Handbook for Security Administrator

High School ・Business ・APA ・4 Sources

Security threats have been an occurring challenge in many organizations today. For this reason, security administrations have been pushed to update their policies and security measures in a bid to protect against future security threats. Developing their security policies helped to defend these organizations from possible threats. The security policies are essential as they guide the organizations and give necessary information on security in case of an attack. (Nieles, Dempsey, & Pillitteri, 2014). The Security measures created should be useful, flexible and should be in line with whatever security challenges the organizations may face.

Policy Statement

Security remains to be one of concerns of this organization. As the Security Administrator, one has the responsibility to ensure the smooth management, integration, coordination and execution of the organization’s security initiatives. Organizational safety requires input from all stakeholders including the employees, visitors, internal and external security personnel all working together to ensure the guarantee of security. The organization provides guidelines in planning and coordination of security activities with all partners in a bid to encourage readiness in an otherwise volatile environment. The policy creates a framework to enable the organization to understand and be ready to deal with possible security threats while ensuring safety at all levels.

Michael Jones

Security Administrator

Purpose of Security Policy

  • Protect the Organization from external and internal security threats.
  • Establish guidelines on the course of action in the event of a security threat.
  • Outline best security practices while ensuring compliance with the policy.
  • Identify the security controls to govern systems in the organization, behavior, and activities of both external and internal personnel.


  • To protect valuable assets, information from unauthorized access or disclosure.
  • To define a set of conditions that help protect the organization’s assets.
  • To protect both internal and external personnel from potential security threats.
  • To limit security liability from either the employees or third parties.


The security policy document designed from the highest level in the organization must have standards. The developed standards will be in line with those outlined in the organization. The standards indicate the technologies and methods that will be used to secure the organization. NIST’s cybersecurity framework is helpful in ensuring that systems used are reliable and can be used to reduce risks (National Institute of Standards and Technology, 2017). The established standards in the organization will be based on;

  • Information security standards
  • Personnel protection standards
  • Standards on Management of Risks
  • Information technology standards
  • Selection of safeguards standards
  • Standards on delegation of duties on Security Functions
  • Standards on Security Awareness training
  • Standards on Management of Security Guards

Section One: Procedures and Guidelines in;

Network Architecture and Security Considerations

The network architecture will be designed in such a way that it incorporates the aspect of access control. Not every user can access the organization’s network. The system will equally be designed to recognize users and devices accessing the network (Cisco, 2017). Limited access will be given to noncompliant users to protect the system from possible breach (Vukalović, & Delija, 2015).

Wireless Security

Products will be put in place by the organization to protect unauthorized access. The system will be designed to have features that facilitate rogue detection as a way of preventing attempts to gain access to the network (Cisco, 2017).

Remote Access Security

An authentication method will be used to allow remote access to the system. Authorized users have a responsibility to uphold in ensuring that appropriate use of the system takes place.

Laptop and Removable Media Security

Employees are not allowed to use personal laptops and removable media on organizational devices. All organizational businesses will be conducted using the company’s devices and strictly for transactional purposes. The use of personal devices will only be allowed in exceptional situations such as when there are no alternatives, but this must be authorized by senior management personnel.

Vulnerability and Penetration Testing

Vulnerability and penetration testing will be done periodically. The activity will be done on a weekly basis. However, this can be done at any given time when new systems are introduced in the organization.

Physical Security

The security guards will be deployed in every section of the organization to ensure the physical security of the users and gadgets in the organization. Security issues that arise will be reported to the nearest security guards for an appropriate course of action.

Guidelines for Reviewing and Changing Policies

Policies will be reviewed on a monthly basis to check their suitability to the changing security conditions. The Security administrator will work in coordination with a team of security professionals to check in such cases.

Section Two: Policies

Acceptable Use Policy

The security administrator working with the network administrators will be in charge of setting up the acceptable use policy which will govern the use of the organization’s network, website, and system. The administrator will equally set the guidelines on the overall usage of the network. The administrator will set rules as to the individuals who will be having access to the network. Employees are expected to adhere to the rules that will have been implemented.

Password Policy

Accessibility to various systems will be governed by the rule of password policy. Users will have passwords provided to them that will help them access the system at their convenience. Each user is expected to keep the password confidential to bar unauthorized access to the system. Passwords will be provided at different security levels so each user can only access the system based on their clearance levels.

