each risk. Consider yourself just hired at Acme, Inc.’s to start up their Information Assurance team. Acme, Inc. is a startup company that has on-line storefront with: *5 employees who have web access, which management thinks spends too much time on Instagram, and is not sure if they spend too much time on Facebook, The company has a Facebook site, but only one person in marketing is authorized by management to access, respond, and update it. All other personal access to social media is not allowed per the company handbook. *Publicly-facing web server in a DMZ that contains the customer catalog and is accessed from the internal network via SSH for catalog updates, there is no on-line ordering at this point *End users use a NAT’d IP range of 192.168.1.0/24 inside the network, the DMZ is static IPs with a IP address range of 192.168.20.0/24 and has an one external IP address of 1.2.3.4 *On-going Denial of Service attempts flood the firewall with Ping requests