remote access plan

The remote access strategy helps the organization's information technology staff to increase productivity by working from a remote location using virtual private networks and secure information infrastructure.

This plan is intended to ensure that Future Technologies Inc.'s information systems and communication routes are secure. This would preserve the organization's intellectual property and avoid any potential data loss.

This policy applies to Future Technologies Inc. employees and any company stakeholders who have access to the organization's computer and information systems. Each workstation or computer or computerized device that connects to the information system of Future Technologies must be secured in line with this access plan, before gaining access to the system. All the remote access must, therefore, be guaranteed.

Policy

The Information Technology departmental head of Future Technology Inc. has the mandate of training and granting remote access into the information systems of the organization to ensure that only the authorized staff members have access to the data of the company. Internet access within Future Technology Inc. premises or infrastructure shall be exclusively done in line with the business interest of the organization and not any other purpose (Young, White, Diggs & Colar, 2016). The standard's requirements including using the virtual private network for the remote access in line with the encryption and password policy of the organization. Only the computerized devices owned by the company are to be granted remote access to the company’s networks

Policy compliance

Compliance with the regulation is to be done through monitoring and internal audits to ensure that each staff adheres to the control and policy. An employee who fails to comply must face disciplinary action from the management.

Related standards

Authorized user policy, Encryption policy, and password policy (Walter, Campagna, Chen & Gill, 2016).

Revision history

Date

Responsible

Summary of Change

November 2017

Head of information technology department

Compliance with the policy is a crucial role that has to be played out by the management to ensure that only the qualified staff members have access to the system. Each computer is to be assigned a specific port number that is used to gain access to the system. Additionally, the staff members who have to obtain n remote access must use the virtual private networks, against which their entry into the system has to be exterminated. The general information gathered by the system involves is of localized employees particulars to achieve the desired output. With the acceptable encryption policy covering even the password policy being in place, it becomes easier to manage those who log in into the system, monitor the traffic of people getting online. The essence is to ensure that the system becomes inaccessible to unauthorized users.

The principal intent of the policy is to protect the intellectual property of the organization. The management of the organization recognizes that either is cyber-attack or collusion from an internal staff of the organization could lead to loss of pertinent data, thus, the need to enhance the security of the system to avert such loss. Therefore, each staff working for te company has to go through the policy and sign that he or she agrees with the terms set in the plan. The stiff penalty that could face any staff violating the policy is being relieved of his or her duties from the company and institution of the legal proceeding. Such is meant to deter the team from leaking out crucial data from the company.

The external attackers pose the most severe threat to the system. The external attackers have the potential of leading to massive data loss through phishing and using bots to access the system. The installation of firewalls and PenTesting are some of re regular measures that have to be done by the information technology department head with the intent of enhancing the integrity of the system. All the non-employees seeking to gain entry into the information system must comply with the third party agreement and must have updated software before gaining access to the software.

The security system that is to be entrenched in the system has to ensure that incidences of eavesdropping, tap and inability to copy data from the systems are enhanced security features within the system that are to improve the integrity of the data and information that has been stored therein. The policy on sharing of information within the system seeks to ensure that only the end user knows the information that is being shared across the network. Such would serve to provide that no unauthorized user has no access to information that is being shared remotely.

The use of VPN to gain access to the information system of Future Technologies only serves to ensure that there is professional access to the system (Asati, Khalid, Cherukuri, Durazzo & Murthy, 2014). The professional use is limited to sharing of staff mails and storage of data that has been gathered. However, retrieving of data calls for passwords and authentification from the head of the information system department.

References

Asati, R., Khalid, M., Cherukuri, S., Durazzo, K. A., & Murthy, S. (2014). U.S. Patent No. 8,650,618. Washington, DC: U.S. Patent and Trademark Office.

Walter, M., Campagna, N., Chen, Y. Z., & Gill, M. S. (2016). U.S. Patent No. 9,306,911. Washington, DC: U.S. Patent and Trademark Office.

Young, C. K., White, T. E., Diggs, M. R., & Colar, G. D. (2016). U.S. Patent Application No. 15/381,433.