Incident Response Policy

Incidences that occur in the organization will be addressed in a vertical manner. The issue will be reported to the immediate departmental head who will then report the same to the senior management. Each of the incidences that occur must be documented for future references. The problem will be recorded and the course of action on the same documented.

User Awareness and Training Policy

Users will be trained on a monthly basis on the proper use of the system. The goal will be to create awareness on the use. This will be done through training in workshops and seminars. The training will be done sequentially to ensure every user is made aware of the security policies in the organization and what to do in the course of potential attack.


The responsibility of maintaining security in the organization will be bestowed on every individual. The policy requires each member to take responsibility to ensure protection from both external and internal threats. Issues that arise should be reported through the established channels as outlined in the Security administration handbook.

Review and Change Management

The security administrator acknowledges the continued changing patterns as regards to the concept of security. In response, the policy will be reviewed on a monthly basis to ensure that it adheres to organizational standards and those established by certified agencies.


Cisco, P. (2017). What Is Network Security?. Cisco. Retrieved 11 March 2017, from http://www.cisco.com/c/en/us/products/security/what-is-network-security.html

National Institute of Standards and Technology. (2017). Framework for Improving. New York: National Institute of Standards and Technology. Retrieved from https://www.nist.gov/news-events/news/2017/01/nist-releases-update-cybersecurity-framework

Nieles, M., Dempsey, K., & Pillitteri, V. Y. (2014). An Introduction to Information Security. New York: Olympia Publishers. Retrieved from http://csrc.nist.gov/publications/drafts/800-12r1/sp800_12_r1_draft.pdf

Vukalović, J., & Delija, D. (2015, May). Advanced Persistent Threats-detection and defense. In Information and Communication Technology, Electronics and Microelectronics (MIPRO), 2015 38th International Convention on (pp. 1324-1330). IEEE.

Get a price
Academic level
Pages *275 words
Total price
$ 0 .00
$ 0 .00

Prices that are easy on your wallet

Our experts are ready to do an excellent job starting at $14.99 per page

What Clients Say About Us
Our Customers Rated UsGreat
Out of 5 Based on 357 Reviews
I experienced difficult times trying to complete huge number of assignments to my university at the same time and you, guys, literally saved me. Everything was done in time and on the highest level! I really appreciate your help.
Essay, History, 12 pages, 7 days, Master's
First time when I placed an order with you, I just lacked time to do all the homework and it was a lot going on in my family. But today I’m doing it sometimes just for fun – I really enjoy communicating with your Customer Support members and just letting myself being a bit lazy
Yuong Lo Mui,
Literature review, IT, 17 pages, 4 days, Master's
My GPA is 4.0 and I’ve always been doing everything myself, but there is a class which I was about to fail thus my GPA would decrease first time in so many years. I ordered few assignments to be completed with GrabMyEssay.com and you did a great job! Thanks to you I still remain one of the best students on campus.
Essay, Politics, 8 pages, 5 days, Junior
I am not used to such services and I usually write all the papers by myself. But this time I got in a very difficult situation and had to order my paper on this website. To my surprise it appeared to be quite good. Thank you, it is really nice service. Think I'll get back to you soon!
Thesis, Management, 34 pages, 14 days, Master's
I am on my maternity leave now, so I spend a lot of time at home taking care of my little son. I’ve decided to get one more higher education degree while I’m spending so much time at home and applied for distance learning in one online college. But caring a baby takes even more time then I excepted so I’m the way too busy to write the complicated masters level research works, but GrabMyEssay.com is so-so-so cool! Thank you for that you exist! I don’t know what I would do without you all!
Essay, Education, 15 pages, 8 days, Master's
I am studying and working at the same time and it is difficult to cope with university assignments as I am very tired after the work day. You service is a salvation for me as it helps to do everything on time. I am really happy about it. Wish you everything the best! Especially my lovely writer 109!
Coursework, Religion, 11 pages, 7 days, Master's

We at GrabMyEssay.com

work according to the General Data Protection Regulation (GDPR), which means you have the control over your personal data. All payment transactions go through a secure online payment system, thus your Billing information is not stored, saved or available to the Company in any way. Additionally, we guarantee confidentiality and anonymity all throughout your cooperation with our Company.

Try our service with 15% Discount for your first order!   Try our service with 15% Discount for your first order!   Try our service with 15% Discount for your first order!  

Order Now